| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
unconfirmed solely uses a - b, and received now accepts b so it can
provide more detailed logs on what occurred (printing a - b, yet with a
and b).
|
|
There are vulnerabilities in multisig protocol if the parties do not
trust each other, and while there is a patch for it, it has not been
throroughly reviewed yet, so it is felt safer to disable multisig by
default for now.
If all parties in a multisig setup trust each other, then it is safe
to enable multisig.
|
|
|
|
da9aa1f Copyright: Update to 2022 (mj-xmr)
|
|
|
|
|
|
|
|
f346e3e wallet_rpc_payments: implement multithreading (gdmojo)
|
|
|
|
To implement this feature, the wallet2::scan_tx API was implemented.
|
|
|
|
This reduces the attack surface for data that can come from
malicious sources (exported output and key images, multisig
transactions...) since the monero serialization is already
exposed to the outside, and the boost lib we were using had
a few known crashers.
For interoperability, a new load-deprecated-formats wallet
setting is added (off by default). This allows loading boost
format data if there is no alternative. It will likely go
at some point, along with the ability to load those.
Notably, the peer lists file still uses the boost serialization
code, as the data it stores is define in epee, while the new
serialization code is in monero, and migrating it was fairly
hairy. Since this file is local and not obtained from anyone
else, the marginal risk is minimal, but it could be migrated
later if needed.
Some tests and tools also do, this will stay as is for now.
|
|
|
|
5ef0607da Update copyright year to 2020 (SomaticFanatic)
|
|
99684e3e simplewallet: add show_qr_code command (selsta)
|
|
Thanks to iDunk for helping with Windows.
|
|
|
|
82d21f5 easylogging++: sanitize log payload (moneromooo-monero)
7d0b7e8 [master] MMS: New 'config_checksum' subcommand (rbrunner7)
|
|
|
|
|
|
Update copyright year to 2020
|
|
27d551d simplewallet: add sweep_account command (moneromooo-monero)
|
|
- choice where to enter passphrase is now made on the host
- use wipeable string in the comm stack
- wipe passphrase memory
- protocol optimizations, prepare for new firmware version
- minor fixes and improvements
- tests fixes, HF12 support
|
|
Expects an account number, then the usual sweep_all options
Useful to move monero that was accidentally sent to a subaddress
with a very large account index.
|
|
The warning about spending more than one output with similar creation
time was skipped if print-ring-members was not set, and it defaults to
false, which means most people probably aren't getting this warning if
they spend correlated outputs.
Reported by SeventhAlpaca.
|
|
94266eeb simplewallet: fix output age display with duplicate heights (moneromooo-monero)
f1d379d2 simplewallet: fix "outputs in same tx" detector (moneromooo-monero)
|
|
The highlight check was based on height, so would highlight
any output at that height, resulting in several matches if
a fake out was picked at the same height as the real spend
|
|
|
|
As reported by Tramèr et al, timing of refresh requests can be used
to see whether a password was requested (and thus at least one output
received) since this will induce a delay in subsequent calls.
To avoid this, we schedule calls at a given time instead of sleeping
for a set time (which would make delays additive).
To further avoid a scheduled call being during the time in which a
password is prompted, the actual scheduled time is now randomized.
|
|
Lists nodes exposing their RPC port for public use
|
|
Daemons intended for public use can be set up to require payment
in the form of hashes in exchange for RPC service. This enables
public daemons to receive payment for their work over a large
number of calls. This system behaves similarly to a pool, so
payment takes the form of valid blocks every so often, yielding
a large one off payment, rather than constant micropayments.
This system can also be used by third parties as a "paywall"
layer, where users of a service can pay for use by mining Monero
to the service provider's address. An example of this for web
site access is Primo, a Monero mining based website "paywall":
https://github.com/selene-kovri/primo
This has some advantages:
- incentive to run a node providing RPC services, thereby promoting the availability of third party nodes for those who can't run their own
- incentive to run your own node instead of using a third party's, thereby promoting decentralization
- decentralized: payment is done between a client and server, with no third party needed
- private: since the system is "pay as you go", you don't need to identify yourself to claim a long lived balance
- no payment occurs on the blockchain, so there is no extra transactional load
- one may mine with a beefy server, and use those credits from a phone, by reusing the client ID (at the cost of some privacy)
- no barrier to entry: anyone may run a RPC node, and your expected revenue depends on how much work you do
- Sybil resistant: if you run 1000 idle RPC nodes, you don't magically get more revenue
- no large credit balance maintained on servers, so they have no incentive to exit scam
- you can use any/many node(s), since there's little cost in switching servers
- market based prices: competition between servers to lower costs
- incentive for a distributed third party node system: if some public nodes are overused/slow, traffic can move to others
- increases network security
- helps counteract mining pools' share of the network hash rate
- zero incentive for a payer to "double spend" since a reorg does not give any money back to the miner
And some disadvantages:
- low power clients will have difficulty mining (but one can optionally mine in advance and/or with a faster machine)
- payment is "random", so a server might go a long time without a block before getting one
- a public node's overall expected payment may be small
Public nodes are expected to compete to find a suitable level for
cost of service.
