Bitcoin Core signing offline after the keypool of 1000 question

[TracaChang]

Hello

Assuming the following setup:

- Dedicated offline PC with bitcoin core, wallet created and export parent_desc
- Daily use PC with bitcoin core synced, parent_desc imported with importdescriptors, it allows me to create receveing addresses and create unsigned tx, so after creating a psbt, bring to the offline pc, sign and bring back to online pc to broadcast.

When importing descriptors, the default keypool is 1000 so I do understand that 1000 addresses are automatically generated by default.

My question is, what would happen after 1000 addresses are used? Since all addresses have been generated using the watch wallet only (with the descriptors imported), offline wallet has no more data than the original 1000 keypool, will it able to find the key to sign? Or since I  have past the keypool limit of 1000 I would have to generate more addresses in the offlinewallet in order to be able to sign?

Thank you.

[1714653508]

1714653508

[1714653508]

1714653508

[1714653508]

1714653508

[BitMaxz]

I think it won't be able to find the key to sign, Bitcoin core keypool size is limited to 1000 addresses by default.

But you can adjust your keypool size above the 1000 limit by adding this command below on Bitcoin.conf

Code:

keypool=1001

Change the number how much addresses size your want more than 1000. Or you can use this command -keypool=<n> just replace <n> more than 1000.

Do this in your offline wallet before you export parent_desc and import it to your online Bitcoin core watch-only wallet.

[TracaChang]

Thank you BitMaxz!

[nc50lc]

Alternatively, you can refill the keypool on-the-fly with the command: keypoolrefill <new keypool size>
You can also set your desired keypool size right when you import the descriptor, it should be inputted in the value of \"range\": [start,end]. (e.g.: \"range\": [0,2999])

Assuming the following setup:

- Dedicated offline PC with bitcoin core, wallet created and export parent_desc
- Daily use PC with bitcoin core synced, parent_desc imported with importdescriptors, it allows me to create receveing addresses and create unsigned tx, so after creating a psbt, bring to the offline pc, sign and bring back to online pc to broadcast.
-snip-

Have you tested the set-up yet?
Problem with the setup is: the offline PC wont be able to sign those transactions.
Without the blockchain, "signrawtransactionwithwallet" will fail and you'll get the error message: "error": "Input not found or already spent" regardless of the presence of the associated key or descriptor in the wallet; also with "walletprocesspsbt", it wont be able to sign and will return with "false".

The workaround is to plug an external drive which contains the blockchain so the offline PC can scan it whenever you need to sign a new transaction.

[TracaChang]

Alternatively, you can refill the keypool on-the-fly with the command: keypoolrefill <new keypool size>
You can also set your desired keypool size right when you import the descriptor, it should be inputted in the value of \"range\": [start,end]. (e.g.: \"range\": [0,2999])

Assuming the following setup:

- Dedicated offline PC with bitcoin core, wallet created and export parent_desc
- Daily use PC with bitcoin core synced, parent_desc imported with importdescriptors, it allows me to create receveing addresses and create unsigned tx, so after creating a psbt, bring to the offline pc, sign and bring back to online pc to broadcast.
-snip-

Have you tested the set-up yet?
Problem with the setup is: the offline PC wont be able to sign those transactions.
Without the blockchain, "signrawtransactionwithwallet" will fail and you'll get the error message: "error": "Input not found or already spent" regardless of the presence of the associated key or descriptor in the wallet; also with "walletprocesspsbt", it wont be able to sign and will return with "false".

The workaround is to plug an external drive which contains the blockchain so the offline PC can scan it whenever you need to sign a new transaction.

Hi first, of all thanks the tip!

Yes I have tested the setup of course.
PC offline is able to sign transactions without blockchain since it has all info needed thanks to parent_desc and psbt.

I've done a tutorial step by step if you are interested.
https://medium.com/@ChangTraca/bitcoin-core-as-cold-storage-sign-transactions-offline-and-generate-receiving-addresses-from-the-f0b2de8436b5

[nc50lc]

Alternatively, you can refill the keypool on-the-fly with the command: keypoolrefill <new keypool size>

Hi first, of all thanks the tip!
-snip-
I've done a tutorial step by step if you are interested.
https://medium.com/@ChangTraca/bitcoin-core-as-cold-storage-sign-transactions-offline-and-generate-receiving-addresses-from-the-f0b2de8436b5

No problem,
Thanks for the link too, I missed the \"watchonly\": true, argument that can make a proper watching-only wallet.
What I've been using in my test is the console and various commands to manually make a PSBT that'll be imported to the offline machine.
Anyways, since we're at it, I'd like to add a step to that tutorial to include the change (internal) addresses so you wont have to manually add a change address in every transaction that needs change.

