Nxt Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client 1.11.5 - NEW RELEASE: Ardor 2.0.3e TestNet IS LAUNCHED!

Pages: [1]

Author Topic: local tx signing - short manual? (Python?)  (Read 2153 times)

altsheets

  • Full Member
  • ***
  • Offline Offline
  • Posts: 231
  • check out #AAssetNXT #AltFolio and #AssetGraphs
    • View Profile
    • AssetGraphs-v2 live examples
  • Karma: +31/-1
local tx signing - short manual? (Python?)
August 14, 2015, 07:32:57 am

Hi!

Where can I find a stepwise manual how to do local transaction signing?
(without sending the secretPhrase to the NRS)

I was always wondering how that works exactly.

If there is even Python code already - great!
But also other languages would help, e.g. this - stayed unanswered: sign transaction with PHP

Beginning, I would like to see something in "pseudocode", or a step 1-3 description (with relevant warnings, and pitfalls  ;) ).

Could be useful for the wikiwiki? Also for another reason:
Every now and then a new user wonders about putting his secret key into the nxt client, how safe it is, etc.
- one could link to that noew page - that describes in detail how the passphrase never leaves e.g. his browser ...

Thx!
AltFolio | Newbium DataSite | AAssetNXT & -HZ | AssetGraphs | ABEE | Advice | assetparser.py & shareholders.py | bamm.py | PeerCrawler | Github e.g. ChainCountDown, ethjsre | ... much more | dividends soon paid in AAssetNXT & AAssetHZ, autumn/winter 2016

mystcoin

  • Full Member
  • ***
  • Offline Offline
  • Posts: 188
    • View Profile
  • Karma: +50/-0

The new release 1.5.15 has functionality to facilitate offline signing of transactions using the NRS.

mystcoin

  • Full Member
  • ***
  • Offline Offline
  • Posts: 188
    • View Profile
  • Karma: +50/-0

With release 1.5.15 it is possible to securely sign a transaction offline using only the NRS (Nxt Reference Software). The transaction must first be created on an online system (either a public node or an untrusted local node) with an up-to-date blockchain, but without signing it. The secret passphrase is not used to login to the NRS client, nor is it used  to create the transaction if the "Do Not Broadcast" and "Do Not Sign" options are checked in the "advanced" section of the transaction entry form shown below.



In this case, when "Send NXT" is clicked, the NRS client genrates an unsigned transaction in a pop-up window (modal) but does not broadcast it..



If there is no message to be encrypted in the transaction, the raw unsigned transaction bytes are provided along with a QR code and a field for the signature to be entered once it is computed offline. If there is an encrypted message, only the unsiged transaction JSON including an unencrypted to-be-encrypted message is provided. The to-be-encrypted message can only be encrypted when the secret passphrase is available and so the encryption must be done offline along with the signing, and therefore the unsigned transaction JSON must be used.

Transfer the unsigned transaction bytes or JSON (if necessary) from the online system to the offline system using a flash drive or optically using the QR code. On the offline system, sign the transaction using the "Sign Transaction" tab of the "Transaction Operations" pop-up entry form of the "Settings" drop-down menu (gear symbol) on the header bar. The secret passphrase must be entered. Transfer the signature back to the online system and enter in the "Signature" field above, then click on "Broadcast".

For the simple case where the raw unsigned transaction bytes are provided by an online NRS client, the signature can be easily computed offline using any software that has a curve25519 cryptography module available. Otherwise, a more elaborate scheme is needed. Here is a shell script that computes the signature of the unsigned transaction bytes given the secret passphrase:

Code: [Select]
#!/bin/bash

secretPhrase="$1" # secret phrase (text)
unsignedTxHexString="$2" # unsigned TX hex string

CURVE="./curve25519" # path to curve25519 executable

function hexToBytes { # convert hex string to bytes
        echo $1 | sed 's/../\\x&/g'
}

function hash { # output is a hex string
        local hash=($(echo -ne $1 | sha256sum))
        echo ${hash[0]}
}

