Nxt Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client 1.11.3 - NEW RELEASE: Ardor 2.0.1e TestNet IS LAUNCHED!

Pages: [1] 2 3 ... 6  All

Author Topic: NRS v1.5.15  (Read 16199 times)

Jean-Luc

  • Core Dev
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1576
    • View Profile
  • Karma: +789/-81
NRS v1.5.15
August 14, 2015, 11:50:43 am

Notice:

This is the old stable Nxt branch. New users are recommended to install the latest 1.6.2 release instead, as announced here:
https://nxtforum.org/nrs-releases/nrs-v1-6-2

Existing users with applications that call the Nxt API directly, and those running public nodes with open API access, make sure to read the warning about incompatible API changes in 1.6 before upgrading. If those affect you, stay on this 1.5 branch until you have the time to transition to 1.6.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Release 1.5.15

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-client-1.5.15.zip

sha256:

474694e08ff2d9495aceff73a4ed9e276f4311d81695fd7eeaf94caba58d4764  nxt-client-1.5.15.zip

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-client-1.5.15.jar

sha256:

3ede181a73a365a54cd8341d0925d1ebe899382e0b9df808a83ab0e82feee5d2  nxt-client-1.5.15.jar

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-client-1.5.15.exe

The exe and jar packages must have a digital signature by "Stichting NXT".


Change log:

Full offline transaction signing support.

The purpose of this security feature is to allow users to sign transactions
without ever entering their passphrase on a workstation connected to the
internet, thus avoiding the risk of having their passphrase stolen by locally
installed malware such as key loggers or copy/paste loggers, or malicious
plugins.

As a prerequisite to using this feature, users should setup two workstations:

(1) online with up to date blockchain, on which transactions will be prepared;

(2) offline with Java and NXT installed, but without internet connection, and
without needing to have up to date blockchain, on which transactions will be
signed.

The nxt.isOffline=true parameter can be used on the offline machine to make
sure it doesn't even try to connect to peers or to listen on the peer port.

In addition, users should prepare either a web camera to scan QR codes, or a
USB stick to copy data between the workstations.

The following procedure should be followed:

On the online workstation - users can create a transaction without entering
their passphrase. Click on the "advanced" link, check the "Do Not Broadcast"
option, and then check the newly added "Do Not Sign" option that appears.
When "Do Not Sign" is checked, the passphrase field is cleared and disabled.

If the account submitting the transaction does not yet have its public key
announced, a separate input field appears, to allow entering the public key.

In response, the server returns the unsigned transaction JSON, and in case
there are no message attachments to be encrypted, also the unsigned
transaction bytes.

The client now displays the "Raw Transaction Details" modal with the unsigned
transaction JSON, and the unsigned transaction bytes (including a QR code
representing them), if those exist.

The unsigned transaction bytes do not include the prunable attachments,
however they can still be used for signing the transaction, and also for
broadcasting the transaction in case no prunable attachments exist.

Users can transfer the unsigned transaction bytes to the offline workstation
by scanning the QR code, or download the unsigned transaction JSON to a file
by clicking the download icon, and transfer it using a USB stick to the
offline workstation.

On the offline workstation - users should use the "Transaction Operations"
modal, "Sign Transaction" tab, to sign the unsigned transaction JSON, which
can be uploaded from a file.

In response, a signature field is displayed, with a QR code, and also the
signed transaction JSON which users can save to a file for transferring back
to the online workstation.

Back on the online workstation, users can scan the signature QR code into the
"Raw Transaction Details" modal signature field, and broadcast the
transaction. Alternatively, they can use the "Broadcast Transaction" tab of
the "Transaction Operations" modal to broadcast the transaction JSON copied
from the offline workstation.

A command line tool, sign.sh, has been provided, for signing transaction JSON
without needing to even have an Nxt server or a browser running.

Note that when the transaction to be signed includes a message to be encrypted,
the encryption is also performed on the offline workstation. However, when
generating the unsigned transaction JSON on the online workstation, if using
a remote node, the plain text content of the message must be sent to this node
in order for it to prepare the transaction JSON. Therefore, use a local
installation when preparing encrypted messages for offline signing, if the
content of the message is sensitive.