The daemon can be set up this way to require payment for RPC services:
monerod --rpc-payment-address 4xxxxxx \
--rpc-payment-credits 250 --rpc-payment-difficulty 1000
These values are an example only.
The --rpc-payment-difficulty switch selects how hard each "share" should
be, similar to a mining pool. The higher the difficulty, the fewer
shares a client will find.
The --rpc-payment-credits switch selects how many credits are awarded
for each share a client finds.
Considering both options, clients will be awarded credits/difficulty
credits for every hash they calculate. For example, in the command line
above, 0.25 credits per hash. A client mining at 100 H/s will therefore
get an average of 25 credits per second.
For reference, in the current implementation, a credit is enough to
sync 20 blocks, so a 100 H/s client that's just starting to use Monero
and uses this daemon will be able to sync 500 blocks per second.
The wallet can be set to automatically mine if connected to a daemon
which requires payment for RPC usage. It will try to keep a balance
of 50000 credits, stopping mining when it's at this level, and starting
again as credits are spent. With the example above, a new client will
mine this much credits in about half an hour, and this target is enough
to sync 500000 blocks (currently about a third of the monero blockchain).
There are three new settings in the wallet:
- credits-target: this is the amount of credits a wallet will try to
reach before stopping mining. The default of 0 means 50000 credits.
- auto-mine-for-rpc-payment-threshold: this controls the minimum
credit rate which the wallet considers worth mining for. If the
daemon credits less than this ratio, the wallet will consider mining
to be not worth it. In the example above, the rate is 0.25
- persistent-rpc-client-id: if set, this allows the wallet to reuse
a client id across runs. This means a public node can tell a wallet
that's connecting is the same as one that connected previously, but
allows a wallet to keep their credit balance from one run to the
other. Since the wallet only mines to keep a small credit balance,
this is not normally worth doing. However, someone may want to mine
on a fast server, and use that credit balance on a low power device
such as a phone. If left unset, a new client ID is generated at
each wallet start, for privacy reasons.
To mine and use a credit balance on two different devices, you can
use the --rpc-client-secret-key switch. A wallet's client secret key
can be found using the new rpc_payments command in the wallet.
Note: anyone knowing your RPC client secret key is able to use your
credit balance.
The wallet has a few new commands too:
- start_mining_for_rpc: start mining to acquire more credits,
regardless of the auto mining settings
- stop_mining_for_rpc: stop mining to acquire more credits
- rpc_payments: display information about current credits with
the currently selected daemon
The node has an extra command:
- rpc_payments: display information about clients and their
balances
The node will forget about any balance for clients which have
been inactive for 6 months. Balances carry over on node restart.
|
|
93d5cf2 wallet2: add ignore-outputs-{above/below} option (stoffu)
|
|
|
|
https://github.com/aeonix/aeon/pull/131
|
|
|
|
New CLI wallet variable: export-format with options "binary" (the default),
or "ascii". "Binary" behaves as before, "ascii" forces the wallet to convert
data to ASCII using base64.
Reading files from the disk tries to auto detect what format has been
used (using a magic string added when exporting the data).
Implements https://github.com/monero-project/monero/issues/2859
|
|
65f29a8 simplewallet: add restore_height command (tobtoht)
|
|
a23dbe6 simplewallet: prompt when spending more than one old out in one tx (moneromooo-monero)
|
|
|
|
also add a note when receiving the tx, because the user
might not notice the "XXX blocks to unlock" in the balance.
|
|
|
|
I saw one when landing on www.tribler.org, and it seemed
like a good idea to have something similar, alongside some
more general "what is monero" text.
|
|
0be5b2ee simplewallet: new unset_ring command (moneromooo-monero)
|
|
a2561653 wallet: new option to start background mining (moneromooo-monero)
|
|
displays total sent and received bytes
|
|
The setup-background-mining option can be used to select
background mining when a wallet loads. The user will be asked
the first time the wallet is created.
|
|
Useful when debugging, though not much for users
|
|
These commands let one freeze outputs by key image, so they
do not appear in balance, nor are considered when creating
a transaction, etc
This is helpful when receiving an output from a suspected spy,
who might try to track your other outputs by seeing with what
other outputs it gets spent.
