New HTML5 Wallet with Native QR Code Scanning on iOS: Coin Pocket

[enriquez]

Hello!

Quick demo: http://youtu.be/D0NmeVEz70c

I just published an early version of an HTML5 wallet that I've been working on. It's called Coin Pocket.  It's meant to be used for small portable amounts.  Key generation, signing, storage, etc... is all done on the client side.  It currently relies on Blockchain.info's API (through Yahoo's YQL) for block chain interaction.  It is open source, and you can run Coin Pocket on your own static site server or use the hosted version.

Details on this release: https://github.com/enriquez/coinpocketapp.com/releases/tag/v0.1.0

An official version of Coin Pocket is hosted here: https://btc.coinpocketapp.com

I also wrote an iOS app that is available in the App Store called Scan Code (https://itunes.apple.com/us/app/scan-code-qr-code-reader/id828167977?ls=1&mt=8).  It is simply a QR Code scanner that has the ability to interact with external apps using a custom url scheme.  Coin Pocket can launch Scan Code whenever a qr code is needed to be scanned.  Other wallets/apps can use it too.

Please follow along and contribute on GitHub: https://github.com/enriquez/coinpocketapp.com

Thanks!

Mike Enriquez
Independent Software Developer at Enriquez Software LLC
http://enriquez.me

[maxuser]

It looks good.
But I wonder why you are using Yahoo's YQL since you just need to add cors=true at the end of yours Blockchain.info's query? see: https://blockchain.info/api/blockchain_api CORS headers. The rawaddr, latestblock, unspent, and pushtx APIs are all supported by that.

[enriquez]

It looks good.
But I wonder why you are using Yahoo's YQL since you just need to add cors=true at the end of yours Blockchain.info's query? see: https://blockchain.info/api/blockchain_api CORS headers. The rawaddr, latestblock, unspent, and pushtx APIs are all supported by that.

Thanks!

I tried using CORS (see here https://bitcointalk.org/index.php?topic=168010.msg5582563#msg5582563), but I couldn't get the response to include the CORS header back.

For example, this should come back with a "Access-Control-Allow-Origin" header:

Code:

curl -v -H "Origin: https://btc.coinpocketapp.com" \
  -H "Access-Control-Request-Method: GET" \
  -H "Access-Control-Request-Headers: X-Requested-With" \
  -X GET \
  "https://blockchain.info/rawaddr/1HeGkvDja9GYJcKFgTpNs4LALYFkRd4bWF?cors=true"

Either I'm doing something wrong, or their API doesn't actually support CORS for the endpoints that I need.

[maxuser]

Code:

curl -v -H "Origin: https://btc.coinpocketapp.com" \
  -H "Access-Control-Request-Method: GET" \
  -H "Access-Control-Request-Headers: X-Requested-With" \
  -X GET \
  "https://blockchain.info/multiaddr?active=1HeGkvDja9GYJcKFgTpNs4LALYFkRd4bWF&cors=true"

Use multiaddr instead of rawaddr (it return additional data but all is there in the "wallet" hash).

[enriquez]

You're right maxuser, that would work.  Thanks!

I added an issue to remove YQL here: https://github.com/enriquez/coinpocketapp.com/issues/8

[enriquez]

TL;DR Don't update iOS if you're using Coin Pocket from mobile safari. Wait until the next version of Coin Pocket.

After experimenting with localStorage I found an issue that leads to data loss on iOS.

If you update your iOS to a new version (for example, to the latest 7.1), then your Coin Pocket data in mobile safari will be deleted. If you use Coin Pocket from a web clip on the home screen, the data is safe after updating iOS.

I'm investigating ways to prevent data loss. I didn't want to expose the private key to the user because that adds another way for it to get it stolen, but I may add a backup/restore feature. I may also look into Javascript Database instead of localStorage to see if it is more persistent.

This IS pre-release software, so I don't expect that this has affected anyone, but I'm putting this message out there just in case.

[enriquez]

Re: Data loss on iOS

You can restore from an iTunes or iCloud backup to get the data back.

Restoring from backup: http://support.apple.com/kb/ht1766

[christianlundkvist]

Hi enriquez! Your app looks really slick, and I also like how it interacts with your QR code app.

You say that the Scan Code app has the ability to interact with other apps through a URL scheme, and in your video it looks like when you scan the QR code it jumps directly to safari and your HTML5 app. I downloaded the app but I can't find anywhere to set up the URL scheme, not in the app itself and also not in the main iPhone Settings. How would I set it up?

The reason I'm asking is I've created my own minimalist wallet Bitcoinista that can run inside a Python sandbox in iOS. The wallet can send coins based on a bitcoin URI copied from a QR code app, but it would be awesome if I can use your app to launch Bitcoinista directly after scanning the QR code!

Cheers,
Christian

[BitCoinDream]

Hello!

