[ANN] Ninki Wallet: Sneak Preview

[Ninki-Ben]

Introduction to Ninki Wallet, an Open PGP Wallet Network.

A Wallet that removes the need for copying/pasting/QR coding Bitcoin addresses!

This video gives a brief introduction to the main features. Next week I will publish more videos going inot the details of how it works, and also many more features.

The wallet is currently in Alpha Testing on the Bitcoin Testnet network

(You might need to set your youtube settings to high quaility as Google have been messing around with things recently)

http://www.youtube.com/watch?v=uGmpfn3tCKA

[Ninki-Ben]

Ninki Wallet: Connecting with your contacts

https://www.youtube.com/watch?v=u4b9neosTg8

Part 2 of the series goes though creating a wallet and connecting with a contact

[🏰 TradeFortress 🏰]

Please explain why your wallet creation code is obfuscated (not just minified). Are you hiding something, like the code secretly sending back the password?

createwallet.min.js:
var _0x6176=["\x75\x73\x65\x20\x73\x74\x72\x69\x63\x74","\x45\x6C\x65\x6D\x65\x6E\x74\x20\x6E\x6F\x74\x20\x73\x70\x65\x63\x69\x66\x69\x65\x64","\x76\x34","\x76\x61\x6C","\x67\x75\x69\x64","\x47\x75\x69\x64\x20\x6E\x6F\x74\x20\x73\x70\x65\x63\x69\x66\x69\x65\x64","\x4E\x6F\x74\x20\x61\x20\x47\x55\x49\x44","\x43\x61\x6C\x6C\x62\x61\x63\x6B\x20\x6E\x6F\x74\x20\x73\x70\x65\x63\x69\x66\x69\x65\x64","\x47\x55\x49\x44\x20\x69\x73\x20\x6E\x6F\x74\x20\x76\x61\x6C\x69\x64","\x46\x61\x69\x6C\x65\x64\x20\x74\x6F\x20\x67\x65\x74\x20\x70\x75\x62\x6C\x69\x63\x20\x6B\x65\x79\x20\x66\x72\x6F\x6D\x20\x75\x70\x73\x74\x72\x65\x61\x6D\x20\x73\x65\x72\x76\x65\x72\x2E","\x6E\x69\x63\x6B\x6E\x61\x6D\x65","\x70\x61\x73\x73\x77\x6F\x72\x64","\x50\x75\x62\x4B\x65\x79\x20\x6E\x6F\x74\x20\x73\x70\x65\x63\x69\x66\x69\x65\x64","\x67\x65\x74\x52\x61\x6E\x64\x6F\x6D\x56\x61\x6C\x75\x65\x73","\x63\x72\x79\x70\x74\x6F","\x6C\x65\x6E\x67\x74\x68","\x62\x79\x74\x65\x73\x54\x6F\x57\x6F\x72\x64\x41\x72\x72\x61\x79","\x63\x6F\x6E\x76\x65\x72\x74","\x43\x72\x79\x70\x74\x6F","\x74\x65\x73\x74\x6E\x65\x74","\x66\x72\x6F\x6D\x53\x65\x65\x64\x53\x74\x72\x69\x6E\x67","\x48\x44\x57\x61\x6C\x6C\x65\x74","\x20","\x66\x72\x6F\x6D\x53\x65\x65\x64\x48\x65\x78","\x67\x65\x6E\x65\x72\x61\x74\x65\x4B\x65\x79\x50\x61\x69\x72","\x70\x72\x69\x76\x61\x74\x65\x4B\x65\x79\x41\x72\x6D\x6F\x72\x65\x64","\x72\x65\x61\x64\x41\x72\x6D\x6F\x72\x65\x64","\x6B\x65\x79","\x70\x75\x62\x6C\x69\x63\x4B\x65\x79\x41\x72\x6D\x6F\x72\x65\x64","","\x6C\x6F\x67","\x2F\x61\x70\x69\x2F\x31\x2F\x75\x2F\x63\x72\x65\x61\x74\x65\x61\x63\x63\x6F\x75\x6E\x74","\x62\x6F\x64\x79","\x6D\x61\x74\x63\x68","\x46\x61\x69\x6C\x65\x64\x20\x74\x6F\x20\x67\x65\x74\x20\x70\x75\x62\x6C\x69\x63\x20\x6B\x65\x79\x20\x66\x72\x6F\x6D\x20\x75\x70\x73\x74\x72\x65\x61\x6D\x20\x73\x65\x72\x76\x65\x72\x2E\x20\x28\x49\x6E\x76\x61\x6C\x69\x64\x20\x72\x65\x71\x75\x65\x73\x74\x20\x66\x6F\x72\x6D\x61\x74\x29","\x70\x61\x72\x73\x65","\x55\x73\x65\x72\x54\x6F\x6B\x65\x6E","\x4E\x69\x6E\x6B\x69\x4D\x61\x73\x74\x65\x72\x50\x75\x62\x6C\x69\x63\x4B\x65\x79","\x46\x61\x69\x6C\x65\x64\x20\x74\x6F\x20\x67\x65\x74\x20\x70\x75\x62\x6C\x69\x63\x20\x6B\x65\x79\x20\x66\x72\x6F\x6D\x20\x75\x70\x73\x74\x72\x65\x61\x6D\x20\x73\x65\x72\x76\x65\x72\x2E\x20\x28\x49\x6E\x76\x61\x6C\x69\x64\x20\x4A\x53\x4F\x4E\x29","\x2F\x61\x70\x69\x2F\x31\x2F\x75\x2F\x64\x6F\x65\x73\x75\x73\x65\x72\x6E\x61\x6D\x65\x65\x78\x69\x73\x74"];_0x6176[0];function fillElementWithGuid(_0xb879x2){assert(_0xb879x2,_0x6176[1]);_0xb879x2[_0x6176[3]](uuid[_0x6176[2]]());} ;function makeNewWalletLocally(_0xb879x4,_0xb879x5){assert(_0xb879x4[_0x6176[4]],_0x6176[5]);assert(isRealGuid(_0xb879x4[_0x6176[4]]),_0x6176[6]);assert(_0xb879x5,_0x6176[7]);assert(isRealGuid(_0xb879x4[_0x6176[4]]),_0x6176[8]);getMasterPublicKeyFromUpstreamServer(_0xb879x4[_0x6176[4]],function (_0xb879x6,_0xb879x7,_0xb879x8){if(_0xb879x6){return _0xb879x5(_0xb879x6,_0x6176[9]);} else {makeNewWalletLocallyInner(_0xb879x4[_0x6176[4]],_0xb879x4[_0x6176[10]],_0xb879x4[_0x6176[11]],_0xb879x7,_0xb879x8,function (_0xb879x6,_0xb879x9){if(_0xb879x6){return _0xb879x5(_0xb879x6,response);} else {return _0xb879x5(_0xb879x6,_0xb879x9,_0xb879x8);} ;} );} ;} );} ;function makeNewWalletLocallyInner(_0xb879xb,_0xb879xc,_0xb879xd,_0xb879x7,_0xb879x8,_0xb879x5){assert(_0xb879xb,_0x6176[5]);assert(_0xb879x7,_0x6176[12]);assert(isRealGuid(_0xb879xb),_0x6176[6]);assert(_0xb879x5,_0x6176[7]);assert(isRealGuid(_0xb879xb),_0x6176[8]);var _0xb879xe= new Uint8Array(32);window[_0x6176[14]][_0x6176[13]](_0xb879xe);var _0xb879xf=[];for(var _0xb879x10=0;_0xb879x10<_0xb879xe[_0x6176[15]];++_0xb879x10){_0xb879xf[_0xb879x10]=_0xb879xe[_0xb879x10];} ;var _0xb879x11= new Uint8Array(32);window[_0x6176[14]][_0x6176[13]](_0xb879x11);var _0xb879x12=[];for(var _0xb879x10=0;_0xb879x10<_0xb879x11[_0x6176[15]];++_0xb879x10){_0xb879x12[_0xb879x10]=_0xb879x11[_0xb879x10];} ;var _0xb879x13=Bitcoin2[_0x6176[18]].SHA256(Bitcoin2[_0x6176[17]][_0x6176[16]](_0xb879xf)).toString();var _0xb879x14=Bitcoin2[_0x6176[21]][_0x6176[20]](_0xb879x13,_0x6176[19]);var _0xb879x15=_0xb879x14.toString(_0x6176[22]);var _0xb879x16=_0xb879x14.toString();var _0xb879x17=Bitcoin2[_0x6176[18]].SHA256(Bitcoin2[_0x6176[17]][_0x6176[16]](_0xb879x12)).toString();var _0xb879x18=Bitcoin2[_0x6176[21]][_0x6176[23]](_0xb879x17,_0x6176[19]);var _0xb879x19=_0xb879x18.toString(_0x6176[22]);var _0xb879x1a=_0xb879x18.toString();var _0xb879x1b={numBits:1024,userId:_0xb879xc,passphrase:_0xb879xd};var _0xb879x1c=openpgp[_0x6176[24]](_0xb879x1b);var _0xb879x1d=openpgp[_0x6176[27]][_0x6176[26]](_0xb879x1c[_0x6176[25]]);var _0xb879x1e=openpgp[_0x6176[27]][_0x6176[26]](_0xb879x1c[_0x6176[28]]);var _0xb879x1f=encrypt({coldPub:_0xb879x16,hotPub:_0xb879x1a,ninkiPubKey:_0xb879x7,hotPriv:_0xb879x19,userToken:_0xb879x8},_0xb879xd,_0xb879xb);var _0xb879x20=encrypt({RSAPriv:_0xb879x1c[_0x6176[25]],RSAPub:_0xb879x1c[_0x6176[28]]},_0xb879xd,_0xb879xb);var _0xb879x21={guid:_0xb879xb,payload:_0xb879x1f.toString(),userPublicKey:_0xb879x1c[_0x6176[28]],userPayload:_0xb879x20.toString(),hotPublicKey:_0xb879x1a,coldPublicKey:_0xb879x16,nickName:_0xb879xc,firstName:_0x6176[29],lastName:_0x6176[29]};var _0xb879x9={wallet:_0xb879x21,coldWalletPhrase:mn_encode(_0xb879x13),hotWalletPhrase:mn_encode(_0xb879x17),sharedid:_0xb879x8};console[_0x6176[30]](_0xb879x13,_0xb879x17);return _0xb879x5(null,_0xb879x9);} ;function getMasterPublicKeyFromUpstreamServer(_0xb879xb,_0xb879x5){assert(_0xb879xb,_0x6176[5]);assert(_0xb879x5,_0x6176[7]);assert(isRealGuid(_0xb879xb),_0x6176[6]);var _0xb879x23={guid:_0xb879xb};return post(_0x6176[31],_0xb879x23,function (_0xb879x6,_0xb879x24){if(_0xb879x6){return _0xb879x5(_0xb879x6,_0xb879x24);} else {if(!_0xb879x24[_0x6176[32]]||_0xb879x24[_0x6176[32]][_0x6176[33]](/Request format is invalid/)){return _0xb879x5(true,_0x6176[34]);} ;} ;var _0xb879x25=JSON[_0x6176[35]](_0xb879x24[_0x6176[32]]);var _0xb879x8=_0xb879x25[_0x6176[36]];var _0xb879x26=_0xb879x25[_0x6176[37]];if(!_0xb879x25[_0x6176[36]]){return _0xb879x5(true,_0x6176[38]);} else {return _0xb879x5(null,_0xb879x26,_0xb879x8);} ;} );} ;function doesUsernameExist(_0xb879x28,_0xb879x5){var _0xb879x23={username:_0xb879x28};post(_0x6176[39],_0xb879x23,function (_0xb879x6,_0xb879x24){if(_0xb879x6){return _0xb879x5(_0xb879x6,_0xb879x24);} else {return _0xb879x5(null,JSON[_0x6176[35]](_0xb879x24));} ;} );} ;

