lukechilds
/
bitcore-wallet-service
mirror of https://github.com/lukechilds/bitcore-wallet-service.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
259 Commits
8 Branches
10 Tags
3.0 MiB
 
 
Tree: e2167640fb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e2167640fb'
${ noResults }
Matias Alejo Garcia e2167640fb
add host param 		10 years ago
bit-wallet add host param 10 years ago
lib add host param 10 years ago
test add tests 10 years ago
.gitignore move / rename client files 10 years ago
README.md add host param 10 years ago
TODO move / rename client files 10 years ago
TODO.txt add express app 10 years ago
app.js fix broadcasting 10 years ago
package.json add export to text and qr 10 years ago

README.md

bitcore-wallet-service

A Multisig HD Wallet Service, with minimun server trust.

Quick Guide

 # Start the server
 npm ./app.js
 
 # Try the CLI interfase
 cd bit-wallet
 
 # Create a 2-2 wallet (john.dat is the file were the wallet critical data will be stored)

 ./bit -c john.dat create 2-2 john -n testnet
  * Secret to share:
  	0a18bed5-5607-4fde-a809-dc6561bc0664:L3WtafRAEHty7h2J7VCHdiyzFboAdVFnNZXMmqDGw4yiu5kW9Tp4:T
 ./bit -c join.dat status
 
 # Join the wallet
   ./bit -c pete.dat join	0a18bed5-5607-4fde-a809-dc6561bc0664:L3WtafRAEHty7h2J7VCHdiyzFboAdVFnNZXMmqDGw4yiu5kW9Tp4:T
   ./bit -c pete.dat status
   
   export BIT_FILE=pete.dat
   export BIT_HOST=http://pepe.com/bws
   ./bit address 
     [1bitcoinaddress]
   ./bit balance
   ./bit send 1xxxxx 100 "100 satoshis to mother"
   ./bit status
   
   # Export your critical wallet data (you need *quorum* of wallet's copayer to extract coins)
   ./bit export
   # Or export it to a QR 
   ./bit export --qr
   
   # Import it later
   ./bit import <file>
   
   # List all commands:
    ./bit --help

Server API

create a wallet

POST /v1/wallets

join a wallet

POST /v1/wallets/:id/copayers

...

[To be completed, see app.js]

Security Considerations

  • Private keys are never send to the server. Copayers store them locally.
  • Extended public keys are stored on the server. This allow the server to easily check wallet's balances, send offline notifications to copayers, etc. In case the server is compromised, the attacked could see past (and future) wallet's transactions.
  • During wallet creation a wallet secret is created by the initial copayer containg a private key. Following copayers need to prof the have the secret by signing their information to join the wallet. The secret should be shared using secured channels.
  • Note that a copayer could should more that one time to the wallet, and there is not mechanism to prevent it. Copayers should use 'confirm' to check others copayer's identity.
  • All server responses are verified:
  • Addresses, change addresses are derived individually by copayers from their local data.
  • TX Proposals templates are signed by copayers, and verified by others, so the server cannot create / tamper them

Export Format

Exporting a wallet will expose copayer's extended private key and other's copayers extended public keys. This information is enough to extract funds from the wallet, given the required quorum is meet.