From: Aymeric Vitte <aymeric@peersm.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP Proposal: Wallet Interface
Date: Fri, 25 Dec 2020 12:49:11 +0100 [thread overview]
Message-ID: <466af0d2-c1ac-04c5-83b9-ce6d44a4958e@peersm.com> (raw)
In-Reply-To: <96a93692-b564-91df-9194-1373d805c434@peersm.com>
[-- Attachment #1: Type: text/plain, Size: 12629 bytes --]
Resending to the list since I am using a different email
Complement: if anonymity is required from the browser (or elsewhere) you
might consider looking at https://github.com/Ayms/node-Tor too
Le 24/12/2020 à 20:40, Aymeric Vitte a écrit :
>
> You might want to take a look at: https://peersm.com/wallet
>
> And https://github.com/Ayms/bitcoin-transactions
>
> "wallet" is not the very correct word, it's more bitcoin cli outside
> of bitcoin core but for now not linked to an explorer/tx system which
> makes it probably still not so easy to use for the transactions part
> (which can be extended to lightning, etc)
>
> The idea is to propose to people most of the tools they need to manage
> their coins by themselves, or at least understand better what they are
> doing
>
> "People should not be encouraged to write or use web browsers for
> their wallet." --> yes and no, please crack the standalone webapp
> above, so it's finally a no when things are done correctly, of course
> there is no story of keys storage inside browsers or online stuff with
> keys
>
> Maybe this can be turned one day into a w3c api like webcrypto
> (window.bitcoin as you sketch)
>
> Le 23/12/2020 à 08:29, monokh via bitcoin-dev a écrit :
>> Thanks for the input Luke.
>>
>> > 1) People should not be encouraged to write or use web browsers for
>> their wallet.
>>
>> Indeed. Holding keys in the browser can be very insecure, however the
>> spec is not limited to this. I will amend to make this clear. The
>> same interface can be used to communicate from a web context or even
>> desktop application with hardware wallets where keys are segregated
>> safely. The prominent hardware wallets already have such an
>> interface. Unfortunately as there has been no standardisation, an
>> application must specifically provide an implementation for each
>> wallet to be compatible.
>>
>> > 2) You may want to look over earlier work in this area.
>>
>> Please share if you have specifics in mind. What has been considered
>> were mainly hardware wallet apis. The requests have been defined such
>> that they would be compatible. I will make references to such
>> considerations in the text. I welcome any feedback on what may be
>> missing or problematic for these providers - something I will also
>> pursue outwith the thread.
>>
>> -monokh
>>
>> On Wed, Dec 23, 2020 at 2:15 AM Luke Dashjr <luke@dashjr.org
>> <mailto:luke@dashjr.org>> wrote:
>>
>> 1) People should not be encouraged to write or use web browsers
>> for their
>> wallet.
>> 2) You may want to look over earlier work in this area.
>>
>> On Tuesday 22 December 2020 14:43:11 monokh via bitcoin-dev wrote:
>> > Hi
>> >
>> > This is a first draft of a BIP we intend to submit. The main
>> intention is
>> > to define a simple interface that wallets and applications can
>> agree on
>> > that would cover the vast majority of use cases. This can
>> enable writing
>> > bitcoin applications (e.g. time lock, multi sig) on the web
>> that can be
>> > seamlessly used with any compatible wallets. We have
>> implementations of
>> > such examples but I don't want to turn this thread into a
>> promotion and
>> > rather focus on the spec.
>> >
>> > Appreciate input from the list. Please share if there are
>> existing efforts,
>> > relevant specs or use cases.
>> >
>> > ------------------------------
>> >
>> > A wallet interface specification for bitcoin applications
>> >
>> > ## Abstract
>> >
>> > This BIP describes an API for Bitcoin wallets and applications as a
>> > standard.