All tabs in the "Transaction Operations" modal that have both bytes and json
input fields need to have only one of them filled. If in doubt, using the json
is preferred, as it will work for all transactions. The bytes format is still
accepted, when possible, for backwards compatibility, and for transferring
using QR codes (as the json cannot fit in a QR representation).


Other changes:

The signTransaction API now also returns the full signed transaction JSON.

The calculateFullHash API now also accepts unsignedTransactionJSON parameter.

Added getLastTrades and getLastExchanges API, accepting a multivalue asset,
respectively currencies parameter, and returning an array containing the last
trade or exchange for each of those assets or currencies.

Added fullHashToId utility API.

Display warning when trying to issue an asset or currency with less than 2
or more than 6 decimals.

Display total value of currencies owned on dashboard. Set default leasing
period to the maximum allowed (32767) in the UI. Other UI improvements.

Updated jetty to version 9.2.13. If unpacking on top of existing installation,
delete the lib subdirectory first.


-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVzbtBAAoJENqvaxkWiP4Z0foQAKfLOCOb7Hoem0sumRlWyvEX
D7jA/PeEW4TwqslP8wKSbj245hzadGLtEvugUAdAtf2oHRqFIGIOE3hOXPS5iuSd
Ofb95e9IRB+dwS9Pm/EjOqLf+TURoS5iCQgy7qEX/MZobWeDdUXM2Rq1+TPaKulk
4w8aYqNYD+jCyBTyOBp+lVbZPsiLTHmoHMmRlYjdERrv+ilQ1a2lRaqcMJTcFc3H
GrD1kEw9rD0U8NXG7lKpCT+APEUj/1SKI0OWV+3IBzfv9wCoGV7qzzPuZaE7En9G
UURi2lElVTAO21AkKPyycHtul7ZNUKh0zW41KMwMhuYZUiEJdhGjp0LSukHhWATg
UEHkjWU+78QjPX/8El+tewr7/fUy+UxerekvfyIVLjwBf6s05x7G3t7OyL5YH9+1
a9S/wQ+0rFCuUS5MB5dErJc6v9xuWSpj4aM7ELPSTX5PWpG+vs6DfrZkhcw6Pzec
mjP6lg6Z96PdbOfYsaQYma9JmdR+rr8j6xJwzI8XY0Du7nygLMpbRhiCUPyrwcw9
fdAvsGptimXrh03fCbCX+t0s3W+SO2rZXu0pokZKoApXsDxlUEm1ZMxwFi/103SV
+M1y/FRWWN5tB0YI3FXY8Dy+9enzocKUID77Xjkor/SnjF6uwJ5lnDNmjnpTEpk1
1TEKd68+ctKQ4HJtuzln
=tTB+
-----END PGP SIGNATURE-----
« Last Edit: November 10, 2015, 08:29:26 am by Jean-Luc »
GPG key fingerprint: 263A 9EB0 29CF C77A 3D06  FD13 811D 6940 E1E4 240C
xmpp: jeanlucpicard@jabber.ccc.de EAFA3A2E 33B21A52 370CE6D4 35A4B325 3ED22061
NXT-X4LF-9A4G-WN9Z-2R322

qq2536007339

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 418
    • View Profile
  • Karma: +36/-9
Re: NRS v1.5.15
August 14, 2015, 11:52:58 am

Thank you!
NXT-DJ68-PG7W-4JEU-2LU5T

apenzl

  • Hero Member
  • *****
  • Online Online
  • Posts: 2434
    • View Profile
    • Nxter.org
  • Karma: +233/-10
Re: NRS v1.5.15
August 14, 2015, 12:07:44 pm

Truly another great upgrade. Thanks.

yassin54

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 2506
  • I am Homer, Sorry my english is Bad!!
    • View Profile
  • Karma: +240/-14
Re: NRS v1.5.15
August 14, 2015, 12:08:39 pm

