android wallet to webcam client?

[Defkin]

I am still fairly new to BTC so please forgive me if this has been suggested before. My concern is having my BTC secure and easy to use without the headache of use a bootable usb or worry about malware trojans etc.


1. Cheap $50 android pad, no web access ,app that has your private keys and can do transactions (suitably backed up).
2. PC with webcam and a client that keeps track of your transactions plus internet.

Step 1. Display your beneficiaries QR code on the PC's monitor.
Step 2. Use android pad to scan QR code.
Step 3. Carry out transaction and display resulting QR code on pad's screen.
Step 4. Scan Android pad's screen using PC's webcam
Step 5. Client on PC sends transaction to the net.
 
The only communication to the web by the device holding the private keys is via QR code so should be petty much hacker proof.
The inconvenience factor is relativity small in light of other methods such as booting the PC off a USB OS.

What do you think? And better still where can I get the software needed ready made

[Red Emerald]

Sounds exactly like armory's offline transactions.

[VVS dump]

this is totally possible, except that the return of the signed transaction to you computer can not be stored inside a single qr code most of the time. QR codes provide only limited storage, and transactions can be multiple kilobytes in size. this might be possible to circumvent using multiple qr codes in a sequence though.

[Defkin]

this is totally possible, except that the return of the signed transaction to you computer can not be stored inside a single qr code most of the time. QR codes provide only limited storage, and transactions can be multiple kilobytes in size. this might be possible to circumvent using multiple qr codes in a sequence though.

This is good to know, the idea of having my private keys never in contact with the internet has a lot of appeal to me. This way assuming my wallet and PC has been hacked and hopelessly compromised my BTC is still safe? I cannot keep my PC safe between OS day one flaws and clever hackers but I know I can keep a pad or old phone off the net.

Is there any way the transaction data can be messed with once it has been sent back (via 2 x qr codes) to the PC besides just preventing the transaction?

If there is a solid foundation to the concept and interest maybe I can start a bounty on it. I am sure many people have old smartphones etc that can be used for the purpose.

[etotheipi]

I had considered this idea for Armory's offline wallets (webcams to move data around between offline and online devices).  It turns out to be kind complicated and cumbersome, and subject to driver issues because webcams do not always work easily on every OS.  Instead, I've resorted to USB keys between a regular online computer and an offline system.  And a recommendation to update full anti-virus and disable all autorun on the offline computer!  (plus paper backups to ensure even more security against device failure)

It's a million times better than any online-wallet setup.   However, it's only 99.99%, and people with lots of Bitcoins and even more paranoia probably want 100.00%.  Webcams + QR codes would theoretically work, but honestly I think it would be a mess.  Multiple sequential QR codes, driver issues, designing a real-time-feedback UI for using the camera, resolution issues, wires everywhere, etc.   Instead I'm working on a serial-port-based solution right now that really should be 100%.  I just have to investigate exactly how USB-serial-port adapters work, and make sure that there is exactly 0.0% chance of remote code execution based on incoming serial port data.

As you can tell, there's a few folks already using the USB-based solution, and they seem quite happy with it.   Check it out yourself:  
Main Page
Offline Wallet Tutorial
And of course, if you're offering bounties for such a solution, then please consider visiting my crowdfunding page to help me continue this project.  Only 12 hours left!  


EDIT: I realize this solution doesn't use a phone like you suggested, but any old about-to-be-junked laptop will work.  Get one off of craigslist for $40 and disable the wifi card in the BIOS.  In the next couple months, I will be setting up a system for using a phone for two-factor authentication via multi-signature transactions which will be a decent alternative for people who don't want to find/setup/maintain an old laptop for the above solution.

[Andreas Schildbach]

Perhaps this info will help:

Bitcoin Wallet for Android can export/import transactions via QR code. This means you can use an isolated phone for signing, and use a second phone for transmitting into the P2P network.

[Defkin]

Thanks for the replies.

The concept I am looking for is a portable, physically isolated device that I can verify with my own two eyes data that goes in and out.

You hear in the news every day about hacks, data stolen. Even in this community people have had BTC stolen through hacks. NASA and Oak Ridge cannot keep their data safe. Physically isolated systems in nuclear reactors are getting targeted worms through usb sticks......the list goes on.

I understand that the limitation on the web cam idea is a hardware/driver problem. As a compromise would it be feasible to have the android device connect via head phone and use audio? It would be extremely unlikely there is an existing vulnerability in the OS and other software that could be exploited by this communication method.

Have wallet send {receiving address - amount - private key to use} via audio. Android program receives data {display incoming data [user ack] generate payment hash - send to audio}.

You would need a patch audio cable..... but short of making a specific hardware platform I am out of idea atm.

This way I could go to an internet cafe and use a web based wallet and be still be secure by jacking into the headphone socket?

[Defkin]

Perhaps this info will help:

Bitcoin Wallet for Android can export/import transactions via QR code. This means you can use an isolated phone for signing, and use a second phone for transmitting into the P2P network.

so to sign the transaction the 2nd phone will never be connected to net and the only interaction is needs to to see and display the qr codes?

But won't the private keys still be on the 1st phone, the one that connects to the net? So if the hacker steals the private keys off the 1st phone what need would they have to compromise the 2nd?

[Andreas Schildbach]

At least one of the device need to be connected to the Bitcoin P2P network obviously.

There is two devices:

- connected device (to Bitcoin P2P network)
- signing device (interfaces limited to QR or NFC)

You need a fully updated blockchain on the connected device. You create a tx with that device, send the tx to the signing device using QR or NFC, sign, and send back to the connected device. The connected device distributes the tx into the P2P network.

Actually, this usecase is not yet fully implemented by Bitcoin Wallet. But part of it is already there, maybe someone wants to continue on that side project?

[etotheipi]

At least one of the device need to be connected to the Bitcoin P2P network obviously.

There is two devices:

- connected device (to Bitcoin P2P network)
- signing device (interfaces limited to QR or NFC)

You need a fully updated blockchain on the connected device. You create a tx with that device, send the tx to the signing device using QR or NFC, sign, and send back to the connected device. The connected device distributes the tx into the P2P network.

Actually, this usecase is not yet fully implemented by Bitcoin Wallet. But part of it is already there, maybe someone wants to continue on that side project?

What you described is exactly what Armory does with a second computer.  And having an old, spare laptop is probably more likely for many people than having a spare smartphone that's not connected to any network.  That's not to say that it is unnecessary to have such a smartphone client, but I'm telling you that that precise functionality exists in an available program already, using a second computer.

I'm working with a friend on two-factor authentication, to be used with Armory (or any other BIP-0010-supporting program).  There's no reason I can't combine the two ideas to use a smart-phone as the offline signing device.  It will just require transferring the signatures back from the phone to computer.