To get the "parent descriptor" for the change addresses, use the command listdescriptors.
The one for the change addresses has "internal": true," result | also pick the script type of your choice.
Then import it the same way you've imported the receiving addresses' parent descriptor.

[TracaChang]

Anyways, since we're at it, I'd like to add a step to that tutorial to include the change (internal) addresses so you wont have to manually add a change address in every transaction that needs change.

To get the "parent descriptor" for the change addresses, use the command listdescriptors.
The one for the change addresses has "internal": true," result | also pick the script type of your choice.
Then import it the same way you've imported the receiving addresses' parent descriptor.

Sure, I am going to update the tutorial.

So yeah with listdescriptors I find 2 parent descriptors with the same path 84' one with internal false being used as receiving addresses used in tutorial and another with internal true for change addresses.

I will do one more test and update it.

Thanks

[TracaChang]

@nc50lc tutorial updated with the step to add the change descriptor and a mention for your help  

[TracaChang]

I think it won't be able to find the key to sign

You are right, just tested and will not find the key.

Alternatively, you can refill the keypool on-the-fly with the command: keypoolrefill <new keypool size>

Refill on-the-fly it is definitely the best solution.

To test it, I edit bitcoin.conf with keypool=3, I generate a wallet, when I type "listdescriptors" it shows range [0,2] and I import the descriptor to a watch only wallet with range [0,999].
With the watch only I create 4 receiving address, with the command "getaddressinfo" the first 3 addresses:

Code:

"ismine": true,
  "solvable": true,

"getaddressinfo" withe the 4th address:
getaddressinfo bc1qqdpe3fq7vqza7z9zquc7fedp7jkgvjruskhlrn

Code:

{
  "address": "bc1qqdpe3fq7vqza7z9zquc7fedp7jkgvjruskhlrn",
  "scriptPubKey": "0014034398a41e6005df08a20731e4e5a1f4ac86487c",
  "ismine": false,
  "solvable": false,
  "iswatchonly": false,
  "isscript": false,
  "iswitness": true,
  "witness_version": 0,
  "witness_program": "034398a41e6005df08a20731e4e5a1f4ac86487c",
  "ischange": false,
  "labels": [
  ]
}

Then I just refill the keypool with "keypoolrefill 10" and type again:
getaddressinfo bc1qqdpe3fq7vqza7z9zquc7fedp7jkgvjruskhlrn

Code:

{
  "address": "bc1qqdpe3fq7vqza7z9zquc7fedp7jkgvjruskhlrn",
  "scriptPubKey": "0014034398a41e6005df08a20731e4e5a1f4ac86487c",
  "ismine": true,
  "solvable": true,
  "desc": "wpkh([edd03c2d/84'/0'/0'/0/3]030297ae103edc4b156bc35d5b3c047ebcd6bca10ce8cf9e33ef90fe39918e7a7f)#mhhfrenc",
  "parent_desc": "wpkh([edd03c2d/84'/0'/0']xpub6D4Xg4No2w9q8nwGGDPa2R1UruBtGrb7VsNBS394qg5bMdzibkcM1ziwN8J2Pc9rPA3c2QE6k23qt6cKioJgRMahN6AY6oAQDkqWgYYMnqb/0/*)#7nsk7kfc",
  "iswatchonly": false,
  "isscript": false,
  "iswitness": true,
  "witness_version": 0,
  "witness_program": "034398a41e6005df08a20731e4e5a1f4ac86487c",
  "pubkey": "030297ae103edc4b156bc35d5b3c047ebcd6bca10ce8cf9e33ef90fe39918e7a7f",
  "ischange": true,
  "timestamp": 1650271498,
  "hdkeypath": "m/84'/0'/0'/0/3",
  "hdseedid": "0000000000000000000000000000000000000000",
  "hdmasterfingerprint": "edd03c2d",
  "labels": [
  ]
}