Thanks again!  :-*

farl4bit

  • Global Moderator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 3255
  • Go Nxt!
    • View Profile
    • Blockchain Startpagina
  • Karma: +198/-40
Re: NRS v1.5.15
August 14, 2015, 12:14:29 pm

The description in start is this:

Code: [Select]
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Request has expired</Message><Expires>2015-08-14T12:08:46Z</Expires><ServerTime>2015-08-14T12:08:47Z</ServerTime><RequestId>89892E4EDC2F5E6C</RequestId><HostId>Wuuq4/T7bS1QCohsYU0leLkS8jpcaH4TXMxqMJ3BqWsCmrxk6uLF0I0J8U9L7ppRs7e/MQt9L+A=</HostId></Error>

But it worked...  :)

allwelder

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1864
  • NxtChina.org
    • View Profile
    • NxtChina.org
  • Karma: +196/-13
Re: NRS v1.5.15
August 14, 2015, 12:27:03 pm

Great.
Like vapor wallet of jay?
NxtChina |Weibo |Twitter Donation welcomed:NXT-APL9-66GU-K8LY-B3JJJ

dhj1965

  • Full Member
  • ***
  • Offline Offline
  • Posts: 191
    • View Profile
  • Karma: +11/-31
Re: NRS v1.5.15
August 14, 2015, 12:35:04 pm

Thanks again  :) All nodes updated without any problem :)

dhj.

Nxter

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 587
    • View Profile
  • Karma: +61/-7
Re: NRS v1.5.15
August 14, 2015, 02:59:53 pm

This is great!
 

neawanna

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 363
    • View Profile
  • Karma: +28/-9
Re: NRS v1.5.15
August 14, 2015, 03:42:10 pm

I don't see "Do Not Sign" check button. Is anyone else not getting this?

shin

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 456
    • View Profile
  • Karma: +47/-4
Re: NRS v1.5.15
August 14, 2015, 04:18:13 pm

I don't see "Do Not Sign" check button. Is anyone else not getting this?
Try hard refreshing the browser (press Shift + Refresh button) or clearing the browser's cache.
Wallet: NXT-ELEB-XT6G-L475-HXRFX • 18354136531262130569 • Twitter: Shin NXT

neawanna

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 363
    • View Profile
  • Karma: +28/-9
Re: NRS v1.5.15
August 14, 2015, 04:36:50 pm

I don't see "Do Not Sign" check button. Is anyone else not getting this?
Try hard refreshing the browser (press Shift + Refresh button) or clearing the browser's cache.

Why didn't I think of that! :)

shin

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 456
    • View Profile
  • Karma: +47/-4
Re: NRS v1.5.15
August 14, 2015, 04:40:45 pm

I don't see "Do Not Sign" check button. Is anyone else not getting this?
Try hard refreshing the browser (press Shift + Refresh button) or clearing the browser's cache.

Why didn't I think of that! :)
Well you shouldn't have to. Front-end developers really need to take care of this issue.
Wallet: NXT-ELEB-XT6G-L475-HXRFX • 18354136531262130569 • Twitter: Shin NXT

neawanna

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 363
    • View Profile
  • Karma: +28/-9
Re: NRS v1.5.15
August 14, 2015, 04:56:05 pm

I've had to do it for previous updates, but it slipped my mind this time. I should know better.

I just successfully broadcast a Tx using two browser tabs: 1 running an online version of NRS from my server node over LAN, 1 running an offline version on my laptop. Great work!

Also tested with _mr_e's NxtVault Android app, but there was a problem with "Invalid transaction timestamp" on the generated QR code. Let's hope he provides a fix for that.

apenzl

  • Hero Member
  • *****
  • Online Online
  • Posts: 2434
    • View Profile
    • Nxter.org
  • Karma: +233/-10
Re: NRS v1.5.15
August 14, 2015, 05:10:50 pm

I've had to do it for previous updates, but it slipped my mind this time. I should know better.