Ps=($($CURVE -g $(hash "$secretPhrase")))
if (($?)); then exit 1; fi
P=${Ps[0]} # public key for signing
s=${Ps[1]} # private key for signing

m=$(hash $(hexToBytes $unsignedTxHexString)) # message hash
Gk=($($CURVE -G $(hash $(hexToBytes $m$s))))
if (($?)); then exit 1; fi
G=${Gk[0]} # public key for key agreement
k=${Gk[1]} # private key for key agreement

mG=$(hash $(hexToBytes $m$G)) # signature hash
v=$($CURVE -s $mG $k $s) # signature value
if (($?)); then exit 1; fi
signature=${v,,}$mG # full signature, lower case $v for esthetics
echo $signature
exit 0

The curve25519 utility can be obtained here.

altsheets

  • Full Member
  • ***
  • Offline Offline
  • Posts: 231
  • check out #AAssetNXT #AltFolio and #AssetGraphs
    • View Profile
    • AssetGraphs-v2 live examples
  • Karma: +31/-1

The new release 1.5.15 has functionality to facilitate offline signing of transactions using the NRS.

Just seen that now.

Funny: I have asked around the time when they have probably just prepared that next version ;-)

AltFolio | Newbium DataSite | AAssetNXT & -HZ | AssetGraphs | ABEE | Advice | assetparser.py & shareholders.py | bamm.py | PeerCrawler | Github e.g. ChainCountDown, ethjsre | ... much more | dividends soon paid in AAssetNXT & AAssetHZ, autumn/winter 2016

altsheets

  • Full Member
  • ***
  • Offline Offline
  • Posts: 231
  • check out #AAssetNXT #AltFolio and #AssetGraphs
    • View Profile
    • AssetGraphs-v2 live examples
  • Karma: +31/-1

...

If there is no message to be encrypted in the ... [perfect]

...

Thanks A LOT, mystcoin! 

That is exactly what I had hoped for.

What about putting your great description right away onto the wiki?

I also tell xchrix this.
AltFolio | Newbium DataSite | AAssetNXT & -HZ | AssetGraphs | ABEE | Advice | assetparser.py & shareholders.py | bamm.py | PeerCrawler | Github e.g. ChainCountDown, ethjsre | ... much more | dividends soon paid in AAssetNXT & AAssetHZ, autumn/winter 2016

altsheets

  • Full Member
  • ***
  • Offline Offline
  • Posts: 231
  • check out #AAssetNXT #AltFolio and #AssetGraphs
    • View Profile
    • AssetGraphs-v2 live examples
  • Karma: +31/-1

... ... Here is a shell script that computes the ...

Code: [Select]
...
CURVE="./curve25519" # path to curve25519 executable
...
local hash=($(echo -ne $1 | sha256sum))
...
}

... If there is even Python code already - great! ...

Python curve25519 -->
https://www.google.de/search?q=curve25519+python

Python hashlib.sha256
https://docs.python.org/2/library/hashlib.html

AltFolio | Newbium DataSite | AAssetNXT & -HZ | AssetGraphs | ABEE | Advice | assetparser.py & shareholders.py | bamm.py | PeerCrawler | Github e.g. ChainCountDown, ethjsre | ... much more | dividends soon paid in AAssetNXT & AAssetHZ, autumn/winter 2016

xchrix

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 257
    • View Profile
    • CryptoCoinCharts
  • Karma: +56/-3

thx mystcoin for the bash script and thx altsheets for informing me!!
it looks like the bash script is exactly what i was looking for but a native PHP implementation would be easier to use i think. do you think it is possible to convert this to PHP? unfortunately i am really bad at reading bash scripts. i will also pay some NXT for the work!

mystcoin

  • Full Member
  • ***
  • Offline Offline
  • Posts: 188
    • View Profile
  • Karma: +50/-0

thx mystcoin for the bash script and thx altsheets for informing me!!
it looks like the bash script is exactly what i was looking for but a native PHP implementation would be easier to use i think. do you think it is possible to convert this to PHP? unfortunately i am really bad at reading bash scripts. i will also pay some NXT for the work!