[Ninki-Ben]

This is just for the Alpha test (on Testnet). Once I am happy with the state of the code it will be published open source (the client side parts) and the Javascript files will be minified, rather than obfuscated.

Cheers

Ben

[dabura667]

Very nice wallet.

1. Open sourcing it during alpha will help a lot with testing imo.

2. This could be the Coinbase of on-chain decentralized wallets! (After looking at your FAQ etc. I feel like your wallet is DarkWallet and Greenaddress.it having a love child, minus the stealth addresses.)

3. That being said, having to copy / paste a fingerprint over will likely confuse a lot of newbies. I would suggest using the 20 bytes fingerprint and encode with BIP39, then reverse the encoding process on the receivers end. That way it's more pleasant to the eyes of a non-techie, and there's a checksum included in case they copy and paste it wrong or forget a word. (not to mention if the word is cut off it won't exist in the wordlist, so there's another way to check.)

I will try it out with some friends from our local meetup.

[Ninki-Ben]

thanks dabura667

3. That being said, having to copy / paste a fingerprint over will likely confuse a lot of newbies. I would suggest using the 20 bytes fingerprint and encode with BIP39, then reverse the encoding process on the receivers end. That way it's more pleasant to the eyes of a non-techie, and there's a checksum included in case they copy and paste it wrong or forget a word. (not to mention if the word is cut off it won't exist in the wordlist, so there's another way to check.)

Love the idea! Will try and get it in the next alpha release later this week.

Cheers

Ben

[Ninki-Ben]

dabura667

I've implemented this and it works great, the only thing I don't like is that some of the words are pretty negative, e.g. suicide and will be on their homepage forever, so I propose to replace some of the words with "happy ones", I assume this will make the method non-standard but as this is not for Bitcoin keys and rather a site specific validation procedure I don't see this as a big issue. Any thoughts?

