edit: i managed to get something similar to this setup with the armory client, a serial cable and a little perl socket io.
Do tell! I would like some pictures and a longer description. Pretty please?
Sure no problem,
Do you mean like a setup guide or data flow? i more or less tried to implement what death and taxes has already posted for the poor mans hsm. I was not trying to secure anything, just prove to myself that the armory client can handle this with little extra work.
So the devices you mention know how to take a set of internal ECC private keys and an output address provided by the host, determine the value of the keys, verify the transaction against business rules (velocity, tx volume, time), then generate the public key from the private key, create the Bitcoin transaction and sign it, and output only the signed transaction.
a payment address
value of various addresses
Business rule counters
Signed bitcoin tx.
I intend to address all the issues, but for the moment i just wanted to make sure that the concept would work before i invested any more time in it. I would like to add similar functionality to having an edge (remote card reader that has administration control of the device, but no access to keys) and the poor mans hsm.
I havent properly checked the armory documentation or even seen if it has an api. (it is open source though...) I feel it is necessary to pointout how integral the armory client is to this, without that this would be a massive task. as it is, he has done all the hard work, and bitcoined it up. It is an amazing tool.
if that guy ever wants to earn serious cash he should apply to the likes of ncipher or thales as a systems architecht using armory as a demo pitch, they would snap him up. I am really surprised there are not more public partnerships between him and sites. maybe that will change.
So far I have only done some minor proof of concept perl scripts and am completely relying on the integrity of the armory client.
(a quick overview of how the armory client works)http://bitcoinarmory.com/index.php/start-page/what-is-armory/features
I knocked up a perl script using win32::guitest to drive the armory gui. (it literally clicks the buttons, i am a tester and test scripting is quicker for me...)
So the online machine has no sensitive information on it(per armory faq), it checkes an email box, then based off that is generates an offline transaction this is then passed to a different perl script that sole purpose is to spout data over serial to a receiving script on machine B. machine b has the offline private key. The script on machine B checks the transaction against the rules it has (at the moment that is just it is a testnet address and the amount is less than 5btc) then it signs the transaction and passes this to back to machine A, machine A checks this again against its validation rules (just sanity checks, these can be manipulated) then squirts it out over the network.
I did this in about an hour or so.
So the concept works. and 90% of the hard work has already been done to get a quick and dirty implementation up and running.
I would like to add much more to this and do it in python so it can interact with the actual armory client rather than just driving the mouse and keyboard. If you are interested I can tidy up the code a bit and share it with you? maybe wait until I have something that functions a bit better?
I changed the air gap for a serial cable, and rather than me clicking on buttons i did it with a perl script.
Hope this helps.