>> >
>> > ## Summary
>> >
>> > Bitcoin wallets should expose their address derivation and signing
>> > functions to external applications. The interface would be
>> expressed as
>> > follows in javascript:
>> >
>> > ```
>> > {
>> > // Wallet Metadata
>> > wallet: {
>> > name: 'Bitcoin Core'
>> > },
>> >
>> > // Request access to the wallet for the current host
>> > async enable: (),
>> >
>> > // Request addresses and signatures from wallet
>> > async request ({ method, params })
>> > }
>> > ```
>> >
>> > In the web context the interface could be exposed at the top
>> level of a
>> > webpage, for example under `window.bitcoin`. However this spec
>> does not
>> > intend to define any standards for how and where the interfaces
>> should be
>> > exposed.
>> >
>> > ## Motivation
>> >
>> > Due to the seldom available APIs exposed by wallets,
>> applications (web or
>> > otherwise) are limited in how they are able to interact.
>> Generally only
>> > simple sends have been available. A more robust API that
>> introduces other
>> > requests will promote richer Bitcoin applications.
>> >
>> > Additionally, wallet APIs have frequently included
>> inconsistencies in their
>> > interfaces and behaviour. This has required applications to
>> build and
>> > maintain a separate client for each wallet, increasing the risk
>> of bugs and
>> > unintended behaviour as well as being a limiting factor for the
>> adoption of
>> > usable bitcoin applications.
>> >
>> > With a standardised wallet API:
>> >
>> > - Wallets have a clear API to implement
>> > - Applications have a clear expectation of wallet interface and
>> behaviour
>> > - Applications become agnostic to the wallet specifics,
>> increasing choice
>> > for users
>> >
>> > If more wallets implement the specification, applications will
>> be developed
>> > more confidently by benefiting from the wallet
>> interoperability. This
>> > creates a positive feedback loop.
>> >
>> > ## Specification
>> >
>> > For simplicity, the interface is defined in the context of web
>> applications
>> > running in the browser (JS) however, they are simple enough to
>> be easily
>> > implemented in other contexts.
>> >
>> > ### General Rules
>> >
>> > - For sensitive functions (e.g. signing), wallet software
>> should always
>> > prompt the user for confirmation
>> >
>> > ### Types
>> >
>> > **UserDeniedError**
>> > An error type indicating that the application's request has
>> been denied by
>> > the user
>> > Type: Error
>> >
>> > **Hex**
>> > Type: String
>> > Example:
>> >
>> `"0000000000000000000a24677957d1e50d70e67c513d220dbe8868c4c3aefc08"`
>> >
>> > **Address**
>> > Address details
>> > Type: Object
>> > Example:
>> >
>> > ```
>> > {
>> > "address": "bc1qn0fqlzamcfuahq6xuujrq08ex7e26agt20gexs",
>> > "publicKey":
>> >
>> "02ad58c0dced71a236f4073c3b6f0ee27dde6fe96978e9a9c9500172e3f1886e5a",
>> > "derivationPath": "84'/1'/0'/0/0"
>> > }
>> > ```
>> >
>> > ### API
>> >
>> > The wallet must implement the following methods.
>> >
>> > **enable**
>> >
>> > The enable call prompts the user for access to the wallet.
>> >
>> > If successful, it resolves to an address (`**Address**` type)
>> of the
>> > wallet. Typically the first external address to be used as an
>> identity.
>> >
>> > **`UserDeniedError`** will be thrown if the request is rejected.
>> >
>> > **request**
>> >
>> > The request method must take one parameter in the following format:
>> >
>> > ```
>> > {
>> > "method": "wallet_methodName",
>> > "params": ["foo", "bar", "baz"]
>> > }
>> > ```
>> >
>> > For a list of mandatory methods see Table
>> >
>> > The wallet should reject request calls unless `enable` has been
>> resolved.
>> >
>> > Sensitive requests that involve signing should always prompt
>> the user for
>> > confirmation
>> >
>> > On success the request should resolve to the response as
>> defined in the
>> > method table.
>> >
>> > **`UserDeniedError`** will be thrown if the request is rejected.
