search

BenWestgate / Bails

Bails is a Bitcoin solution protecting against surveillance, censorship, and confiscation. It installs Bitcoin Core on the encrypted Persistent Storage of Tails, creates and recovers Bitcoin Core wallets from Codex32 (BIP93) seed backups, and creates backup Bails USB sticks and shareable blank Bails USB sticks. Learn more in README.md.
MIT License
40 stars 7 forks source link

New Wallet Creation Flow w/ watch-only and amnesic wallets #59

Closed BenWestgate closed 1 month ago

BenWestgate commented 11 months ago

In one dialog choose:

Wallet Name [ Wallet [share_identifier] ]

Disable private keys for this wallet. Wallets with private keys disabled will have no private keys and cannot have an HD seed or imported private keys. This is ideal for watch-only wallets.

Prepends /tmp/ to Wallet Name causing it to be stored in tmpfs not ~/Persistent/.bitcoin and lost on shutdown.

If /tmp/ is used

  1. Display warning their wallet will be amnesic and all its labels and unused addresses will be forgotten on shutdown. Suggest making a Persistent watch-only wallet first if that is undesired. Describe it as ideal for offline signing wallets because the private keys will never be saved to the USB stick. Provide opportunity to go back.

If the user does not Disable Private Keys display:

  1. wallet encryption info
  2. wallet encryption warning
  3. wallet has been encrypted

else:

  1. watch-only wallets info. Provide Opportunity to go back
  2. how to spend from this watch-only wallet Provide opportunity to go back.

After the warnings/info is displayed:

  1. Current wallet setup complete! dialog and bitcoin-qt opens

Helps address #45 and #34 as "setup complete" is really "wallet setup complete" and the other dialogs are from install-core and don't need to display when just doing bails-wallet operations. Also creates one of the L2 features and gives a more secure set-up.

Watch only wallets can be spent by gathering the shares with their corresponding identifiers and loading them into an offline signing device or Non-persistent Wallet to sign PSBTs on the same USB. Forgetting the keys makes the user safe from rubber hose cryptanalysis.

These steps are all in series. As soon as the user confirms what they will be using or procedes with the default encrypted private keys enabled wallet. bitcoind begins importing the appropriate descriptors and will shutdown and start bitcoin-qt when it finishes.

If the user reaches the end of the information dialogs without bitcoin-qt having started. It will tell them importing descriptors can take some time and reminds them to lock the screen Super+L if they need to step away from their computer.

Alternately, bitcoin-qt could be started right after the user makes a selection so that visual progress bars can be displayed for rescanning. This is preferable since no more RAM heavy hashing needs to be done.

BenWestgate commented 11 months ago

Also now that there are watch-only wallets, there's some scenarios where bails-wallet never needs to ask for a passphrase during wallet restore. So setting "the passphrase for the wallet" should come after choosing the name and whether to disable private keys and/or make it amnesic Right before wallet encryption info. And be skipped in the disable private keys case.

BenWestgate commented 3 months ago

Decreasing priority to medium as this as both are actually L2 features for once we have offline signing. It's a bit silly to have watch only wallets without an always offline wallet. And they can effectively be created by losing the wallet passphrase.