BTCPrivate
/
bitcore-wallet-service
mirror of https://github.com/BTCPrivate/bitcore-wallet-service.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
480 Commits 7 Branches 10 Tags 3.5 MiB
JavaScript 99.8%
Shell 0.2%
Go to file
Matias Alejo Garcia 327c38e126 export storage 2 2015-03-03 19:33:29 -03:00
db . 2015-02-24 14:43:46 -03:00
lib splitted repo. test passing 2015-03-03 18:48:10 -03:00
test splitted repo. test passing 2015-03-03 18:48:10 -03:00
.coveralls.yml Create .coveralls.yml 2015-02-20 12:13:02 -03:00
.gitignore . 2015-02-24 14:43:46 -03:00
.travis.yml add coveralls to travis 2015-02-21 15:27:30 -03:00
Makefile add phony 2015-02-20 13:59:42 -03:00
README.md Merge pull request #98 from matiaspando/fix/typos 2015-03-03 18:38:05 -03:00
app.js WIP, supertest testing 2015-02-19 17:39:04 -03:00
index.js export storage 2 2015-03-03 19:33:29 -03:00
package.json splitted repo. test passing 2015-03-03 18:48:10 -03:00

README.md

bitcore-wallet-service

Build Status Coverage Status

A Multisig HD Wallet Service, with minimum trust.

Quick Guide

 # Install dependencies
 npm install

 # Start BWS
 npm start
 
 # Try the CLI interface
 cd bit-wallet
 
 # Create a 2-of-2 wallet (john.dat is the file where the wallet critical data will be stored, add -t for testnet)
 ./bit create 2-2 john 
  * Secret to share:
    JevjEwaaxW6gdAZjqgWcimL525DR8zQsAXf4cscWDa8u1qKTN5eFGSFssuSvT1WySu4YYLYMUPT
 ./bit status
 
 # Use -h or BIT_HOST to setup the BWS URL .
 # Use -f or BIT_FILE to setup the wallet data file
 
 # Join the wallet from other copayer
   ./bit -f pete.dat join JevjEwaaxW6gdAZjqgWcimL525DR8zQsAXf4cscWDa8u1qKTN5eFGSFssuSvT1WySu4YYLYMUPT
   
   export BIT_FILE=pete.dat
   ./bit -f pete.dat status

 # Generate addresses to receive money
   ./bit address
   * New Address 3xxxxxx

 # Check your balance
   ./bit balance
   
 # Spend coins. Amount can be specified in btc, bit or sat (default)
   ./bit send 1xxxxx 100bit "100 bits to mother"

 # You can use 100bit or 0.00001btc or 10000sat.  (Set BIT_UNIT to btc/sat/bit to select output unit).

 # List pending TX Proposals
   ./bit status
   
 # Sign or reject TXs from other copayers
   ./bit -f pete.dat reject <id>
   ./bit -f pete.dat sign <id>

 # List transaction history
   a few minutes ago: => sent 100 bit ["100 bits to mother" by pete] (1 confirmations)
   a day ago: <= received 1,400 bit (48 confirmations)
   a day ago: <= received 300 bit (52 confirmations)
   
 # List all commands:
  ./bit --help

Local data

Copayers store their extended private key and their copayers' extended public key locally. We call this the Wallet Critical Data. Extended private keys are never sent to BWS.

Password protection

Local data can be encrypted by the bit-wallet. Use the -n parameter to define the access level permited for no password operation. Available access levels are: none (password is required for everything, localfile is fully encrypted) readonly, readwrite and full (password is not ever required, local file is fully unencrypted) .

# encrypts everything by default
bit create myWallet 2-3 --nopasswd none  
Password:

# allows readonly operations without password (encrypts xpriv, and leave readonlySigningKey unencrypted)
bit create myWallet 2-3 -p --nopasswd readonly

# allows readwrite operations without password (only encrypts xpriv)
bit create myWallet 2-3 -p --nopasswd readwrite

Advanced Operation

Mobility

You can safely access a wallet from different devices. Just copy the wallet file (bit.dat by default). If you need to reduce the file to the minimum (for example to fit it on a QR) or change its access level (by removing certain data on it), see export in the following section.