One option you have is to use the new PHP PECL libsodium extension: https://github.com/jedisct1/libsodium-php

I took a look at libsodium some time ago and it seems to have a different interface compared to the Java version used by Nxt, which I ported back to C. If you want to use my version, which has an interface compatible with hex strings, here is a PHP version of the bash script above, named sign.php and executable from the linux prompt if you have php installed. It prints out the signature if given the secret passphase and the unsigned transaction hex string.

Code: [Select]
<?php
if($argc != 3) {
  echo 
"Usage: php sign.php \"secretPhrase\" unsignedTxHexString\n";
  exit(
1);
}
$secretPhrase $argv[1]; // secret phrase (text)
$unsignedTxHexString $argv[2]; // unsigned TX hex string

$CURVE "./curve25519"// path to curve25519 executable

$secretPhraseHash hash("sha256"$secretPhrase);
$unsignedTxHash hash("sha256"pack("H*"$unsignedTxHexString));

$output = array();

$Ps exec("$CURVE -g $secretPhraseHash"$output$status);
if(
$status) exit($status);
$PsArray explode(" "$Ps);
$P $PsArray[0]; // public key for signing
$s $PsArray[1]; // private key for signing

$Gk exec("$CURVE -G ".hash("sha256"pack("H*"$unsignedTxHash.$s)), $output$status);
if(
$status) exit($status);
$GkArray explode(" "$Gk);
$G $GkArray[0]; // public key for key agreement
$k $GkArray[1]; // private key for key agreement

$mG hash("sha256"pack("H*"$unsignedTxHash.$G)); // signature hash
$v exec("$CURVE -s $mG $k $s"$output$status); // signature value
if($status) exit($status);
$signature strtolower($v).$mG// full signature, lower case $v for esthetics
echo $signature."\n";
exit(
0);
?>


This version of the script uses the built-in hash() and pack() functions, so there is no need to call sed and sha256sum. The only system call is to the executable curve25519, compiled from C, obtainable from https://bitbucket.org/mystcoin/curve22519

Let me know if you need verification. A tip to the NXT address below is welcome.
« Last Edit: August 15, 2015, 05:45:45 pm by mystcoin »

jones

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1043
  • write code not war
    • View Profile
    • jNxt
  • Karma: +310/-8

A while back I made nxtlib-php which has a native implementation of curve25519 as well as createToken and verify token
http://Https://github.com/jonesnxt/nxtlib-php
-- Jones NXT-RJU8-JSNR-H9J4-2KWKY

altsheets

  • Full Member
  • ***
  • Offline Offline
  • Posts: 231
  • check out #AAssetNXT #AltFolio and #AssetGraphs
    • View Profile
    • AssetGraphs-v2 live examples
  • Karma: +31/-1

this thread makes me happy :-)
AltFolio | Newbium DataSite | AAssetNXT & -HZ | AssetGraphs | ABEE | Advice | assetparser.py & shareholders.py | bamm.py | PeerCrawler | Github e.g. ChainCountDown, ethjsre | ... much more | dividends soon paid in AAssetNXT & AAssetHZ, autumn/winter 2016

mystcoin

  • Full Member
  • ***
  • Offline Offline
  • Posts: 188
    • View Profile
  • Karma: +50/-0

There is a new wiki page for the Offline Transaction Signing feature of release 1.5.15.

altsheets

  • Full Member
  • ***
  • Offline Offline
  • Posts: 231
  • check out #AAssetNXT #AltFolio and #AssetGraphs
    • View Profile
    • AssetGraphs-v2 live examples
  • Karma: +31/-1

There is a new wiki page for the Offline Transaction Signing feature of release 1.5.15.

Fantastic. Well done.

