make;
make install;

some notes to myself

Blog

About

Offline Bitcoin transaction signing

Written on March 27, 2016

I first got into Bitcoin back in 2013, before a media frenzy caused the price to skyrocket over $1000. Though it has its problems, I think the blockchain concept is awesome.

One of the problems is security. In the early years (pre-2013) you had to run a Bitcoin client (aka “wallet”) on your computer and connect to various peers, which opened you up to potentially getting hacked and your funds stolen. Along came the Armory wallet with the potential to have “cold” wallets - the transaction signing is done on a computer that is not connected to the internet. Basically you set up Armory on both an online and an offline computer and the shuttle transaction data between the two via a USB drive. Which I guess gives you an airgap, but you’re still vulnerable to some attacks.

I recently decided to dip my toes back into Bitcoin and have been playing around with Armory. Armory basically sits on top of bitcoind, so it should respect your bitcoin.conf file, though I’ve found it doesn’t seem to play nicely with some networking configuration options (such as using a SOCKS proxy). I decided to pull the plug once I saw DNS lookups for microsoft.com (ummm… what!?!?).

With a lot of good developer documentation (https://bitcoin.org/en/developer-reference) out there for using the Bitcoin API, I thought maybe I could implement some offline transaction signing using QR Codes to move data between the offline and online computers. In the past, there has been some malware distributed via QR Codes. However it has really been just a matter of making a request to a bad URL (surprise!), not some sort of Snow Crash attack. I also came across this great post from one of the Bitcoin Core developers: https://people.xiph.org/~greg/signdemo.txt. So I had what I needed.

I threw together some Python code to make calls to the Bitcoin API. I also use zbarimg for QR Code processing. The project is here: https://github.com/ramann/bitcoin-qrcode. This is just a proof-of-concept, I haven’t used it for serious (read: $$$) transactions. I also will need to get it working with large sized transactions, as QR Codes can only store about 2kB of data. Basically, you’d install bitcoind on two computers and run the scripts in the following sequence.

  1. On the offline computer, run offline_create_address.py
  2. On the online computer, run online_create_tx.py
  3. On the offline computer, run offline_sign_tx.py
  4. And finally on the online computer, push the transaction out to the block chain by running online_send_signed_tx.py

I used two laptops, each with a cheap USB webcam, and luvcview to take images of the QR Code on the the other laptop’s display. Insight is a cool project if you’ve ever wanted to run your own instance of blockchain.info.