>> >
>> > **Mandatory methods**
>> >
>> > method: `wallet_getAddresses` params: [`index = 0, numAddresses
>> = 1, change
>> > = false`]
>> > return: `[ Address ]`
>> > error: UserDeniedError
>> >
>> > method: `wallet_signMessage` params: `[ message, address ]`
>> > return: Signature `Hex`
>> > error: UserDeniedError
>> >
>> > method: `wallet_signPSBT` params: `[ [psbtBase64, inputIndex,
>> address] ]`
>> > return: `psbtBase64`
>> > error: UserDeniedError
>> >
>> > method: `wallet_getConnectedNetwork` params: `[]`
>> > return: Network object `mainnet` | `testnet` | `regetst`
>> > error: UserDeniedError
>> >
>> > ## Rationale
>> >
>> > The purpose of the API is to expose a set of commonly used wallet
>> > operations. In addition, it should be flexible enough to serve
>> for other
>> > requests such as node RPC calls.
>> >
>> > **Why is there a singular request call instead of named methods?**
>> > The transport layer for the requests cannot be assumed,
>> therefore it is
>> > much more flexible to instead define an abstract format.
>> >
>> > **Why are the mandatory methods so primitive? Where is getBalance,
>> > getUtxos, ... ?**
>> > A wallet need not worry about providing every possible scenario
>> for usage.
>> > The primitives of keys and signing can expose enough to
>> applications to do
>> > the rest. Applications should have flexibility in how they
>> implement these
>> > functions. It is the role of a library rather than the wallet.
>> >
>> > ## Security Implications
>> >
>> > Great care should be taken when exposing wallet functionality
>> externally as
>> > the security and privacy of the user is at risk.
>> >
>> > ### Signing
>> >
>> > Operations that trigger signing using private keys should be
>> guarded behind
>> > confirmation screens where the user is fully aware of the
>> nature of the
>> > transaction. In the example of a PSBT signature request, the
>> outputs, the
>> > inputs and which key is being used should be clearly marked.
>> >
>> > ### Privacy
>> >
>> > Some api methods expose metadata about the user, such as public
>> keys.
>> > Depending on how privacy focused the wallet intends to be, the
>> wallet could
>> > protect these behind a confirmation. Commonly the wallet just
>> needs to give
>> > the origin access to all of its public keys, however it could
>> also allow
>> > the option to expose only selected derivation paths.
>> >
>> > -monokh
>>
>>
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
> --
> Sophia-Antipolis, France
> LinkedIn: https://fr.linkedin.com/in/aymeric-vitte-05855b26
> Move your coins by yourself (browser version): https://peersm.com/wallet
> Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
> Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
> Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
> Get the torrent dynamic blocklist: http://peersm.com/getblocklist
> Check the 10 M passwords list: http://peersm.com/findmyass
> Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
> Peersm : http://www.peersm.com
> torrent-live: https://github.com/Ayms/torrent-live
> node-Tor : https://www.github.com/Ayms/node-Tor
> GitHub : https://www.github.com/Ayms
--
Sophia-Antipolis, France
LinkedIn: https://fr.linkedin.com/in/aymeric-vitte-05855b26
Move your coins by yourself (browser version): https://peersm.com/wallet
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
[-- Attachment #2: Type: text/html, Size: 19972 bytes --]
next prev parent reply other threads:[~2020-12-25 11:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-22 14:43 [bitcoin-dev] BIP Proposal: Wallet Interface monokh
2020-12-23 2:15 ` Luke Dashjr
2020-12-23 7:29 ` monokh
2020-12-23 11:44 ` Omar Shibli
[not found] ` <96a93692-b564-91df-9194-1373d805c434@peersm.com>
2020-12-25 11:49 ` Aymeric Vitte [this message]
2020-12-23 21:13 ` Erik Aronesty
2020-12-25 18:11 ` Shane Jonas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=466af0d2-c1ac-04c5-83b9-ce6d44a4958e@peersm.com \
--to=aymeric@peersm.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox