Closed alexiusstrauss closed 3 years ago
beeb
commented
3 years ago Hey! That's already the behavior of the bot currently. If no environment variable exists for the secret key, a prompt comes up in the console where the bot was run. No telegram command exists for this as I don't want this sensitive information going over the network.
alexiusstrauss
commented
3 years ago I understand that the prompt asks for the secret key!
but I told the user to inform the secret key in the telegram bot and not in a variable or via the system prompt:
Example... we started the bot... and when giving /start the bot asked for the wallet's secret key...
alexiusstrauss
commented
3 years ago but could you help me implement this option .. because I use 1 server for the bot and sometimes I would like to change a wallet that I will use ... and I would like to do it in the telegram ... with bot interaction and not with access to the server via prompt ..
if possible, send me your telegram for you to help me implement this functionality.
beeb
commented
3 years ago This is not something i want to implement because of the security concerns of sending the private key over through the telegram servers. You can run multiple instances of the bot on one server to cater to your needs, each would have its own config file and telegram bot token. You then use the appropriate conversation to interact with each bot instance. In case you really need such a feature, feel free to fork the project and implement it, but it won't be merged into this repo. Also, unfortunately I'm not available for coding support through chat.
alexiusstrauss
commented
3 years ago Right. I understand your preoccupation. and I don't want to implement it in the main project. I would just like help to implement it in a version that I will use personally.
could help me or implement in a version and submit... would be willing to pay if you feel the need for the functionality...
I would just like to run the project on the server and through the bot... send 3 values that will be defined to the configuration file... example: Name and secret key of the wallet.
and then automatically the bot would start in the informed wallet ... because you understand .. I have some friends who liked the idea but will not feel safe informing the private key for me to add to the server.
if possible let me know if you can help me or implement this part of the project for me to use.
beeb
commented
3 years ago Hi,
I understand your needs and that's unfortunately not planned to be implemented. Your friends can rent a virtualized server for 5 bucks a month over at linode or other service providers and install their own instance of the bot (very easy with docker). That's how I recommended my friends go about having their own bot.
Even if this feature was implemented (it will not be), any person which enough knowledge could extract the private key information of your users if they had access to the server (that would be you) so your friends should not feel safe anyway. So I refuse to put anyone in this situation where they send their private key to someone else's server.
Not to mention that their private key would now be stored on telegram's servers, even if encrypted it's still a liability.
Add Passphrase when starting the bot.
it would be interesting if the user, when interacting with the bot, was asked for the passphrase of the wallet to initiate transactions..
I understand that when starting the project on linux the passphrase is passed or via the conf file... but the bot could request this information (giving a little more sense of security for those who will use the bot).
Example:
to /start - bot prompts for wallet passphrase....