The frozen command may be used without parameters to list all
currently frozen outputs.
|
|
c9b13fbb tests/trezor: HF9 and HF10 tests (Dusan Klinec)
a1fd1d49 device/trezor: HF10 support added, wallet::API (Dusan Klinec)
d74d26f2 crypto: hmac_keccak added (Dusan Klinec)
|
|
- import only key images generated by cold signing process
- wallet_api: trezor methods added
- wallet: button request code added
- const added to methods
- wallet2::get_tx_key_device() tries to decrypt stored tx private keys using the device.
- simplewallet supports get_tx_key and get_tx_proof on hw device using the get_tx_key feature
- live refresh enables refresh with trezor i.e. computing key images on the fly. More convenient and efficient for users.
- device: has_ki_live_refresh added
- a thread is watching whether live refresh is being computed, if not for 30 seconds, it terminates the live refresh process - switches Trezor state
|
|
f42263eb wallet: adds rescan_bc option with preserving key images (Dusan Klinec)
|
|
- enables to perform rescan_spent / ki sync with untrusted daemon. Spent check status involves RPC calls which require trusted daemon status as it leaks information. The new call performs soft reset while preserving key images thus a sequence: refresh, ki sync / import, rescan_bc keep_ki will correctly perform spent checking without need for trusted daemon.
- useful to detect spent outputs with untrusted daemon on watch_only / multisig / hw-cold wallets after expensive key image sync.
- cli: rescan_bc keep_ki
|
|
|
|
unless --long-payment-id-support is used
|
|
5e10dee3 simplewallet: fix show_transfers colouring, and add red for failed (moneromooo-monero)
|
|
60b35c91 Add --restore-date param (Howard Chu)
|
|
|
|
Also add the type back, as it was somehow weirdly split into
two different fields, one being a union...
|
|
Estimate restore height from given date
Check date format early, error out early if invalid
|
|
|
|
When doing a first refresh on HW-token based wallet KI sync is required if money were received. Received money may indicate wallet was already used before the restore I.e., some transaction could have been already sent from the wallet. The spent UTXO would not be detected as spent which could lead to double spending errors on submitting a new transaction.
Thus if the wallet is HW-token based with the cold signing protocol and the first refresh detected received money the user is asked to perform the key image sync.
|
|
- simple device callback object added. Device can request passphrase/PIN entry via the callback or notify user some action is required
- callback is routed to wallet2, which routes the callback to i_wallet_callback so CLI or GUI wallets can support passphrase entry for HW tokens
- wallet: device open needs wallet callback first - passphrase protected device needs wallet callback so user can enter passphrase
|
|
|
|
f26ce08c wallet: add a non destructive blockchain rescan (moneromooo-monero)
|
|
|
|
|
|
* support in wallet2
* support in monero-wallet-cli
* support in monero-wallet-rpc
* support in wallet api
* support in monero-gen-trusted-multisig
* unit tests for multisig wallets creation
|
|
05edc969 simplewallet: remove obsolete transfer_original command (moneromooo-monero)
|
|
|
|
- device name is a new wallet property
- full device name is now a bit more structured so we can address particular device vendor + device path. Example: 'Ledger', 'Trezor:udp', 'Trezor:udp:127.0.0.1:21324', 'Trezor:bridge:usb01'. The part before ':' identifies HW device implementation, the optional part after ':' is device path to look for.
- new --hw-device parameter added to the wallet, can name the hardware device
- device reconnect added
|
|
|
|
The secret spend key is kept encrypted in memory, and
decrypted on the fly when needed.
Both spend and view secret keys are kept encrypted in a JSON
field in the keys file. This avoids leaving the keys in
memory due to being manipulated by the JSON I/O API.
|
|
|
|
f13c7a8 simplewallet: make sure wallet config is stored right after creation (stoffu)
|
|
a3fe1c5 simplewallet: add set_tx_key for importing tx keys from 3rd party wallets (stoffu)
|
|
|
|
|
|
|
|
|
|
3f5fb6f simplewallet: add --untrusted-daemon option (moneromooo-monero)
|
|
|
|
|
|
8ea3c4d5 simplewallet: new --use-english-language-names flag (moneromooo-monero)
|
|
On some Windows systems, displaying language names in their own
languages freezes the display.
|
|
via user setting first, then DNS TXT record, hardcoded fallback
|
|
lookahead in order to avoid
so looooong time of set-up when creating a HW based wallet.
|
|
This is so one can set rings for spent key images in case the
attackers don't merge the ring matching patch set.
|
|
|
|
If a pre-fork output is spent on both Monero and attack chain,
any post-fork output can be deduced to be a fake output, thereby
decreasing the effective ring size.