I just successfully broadcast a Tx using two browser tabs: 1 running an online version of NRS from my server node over LAN, 1 running an offline version on my laptop. Great work!

Also tested with _mr_e's NxtVault Android app, but there was a problem with "Invalid transaction timestamp" on the generated QR code. Let's hope he provides a fix for that.

+1

Jean-Luc

  • Core Dev
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1576
    • View Profile
  • Karma: +789/-81
Re: NRS v1.5.15
August 14, 2015, 05:12:55 pm

The sign.sh command line tool, included in this release, calls a small Java application nxt.tools.SignTransactionJSON, which even though uses Nxt code, avoids initializing any subsystems that it doesn't need, such as database, peer networking, jetty, etc. Thus it can be used for quickly signing unsigned transaction json from the command line, without firing up the Nxt server, on the offline machine. It uses json as input and can also do encryption of message attachments when needed, unlike other generic curve25519 signing tools that need to handle transaction bytes only and can't do such encryption.

It should be noted that while malware on the online machine cannot steal your passphrase, it could in theory modify the transaction json and replace the recipient or add a few zeros to amountNQT, letting you unwittingly sign and broadcast not exactly what you intended. To protect against such attack, you should inspect the transaction json you will be signing, on the offline machine. The "parse transaction" tab in the "transaction operations" modal can be used for that, as it formats the transaction fields in a more readable way. Currently it skips the attachment fields, if any, this will be improved in a future release.
GPG key fingerprint: 263A 9EB0 29CF C77A 3D06  FD13 811D 6940 E1E4 240C
xmpp: jeanlucpicard@jabber.ccc.de EAFA3A2E 33B21A52 370CE6D4 35A4B325 3ED22061
NXT-X4LF-9A4G-WN9Z-2R322

neawanna

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 363
    • View Profile
  • Karma: +28/-9
Re: NRS v1.5.15
August 14, 2015, 06:33:06 pm

Thanks for the heads up.

I just tried to re-broadcast a signed.transaction.xxxxxxxx.json file and the client broadcast it but the Tx was rejected by the network before it reached the unconfirmed Tx pool.

The Tx was back to my own account, so I wasn't trying to double-spend.

Is each signed Tx uniquely identifiable so that the network knows that Tx has already been broadcast?

barbierir

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 316
    • View Profile
  • Karma: +36/-2
Re: NRS v1.5.15
August 14, 2015, 08:53:47 pm

Great update! Scanning the Qr code with the smartphone and the laptop camera makes offline signing fast and easy. It worked on my ubuntu too. I can't imagine anything more secure and simple than this.

Riker

  • Core Dev
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1468
    • View Profile
  • Karma: +389/-42
Re: NRS v1.5.15
August 14, 2015, 09:11:39 pm

Is each signed Tx uniquely identifiable so that the network knows that Tx has already been broadcast?

Yes since both submission will result in the same transaction id, if you rebroadcast the same JSON to the unconfirmed pool you get:
TransactionProcessorImpl.broadcast: Accepted new transaction 9778543058050327721
TransactionProcessorImpl.broadcast: Transaction 9778543058050327721 already in unconfirmed pool, will re-broadcast

If you broadcast it the 2nd time after the first transaction is confirmed you get:
TransactionProcessorImpl.broadcast: Transaction 9778543058050327721 already in blockchain, will not broadcast again
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

neawanna

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 363
    • View Profile
  • Karma: +28/-9
Re: NRS v1.5.15
August 14, 2015, 09:27:07 pm

^good stuff. We have such a great platform here :)

EvilDave

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1762
    • View Profile
    • NXT Foundation
  • Karma: +337/-40
Re: NRS v1.5.15
August 14, 2015, 09:32:37 pm

Nice work, guys.
Another cool Nxt feature......time for a Tweet, methinks:
https://twitter.com/EvilDave_NXT/status/632310539012714500
« Last Edit: August 14, 2015, 10:00:04 pm by EvilDave »
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!
Pages: [1] 2 3 ... 6  All