And I have inserted this little initiative into my log of activities (very top)
:-)
AltFolio | Newbium DataSite | AAssetNXT & -HZ | AssetGraphs | ABEE | Advice | assetparser.py & shareholders.py | bamm.py | PeerCrawler | Github e.g. ChainCountDown, ethjsre | ... much more | dividends soon paid in AAssetNXT & AAssetHZ, autumn/winter 2016

xchrix

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 257
    • View Profile
    • CryptoCoinCharts
  • Karma: +56/-3

sorry to get back to this old thread but it looks like there is no real solution yet.
when i want to create a transaction WITHOUT running an own NXT node i have to rely on external nodes. thats fine when i dont have to send my passphrase there. so i am thinking about the following

1. query the http://peerexplorer.com API and get a random NXT node
2. send the "sendMoney" request to this node WITHOUT my passphrase. http://wiki.nxtcrypto.org/wiki/The_Nxt_API#Send_Money
3. i will get a response with "unsignedTransactionBytes"
4. use jones nxtlib to sign this bytes locally with function  signBytes()
5. broadcast this signedTransactionBytes to the network

looks like the perfect setup for me without running an own node. there is just one thing: how can i be sure that the unsignedTransactionBytes are right? maybe the node took my sendMoney request and changed the receiving address to an other address!?!?!?
is it possible to verify the unsignedTransactionBytes?

Riker

  • Core Dev
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1572
    • View Profile
  • Karma: +409/-42

sorry to get back to this old thread but it looks like there is no real solution yet.
when i want to create a transaction WITHOUT running an own NXT node i have to rely on external nodes. thats fine when i dont have to send my passphrase there. so i am thinking about the following

1. query the http://peerexplorer.com API and get a random NXT node
2. send the "sendMoney" request to this node WITHOUT my passphrase. http://wiki.nxtcrypto.org/wiki/The_Nxt_API#Send_Money
3. i will get a response with "unsignedTransactionBytes"
4. use jones nxtlib to sign this bytes locally with function  signBytes()
5. broadcast this signedTransactionBytes to the network

looks like the perfect setup for me without running an own node. there is just one thing: how can i be sure that the unsignedTransactionBytes are right? maybe the node took my sendMoney request and changed the receiving address to an other address!?!?!?
is it possible to verify the unsignedTransactionBytes?

The official client wallet performs local signing for any transaction sent to a remote node. It will never send your passphrase to the remote node except for specific operations that has to be performed on the remote node like forging and starting a shuffler.

The unsigned bytes returned by the server are always validated against the row data submitted to the remote node.
See the NRS.verifyTransactionBytes() function in nrs.server.js
The discussion above is about how to perform this local signing on an offline machine to avoid the risk that a key logger or copy/paste logger will steal your passphrase while you type it into the browser.
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

xchrix

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 257
    • View Profile
    • CryptoCoinCharts
  • Karma: +56/-3

thx for the info riker. i dont want to use the GUI but my own PHP script which doesnt rely on a local selfowned node. best case for me is to use the NXT network and API requests without running any servers/daemons on my own. thats why i want to use public nodes and sign my transaction locally.

ok so to be 100% sure i have to port the verifyTransactionBytes() function to PHP?

Riker

  • Core Dev
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1572
    • View Profile
  • Karma: +409/-42

thx for the info riker. i dont want to use the GUI but my own PHP script which doesnt rely on a local selfowned node. best case for me is to use the NXT network and API requests without running any servers/daemons on my own. thats why i want to use public nodes and sign my transaction locally.

ok so to be 100% sure i have to port the verifyTransactionBytes() function to PHP?

Yes. some of the code there looks scary but it's because we try to emulate Java types in JavaScript. For example converters.byteArrayToSignedInt32() is equivalent in Java to reading an int from a byte array.
But, you'll also need to convert the crypto code which performs the signing itself. This would be a bigger effort.

If you are not locked on PHP, perhaps reuse the existing client JavaScript code from Node.js ?
Or just implement the code in Java ?
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

lurker10

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1293
    • View Profile
  • Karma: +160/-33

Someone should port https://github.com/jonesnxt/nxtlib-php to Python :)
Run a node - win a prize! "Lucky node" project jar: NXT-8F28-EDVE-LPPX-HY4E7
Pages: [1]