We are using BlockCypher API to create transaction in a HD Wallet.
As a return object, you'll receive a TXSkeleton containing a
slightly-more complete TX alongside data you need to sign in the
tosign array. You'll need this object for the next steps of the
transaction creation process.
Locally Sign Your Transaction
With your TXSkeleton returned from the New Transaction Endpoint, you
now need to use your private key(s) to sign the data provided in the
tosign array.
$PRIVATEKEY here is a hex-encoded private key corresponding to the input from address CEztKBAYNoUEEaPYbkyFeXC5v8Jz9RoZH9
My problem is how do we obtain the private key of each address in HD Wallet? With HD Wallet addresses are generated using the Derive Address Endpoint. This returns a HDWallet object which contains and HDChain object which contains an HDAddress Object. The HDAddress object contains address, path and public.
An HD Address object contains an address and its BIP32 HD path
(location of the address in the HD tree). It also contains the
hex-encoded public key when returned from the Derive Address in Wallet
endpoint.
As you can see, the private key is not included in HDAddress object response. So how can we know the private key to use with tosign method if the private key is not included in HDAddress object response? And without access to private key, how can we sign the **tosign** array?
Thanks
Related
I have a application with two users and one middle man, all of them holding the private and public key, To make the secured chat, two users and one middle man are all sending the public key and generate a secured channel. After establishing the channel, the middle man doesn't have the ability to see the encrypted message unless one of the user is sending his own key to the middle man.
i am not very familiar with cryptography, so for this app i know how to encrypt and decrypt the message.
encrypt(data) {
try {
var cipher = Crypto.createCipher('aes-256-cbc', this.password);
var encrypted = Buffer.concat([cipher.update(new Buffer(JSON.stringify(data), "utf8")), cipher.final()]);
FileSystem.writeFileSync(this.filePath, encrypted);
return { message: "Encrypted!" };
} catch (exception) {
throw new Error(exception.message);
}
}
but I don't know how to establish the encrypted channel from the stakeholders' key, and how can the one middle to see the message using his key and one of users' key?
is there a way to accomplish this using the cryptography?
I'm not sure I completely understand, but I think if you want to go with a system that doesn't use public key crypto I would suggest a system using 2 stages of encryption, actually a lot like PGP only both stages use symmetric keys-
1) There is a fixed session key generated by the first person in the chat, this can be a randomly generated number.
2) This session key is then encrypted by the keys belonging to every new member of the chat group and individually sent to them.
3) The new members decrypt with their own unique keys to get the plaintext session key back.
4) This session key is subsequently used to decrypt the messages sent to all participants. The same key can also be used to encrypt and send any new messages from any entitled participant(i.e. has the valid session key) on the chat group.
This is used in some systems but it relies on the unique keys being securely transmitted, in the first instance. If this condition can't be met, it's a problem that can be solved with public key crypto to build an end-to-end secure message system like PGP, whatsapp, etc.
I'm using MimeKit to send emails and the use of DKIM to sign them has been broached. I've looked at the example on the MimKit site, and googled the terms but found no answers.
Public Shared Sub DkimSign(ByVal message As MimeMessage)
Dim headers = New HeaderId() {HeaderId.From, HeaderId.Subject, HeaderId.Date}
Dim headerAlgorithm = DkimCanonicalizationAlgorithm.Simple
Dim bodyAlgorithm = DkimCanonicalizationAlgorithm.Simple
Dim signer = New DkimSigner("filename", "domain", "selector") With {.SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha1, .AgentOrUserIdentifier = "#eng.example.com"}
message.Prepare(EncodingConstraint.SevenBit)
message.Sign(signer, headers, headerAlgorithm, bodyAlgorithm)
End Sub
When instantiating the signer it requires a filename, domain and selector. If I'm sending an email from "bob#website.com" I would assume that the physical file would be placed on the root of the site and the instantiation would look something like this:
Dim signer = New DkimSigner("dkim.txt", "website.com", "") With {.SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha1, .AgentOrUserIdentifier = "???"}
But not sure the format/reason for the AgentOrUserIdentifier ... can anyone edify me or correct me if my assumptions are wrong?
The fileName parameter is the path to the private key that should be used for signing the message. I'm not sure why you expect it to be at the root of the site or why it would be called dkim.txt, but I can almost guarantee that both assumptions are wrong.
A selector is used by the receiving client to locate the correct public key in the DNS records because it's possible for the same domain to have multiple keys that it uses for signing.
The AgentOrUserIdentifier corresponds to the i= parameter that you find in the DKIM-Signature header and specifies the user or agent that is taking responsibility for the signature.
I have generated the xpub using bip32.org and derieved random address using xpub
var hdNode = bitcoinjs.HDNode.fromBase58(derivedPubKey);
hdNode.derive(index).pubKey.getAddress().toString();
the Private wif generated via bip32.org imported in the Bitcoin core. On transferring amount on the address generated by above code., amount is not showing in my bitcoin-core..
If you have imported the main pubkey into Core but the address you send to is a derived address then you are just sending to different address than you are expecting the funds to receive at.
Every derived address has its own private key so you have to import the keys of individual derived addresses not just the key of the chain:
var addr = hdNode.derive(i);
/* Derived address: */
addr.getAddress();
/* Corresponding privkey: */
addr.keyPair.toWIF();
In fact every derived address is possibly also a new chain (derive() returns a new HDNode). Also your hdNode is intended to be used only for address derivation yet it has own address too (the one you have sent your funds too), just because there are no separate datatypes for addresses and for chains. To access that funds just generate private key without derivation:
hdNode.keyPair.toWIF();
On the other hand if you use Electrum instead of Core you may just extract the main key of one of address chains of an Electrum wallet (it does not work the opposite way as Electrum uses checksum for wallet seed and you cannot just import non-electrum chain). This way you will be able to independently generate new addresses (also just new addresses without privKeys, for security reasons) which would be recognized by the wallet without importing them explicitly.
By the way, https://bitcoin.stackexchange.com/ is better place to ask bitcoin-related questions.
Yes you can create address from private key using below code
const bitcoin = require('bitcoinjs-lib');
let testnet = bitcoin.networks.testnet;
const keyPair = bitcoin.ECPair.fromWIF('cQnWufBcGz5fDtAPH8DVzrayXY1BJVCohCSHhgHXV8xnWfkGKQGL', testnet )
const { address } = bitcoin.payments.p2pkh({ pubkey: keyPair.publicKey })
console.log(address)
I am using revel to build my webapplication and trying to write authentication module.
I finished with sign up part and now heading to write sign in part.
I read about security part on The definitive guide to form-based website authentication and will use this recommendation.
What I am really do not know is, how sign in works. I am imaging that the process works like this:
User write username and password into the html form and press sign in
Server receive request and the controller will check, if user information match with data on database.
If yes, how continue.
The third point is where I am staying. But I have some idea how could works and not sure, if is the right way.
So when sign in information match with the database, I would set in session object(hash datatype) key value pair signed_in: true. Everytime when the user make a request to the webapplication, that need to be authenticated, I would look in the session object, if signed_in is true or not.
This is the way I would do, but as I mentioned above, I do not know if it is the right way.
Yes like #twotwotwo mentioned, give it the user id and also a role.
So server side rendered flow: Step 1
user sends username (or other identifier) and secret.
using scrypt or bcrypt the secret is checked against the stored salted hash in the database
if it matches you create a struct or a map
serialize struct or map into string (json, msgpack, gob)
encrypt the string with AES https://github.com/gomango/utility/blob/master/crypto.go (for instance). Set a global AES key.
create a unique cookie (or session) identifier (key)
store identifier and raw struct or map in database
send encrypted cookie out (id = encrypted_struct_or_map aka the encrypted string)
On a protected resource (or page): Step 2
read identifier from cookie
check if id exists in db
decode cookie value using AES key
compare values from cookie with stored values
if user.role == "allowed_to_access_this_resource" render page
otherwise http.ResponseWriter.WriteHeader(403) or redirect to login page
Now if you wanted you could also have an application-wide rsa key and before encrypting the cookie value sign the string with the rsa private key (in Step 1). In Step 2 decode with AES key, check if signature valid, then compare content to db stored content.
On any changes you have to update the cookie values (struct/map) and the info in the database.
I'm struggling adding authenticated attributes (OCSP data) to my message using CryptoApi. I first used CryptoApi's simplified message functions, but now switch to the low-level message functions, thinking that I would be able to control the message structure better. But I am once again stuck. My process is as follows:
Initialize CMSG_SIGNER_ENCODE_INFO and CMSG_SIGNED_ENCODE_INFO structure
I create a CRYPT_ATTRIBUTE for the ocsp date and specifies it in the CMSG_SIGNER_ENCODE_INFO structure
I then call CryptMsgCalculateEncodedLength to get the size
CryptMsgOpenToEncode with CMSG_SIGNED as the message type
CryptMsgUpdate, to insert my content into the message
CryptMsgGetParam with CMSG_CONTENT_PARAM to get the encoded blob
CryptMsgClose, I'm done with the message for now.
I open the message again to get the CMSG_ENCRYPTED_DIGEST, which is sent to a TSA and the result is added as an unaunthenticated attribute using CryptMsgControl.
I'm using this to sign signature tags in Adobe. So when there is no authenticated attributes, I receive three green check from Adobe:
The document has not been modified...
The document is signed by the current user
The signature includes an embedded timestamp (and the timestamp is validate)
But as soon as the authenticated attribute is added the signer's identity is invalidated and the timestamp data in incorrect. The CMSG_COMPUTED_HASH_PARAM when authenticated attributes are added and when not, differs. Should this not be the same? Since the document digest is of the content of the document and not of the authenticated attribute.
Is there another way to add authenticated attributes? I've tried to add it as a signer using CryptMsgControl, but that did not help either...
how about this step on adding the authenticated attributes for signing, example time stamping,
CryptEncodeObject(PKCS_7_ASN_ENCODING, szOID_RSA_signingTime, &curtime, pTime, &szTime);
pTime = (BYTE *)LocalAlloc(GPTR, szTime);
CryptEncodeObject(PKCS_7_ASN_ENCODING, szOID_RSA_signingTime, &curtime, pTime, &szTime);
time_blob.cbData = szTime;
time_blob.pbData = pTime;
attrib[0].pszObjId = szOID_RSA_signingTime;
attrib[0].cValue = 1;
attrib[0].rgValue = &time_blob;
CosignerInfo.cAuthAttr = 1;
CosignerInfo.rgAuthAttr = attrib;
and that Cosigner params is from CMSG_SIGNER_ENCODE_INFO CosignerInfo;