Export, with different access levels

It is possible to export a wallet with restricted access level. The levels are:

    readonly : allows to read wallet data: balance, tx proposals 
    readwrite: + allows to create addresses and unsigned tx proposals 
    full     : + allows sign tx proposals

readonly will only export the Wallet's Extended PublicKeys, and only the derived private key required for signing 'GET' request (readonly) to BWS. readwrite will add the derived private key required for signing all other requests (as POST) so readwrite access will be possible. And full will export also the Extended Private Key, which is necesary for signing wallet's transactions. bit import can handle any for the levels correctly.

# full access
bit export -o wallet.dat
# readonly access 
bit export -o wallet.dat --access readonly
# readwrite access (can create addresses, propose transactions, reject TX, but does not have signing keys)

# Import the wallet , with given access level
bit import wallet.dat

# Export also support QR output:
bit export --qr

If the wallet needs to be migrated to another BWS instance, after importing the wallet, use the bit-recreate command

Export / Import with a new given password (TO Be Done)

bit export -o output.dat -e
bit import output.dat

Airgapped Operation

WARNING: THIS IS STILL WIP

Air gapped (non connected) devices are supported. This setup can be useful if maximum security is needed, to prevent private keys from being compromised. In this setup, a device is installed without network access, and transactions are signed off-line. Transactions can be pulled from BWS using a proxy device, then downloaded to a pendrive to be moved to the air-gapped device, signed there, and then moved back the proxy device to be sent back to BWS. Note that Private keys are generated off-line in the airgapped device.


# On the Air-gapped device
airgapped$ bit genkey
airgapped$ bit export -o toProxy  --access readwrite  #(or --readonly if proxy won't be allowed to propose transactions)

# On the proxy machine
proxy$ bit import toProxy
proxy$ bit join secret      # Or bit create 
proxy$ bit address          # Only if readwrite access was granted
proxy$ bit balance

# Export pending transaction to be signed offline
proxy$ bit txproposals -o txproposals.dat

## Back to air-gapped device

# Check tx proposals:
airgapped$  bit txproposals -i txproposals.dat

# First time txproposals is running on the air gapped devices, the public keys of the copayers will be imported from the txproposals archive. That information is exported automatically by the proxy machine, and encrypted copayer's xpriv derivatives.

# Sign them
airgapped$  bit sign  -i txproposals.dat -o txproposals-signed.dat

## Back to proxy machine

# Send signatures to BWS
proxy$  bit sign -i txproposals-signed.dat

Security Considerations

  • Private keys are never sent to BWS. Copayers store them locally.
  • Extended public keys are stored on BWS. This allows BWS to easily check wallet balance, send offline notifications to copayers, etc.
  • During wallet creation, the initial copayer creates a wallet secret that contains a private key. All copayers need to prove they have the secret by signing their information with this private key when joining the wallet. The secret should be shared using secured channels.

All BWS responses are verified:

  • Addresses and change addresses are derived independently and locally by the copayers from their local data.
  • TX Proposals templates are signed by copayers and verified by others, so the BWS cannot create or tamper with them.

Notes

  • A copayer could join the wallet more than once, and there is no mechanism to prevent this. Copayers should use the command 'confirm' to check other copayer's identity.

In case the BWS is compromised

  • It could be possible to see past (and future) wallet's transactions.
  • It is not possible to spend wallet funds, since private keys are never sent nor stored at BWS
  • It is not possible to tamper with tx proposals or wallet addresses since they are computed and verified by copayers
  • Copayers could switch to another BWS instance using their local data (see recreate command). In this case only the wallet extended data will be lost (pending and past transaction proposals, some copayer metadata).

REST API

create a wallet

POST /v1/wallets

join a wallet

POST /v1/wallets/:id/copayers

...

[To be completed, see expressapp.js]