Quick demo: http://youtu.be/D0NmeVEz70c

I just published an early version of an HTML5 wallet that I've been working on. It's called Coin Pocket.  It's meant to be used for small portable amounts.  Key generation, signing, storage, etc... is all done on the client side.  It currently relies on Blockchain.info's API (through Yahoo's YQL) for block chain interaction.  It is open source, and you can run Coin Pocket on your own static site server or use the hosted version.

Details on this release: https://github.com/enriquez/coinpocketapp.com/releases/tag/v0.1.0

An official version of Coin Pocket is hosted here: https://btc.coinpocketapp.com

I also wrote an iOS app that is available in the App Store called Scan Code (https://itunes.apple.com/us/app/scan-code-qr-code-reader/id828167977?ls=1&mt=8).  It is simply a QR Code scanner that has the ability to interact with external apps using a custom url scheme.  Coin Pocket can launch Scan Code whenever a qr code is needed to be scanned.  Other wallets/apps can use it too.

Please follow along and contribute on GitHub: https://github.com/enriquez/coinpocketapp.com

Thanks!

Mike Enriquez
Independent Software Developer at Enriquez Software LLC
http://enriquez.me

Hey, Mike ...nice app. Can u plz tell me, how come one person get to know the private key of his wallet from this app ?

[enriquez]

Hey, Mike ...nice app. Can u plz tell me, how come one person get to know the private key of his wallet from this app ?

Hi. Thanks.

There's no interface for the user to get their private key. Backups are done by backing up the device. Moving to another wallet is done by sending the Bitcoin.

[BitCoinDream]

Hey, Mike ...nice app. Can u plz tell me, how come one person get to know the private key of his wallet from this app ?

Hi. Thanks.

There's no interface for the user to get their private key. Backups are done by backing up the device. Moving to another wallet is done by sending the Bitcoin.

I guess, u may re-think this part. In general a bitcoiner does not own his coins, unless he owns the private key. Your project seems promising ...So I'm suggesting.

[enriquez]

I guess, u may re-think this part. In general a bitcoiner does not own his coins, unless he owns the private key. Your project seems promising ...So I'm suggesting.

Thanks for the suggestion. Not giving the user direct access to their private key was a conscious decision.

I simply don't trust the user to be able to keep their private key safe outside of Coin Pocket and their device backups. They can do everything they need to do without seeing their private key. They can continue to use Coin Pocket and send transactions even if the server goes offline.

Coin Pocket is meant to be easy to use, so there aren't a lot of advanced features.

[christianlundkvist]

Hi again, about the Scan Code app: From looking at the github code for coin pocket I was able to figure out that you're using an x-callback-url scheme, and I managed to use a URL like this

Code:

'scancode://scan?callback=myapp://'

to go from MyApp to Scan Code and then back again to MyApp after it scans. It seems you also have a field scancode-callback-path. Is this to get back the results of the scan? Would I use a URL like

Code:

'scancode://scan?callback=myapp://arg=scancode-callback-path'

or something like that to get the result of the scan into MyApp? Is there some documentation of the URL scheme somewhere?

Thanks again,
Christian

[enriquez]

Hey Christian,

There are no docs, and it isn't using x-callback-url. I didn't know about that spec when I did Scan Code. Maybe for a future update...

You have the right URL to launch Scan Code.

Code:

scancode://scan?callback=myapp://some.callback/url/path

Scan Code will open the callback url while appending a `code` param

Code:

myapp://some.callback/url/path?code=urlEncodedQrCodeData

Your app can then parse the query string for the `code` param. I don't know how flexible Pythonista is, but you would need to hook into the AppDelegate's `application:openURL:sourceApplication:annotation`.

Let me know how it works out for you!

[christianlundkvist]

Hi again,

Thanks for the info! It's clearer now what's going on. I guess I misunderstood what x-callback-url is, I thought it was what allows you to send these url callback type messages between apps in the first place, but apparently it's more of a standard for how to format these messages in a uniform way. I need to read up a bit on the Pythonista URL scheme to see if I can parse out the ?code=XXX in a good way.

Cheers,
Christian

[R2D221]

Is this app iOS-specific? I tried using it on Windows Phone, but it gives me an error about a secure random number generator nor being present.

[enriquez]

Is this app iOS-specific? I tried using it on Windows Phone, but it gives me an error about a secure random number generator nor being present.

Coin Pocket is not iOS specific, but it does have some browser requirements including a secure random number generator. The browser on a Windows Phone may have one that is compatible, but I'll have to research and test it out.

[christianlundkvist]

I looked into the Pythonista URL scheme and it looks like the only supported use cases are things like

Code:

pythonista://MyScript?action=run

and

Code:

pythonista://MyScript?action=run&argv=myargs

so it doesn't really look like it can pick up the ?code=xxx flag. No big deal though, it's still my favorite scan app, the one-click copy to clipboard is great!

[minimalB]

Is there a particular reason why your QR scanner works only with iOS7+?

[enriquez]

Is there a particular reason why your QR scanner works only with iOS7+?

iOS 7 is the current version of iOS. Most users have it already, and it's a free update.

I'd recommend updating iOS if you do anything with Bitcoin. There are known vulnerabilities in older versions.