matiu

Hoy

  var storage = new Client.FileStorage({
    filename: args.file || process.env['BIT_FILE'],
  });
  var c = new Client({
    storage: storage,
    baseUrl: args.host || process.env['BIT_HOST'],
    verbose: args.verbose,
  });

matiu

BWS Access Control

There are 3 tiers of access control

1. Access is controlled at the server

All requests to an existing wallet must be signed by a private key and are verified by the server. All copayers have a always valid private key, m/1/1, and can generate more with restricted access thru the grantAccess removeAccess API.

Extra access keys pairs are always derived from the extended master private key using m/1/x.

matiu

• createTX
  • output: 1bitcoin
  • amount: 1BTC
  • useCoinJoin: true
    • coinJoinToSignTimeout: 1hr
    • coinJoinToBroadcastTimeout: 24hr
    • coinJoinTimeoutPolicy: broadcastWithoutCoinJoin | rejectByServer

matiu

Copay

Copay is an open-source multisig wallet. Each peer is has control of her private keys, that never leave their system.

Copay is implemented in JS client-side. It can work as a:

• web app,
• a webview based mobile app,
• or a node-kit based desktop app.

matiu

Using bitcoin-abc 0.17 hash: 855043153da2d7d5d4d577eede5ecf22f2c87080,
running bitcoind with:  `-regtest -monolithactivationtime=0`


1. Base line
  - send 10 p2pkh TX/s, 10 seconds. Check CPU and IO load.
  - send 10 (small) op_ret TX/s, 100 seconds. Check CPU and IO load and mem usage.
 

2. Tests

matiu

$bitcoind getinfo
{
    "version" : 99900,
    "protocolversion" : 70002,
    "walletversion" : 60000,
    "balance" : 15.74900000,
    "blocks" : 226032,
    "timeoffset" : -4,
    "connections" : 9,

matiu

To prevent unautorized network access, Copay and Bitpay Wallet v5.3.0 and above use the following Content Security Policy (CSP)

  <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' https://bws.bitpay.com
  https://bitpay.com https://auth.shapeshift.io https://shapeshift.io https://api.coinbase.com https://coinbase.com; 
  img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:">

This restrict network connections to the listed hosts only. As a consecuence, accessing self-hosted Bitcore Wallet Service (BWS) hosts will not be allowed.

matiu

[client.js.128:payload:] [{"address":"qqgpzjullztrd0xmsvsepxl6hp575pmjsyxwyaddp4"},{"address":"qrw5340g4tt3nk47sl5zpqph5y2gd6rddswc0qaa50"},{"address":"qzy0n4tq50lpjhe560uggpvxl4j28gykcu4n4tdw8r"},{"address":"qp90c6s67nayptr8jkmnp922r5vnxg8x45zcxp7e0n"},{"address":"qzd9r0xpcd8gvd7h7qcxzcnt7z443576wsjfwkcdrr"},{"address":"qz3wv55hyqz2edh4lkt4ff6z2k276363guvypvsl6x"},{"address":"qp4wpn3mkgm2jmv9ccxwu33jpcexf7fgpqg4uzk69l"},{"address":"qrp6s5jjudzs4e8h83g3j8hgaq3dlr2mxg6g0lw7yq"},{"address":"qpupl5x86jzw79spqfm8j3nyqdnd0uhpvqdwtvu4ej"},{"address":"qrxpsy8vacx9n8yfdcyv8n9nz9mfnxaagvk8624dlt"},{"address":"qqq06s8z509gxtqcn4z0znhtt767rqzu7vuwuljrs9"},{"address":"qq77x54g58jtgpqk8tpdhzmrn5s64azqzgkxxdr7g7"},{"address":"qzu3azwgj7ctv52eugxnd5zkvdfl5mtf7ucpf0uuc4"},{"address":"qqlwf0du4qecv8ddtscu5y5g43php2q4rqxwwlr3gs"},{"address":"qpmv900hcfv8mqqh9jzxxc2zh2m7hjuqyuhjhf3393"},{"address":"qrfqmzyft2jmhdkc4kqkweclhdvus6s4lqzpflpdq5"},{"address":"qpm92wzak9muxxtyc7n8ktj32tsj9j3h55anajghxh"},{"address":"qzmdasezmcclulnfd

matiu

// cryto exports:

  return Bitcore.crypto.Hash.sha256(pk.toBuffer()).slice(0, 16).toString('base64');

// priv key validation
  $.checkArgument(Bitcore.PrivateKey.isValid(privKey), 'The private key received is invalid');

matiu

const B  = require('bitcore-lib');


// Example signature, from an actual jsonPaymentProtocol header.
const h ='6d580c9bc2fbaff7614e3a030d536417d07d6dfb93f7c8887aac4e67e27c3e32';
const s ='e7a6490572855eb8feedabe32872424a2aef5b0b0f6e8b7d1959f6621de8c15a3871283a8fa78fc292444c50dc578dc58bd924d947f2ecc4bb91c250885a518a';
const p ='03159069584176096f1c89763488b94dbc8d5e1fa7bf91f50b42f4befe4e45295a';

 
hbuf = Buffer.from(h,'hex');