Cheers

Ben

[dabura667]

dabura667

I've implemented this and it works great, the only thing I don't like is that some of the words are pretty negative, e.g. suicide and will be on their homepage forever, so I propose to replace some of the words with "happy ones", I assume this will make the method non-standard but as this is not for Bitcoin keys and rather a site specific validation procedure I don't see this as a big issue. Any thoughts?

Cheers

Ben

The BIP0039 protocol is made to be interchangable. The idea is that eventually any language in UTF-8 can create their own language's word list.

If you went through switching bad / negative / not-clean-for-mommy type words out. (hey, kids will use Bitcoin someday, so why not)

Try pull requesting bitcoin/BIPS to add the Clean-English.txt list.

I am all for it!

Edit: Just remember to read the "rules" that were followed when choosing words. I think one of them was "no two words will have the same first four letters" or something.

Plop the list into Excel, slap an ordering column next to them (numbered from 1 to 2048) and turn on the filter. Maybe add some columns to the side with a =LEFT(<celltotheleft>, 4) to just cut off the first 4 letters and see if the four letters at the beginning of the word you want to add is in the list etc.

[dabura667]

I've implemented this and it works great

Btw when will it go live. I am very excited to see how it looks with the aesthetic of your wallet.

Also, I assume that it checks the checksum when inputting the worded phrase. That is going to help a lot imo.

[nwfella]

Liking the interface.  Good job, will be keeping a lookout for it on github

[dabura667]

Noticed the site is down.

Any updates as to when it'll be back up?

[Ninki-Ben]

I was moving nameservers so the site was down for a while. I am hoping to do the alpha 2 release next week, and hopefully open source the javascript at the same time for review.

I will look at the "clean" word lists for the beta release I think, thanks for your advice on how to approach it.

Cheers

Ben

[Ninki-Ben]

Alpha 2 is live:

Mainly code reworking but new features include:

- Email verification on signup, authenticator setup
- Recover your guid
- Reset a lost authenticator
- Change password
- Invoices - create an invoice for a contact, receive invoices, pay/reject invoices
- Fingerprint is now a Ninki phrase (see above thread)
- Lots of bug fixes

I haven't made as much progress as I would like on tidying up the code and getting it on github. This is my priority number one before the next and final alpha release.

One final thing, all accounts from alpha 1 have been deleted as there was a significant change to the data structure. New accounts will have to  be created for testing.

Cheers

Ben

[Ninki-Ben]

Postponing alpha testing pending some infrastructure upgrades. Should be done within 1 business day.

Cheers

Ben

[Ninki-Ben]

Upgrade done. Site back online for testing.

[BiTJack]

By the way if anyone's wondering where's the weblink it's ninkip2p.com/.
Couldn't find it in thread so have to looks in youtube's video description.

[Ninki-Ben]

BiTJack, thanks! 

[BuGGuru]

Alpha 2 is live:

Mainly code reworking but new features include:

- Email verification on signup, authenticator setup
- Recover your guid
- Reset a lost authenticator
- Change password
- Invoices - create an invoice for a contact, receive invoices, pay/reject invoices
- Fingerprint is now a Ninki phrase (see above thread)
- Lots of bug fixes

I haven't made as much progress as I would like on tidying up the code and getting it on github. This is my priority number one before the next and final alpha release.

One final thing, all accounts from alpha 1 have been deleted as there was a significant change to the data structure. New accounts will have to  be created for testing.

Cheers

Ben

Do old accounts dont work anymore or do i something wrong with my credentials?

[gogodr]

I  have a question, will the platform need the wallet data stored in your main servers?
because if so, there you have the biggest liability wall. People will have to trust you their wallet data.
One easy solution would be to have the platform only track the accounts data and make a desktop application wallet that uses a secondary layer to generate the addresses as you see fit, without the need of trusting you their wallet data.

[Ninki-Ben]

The wallet works in the same way as blockchain.info in terms of data storage, however our wallet is a 2 of 3 multi-sig so it is a little more involved.

There are three keys:
One stored online by you on our servers- encrypted by you. We cannot know what this data is.
One stored offline by you. This is backed up when you create the wallet. We cannot know what this is.
One stored encrypted on our servers by us. On it's own this is not enough to spend any funds in the wallet.

If our servers get compromised, the attackers still can't spend the funds as they would have to crack our encryption and your encryption. This is the same as blockchain.info currently apart from they have a single key.

So you are right in terms of trusting us to keep our services up and running, but we don't have control over your wallet. You have ultimate control. All key creation and transaction signing is done in the browser/device locally and we will open source the code-base to prove it.

In the event our service goes offline you can reclaim all your funds by using your online and offline key.

Happy to provide more details.

Cheers

Ben