The segregate-per-fork-outputs option, on by default, allows
selecting only pre-fork outputs in this case, so that the same
ring can be used when spending it on the other side, which does
not decrease the effective ring size.
This is intended to be SET when intending to spend Monero on the
attack fork, and to be UNSET if not intending to spend Monero
on the attack fork (since it leaks the fact that the output being
spent is pre-fork).
If the user is not certain yet whether they will spend pre-fork
outputs on a key reusing fork, the key-reuse-mitigation2 option
should be SET instead.
If you use this option and intend to spend Monero on both forks,
then spend real Monero first.
|
|
This maps key images to rings, so that different forks can reuse
the rings by key image. This avoids revealing the real inputs like
would happen if two forks spent the same outputs with different
rings. This database is meant to be shared with all Monero forks
which don't bother making a new chain, putting users' privacy at
risk in the process. It is placed in a shared data directory by
default ($HOME/.shared-ringdb on UNIX like systems). You may
use --shared-ringdb-dir to override this location, and should
then do so for all Monero forks for them to share the database.
|
|
calls to wallet2
|
|
The basic approach it to delegate all sensitive data (master key, secret
ephemeral key, key derivation, ....) and related operations to the device.
As device has low memory, it does not keep itself the values
(except for view/spend keys) but once computed there are encrypted (with AES
are equivalent) and return back to monero-wallet-cli. When they need to be
manipulated by the device, they are decrypted on receive.
Moreover, using the client for storing the value in encrypted form limits
the modification in the client code. Those values are transfered from one
C-structure to another one as previously.
The code modification has been done with the wishes to be open to any
other hardware wallet. To achieve that a C++ class hw::Device has been
introduced. Two initial implementations are provided: the "default", which
remaps all calls to initial Monero code, and the "Ledger", which delegates
all calls to Ledger device.
|
|
fbc0a6dd Bugfix : Missing i18n import in simplewallet (Neozaru)
|
|
not full)
|
|
ca336c62 simplewallet: check file overwrite when exporting stuff (stoffu)
|
|
|
|
|
|
|
|
9ffa97fe Factor the monero donation address (Maxithi)
|
|
|
|
Signed-off-by: Maxithi <34792056+Maxithi@users.noreply.github.com>
|
|
5cbcf0aa wallet: support for multisig seeds (moneromooo-monero)
|
|
They are hex rather than words, because they are a lot longer
than "normal" seeds, as they have to embed a lot more information
|
|
|
|
It exports raw transactions, so they may be used by other tools,
for instance to be relayed to the network externally.
|
|
|
|
Scheme by luigi1111:
Multisig for RingCT on Monero
2 of 2
User A (coordinator):
Spendkey b,B
Viewkey a,A (shared)
User B:
Spendkey c,C
Viewkey a,A (shared)
Public Address: C+B, A
Both have their own watch only wallet via C+B, a
A will coordinate spending process (though B could easily as well, coordinator is more needed for more participants)
A and B watch for incoming outputs
B creates "half" key images for discovered output D:
I2_D = (Hs(aR)+c) * Hp(D)
B also creates 1.5 random keypairs (one scalar and 2 pubkeys; one on base G and one on base Hp(D)) for each output, storing the scalar(k) (linked to D),
and sending the pubkeys with I2_D.
A also creates "half" key images:
I1_D = (Hs(aR)+b) * Hp(D)
Then I_D = I1_D + I2_D
Having I_D allows A to check spent status of course, but more importantly allows A to actually build a transaction prefix (and thus transaction).
A builds the transaction until most of the way through MLSAG_Gen, adding the 2 pubkeys (per input) provided with I2_D
to his own generated ones where they are needed (secret row L, R).
At this point, A has a mostly completed transaction (but with an invalid/incomplete signature). A sends over the tx and includes r,
which allows B (with the recipient's address) to verify the destination and amount (by reconstructing the stealth address and decoding ecdhInfo).
B then finishes the signature by computing ss[secret_index][0] = ss[secret_index][0] + k - cc[secret_index]*c (secret indices need to be passed as well).
B can then broadcast the tx, or send it back to A for broadcasting. Once B has completed the signing (and verified the tx to be valid), he can add the full I_D
to his cache, allowing him to verify spent status as well.
NOTE:
A and B *must* present key A and B to each other with a valid signature proving they know a and b respectively.
Otherwise, trickery like the following becomes possible:
A creates viewkey a,A, spendkey b,B, and sends a,A,B to B.
B creates a fake key C = zG - B. B sends C back to A.
The combined spendkey C+B then equals zG, allowing B to spend funds at any time!
The signature fixes this, because B does not know a c corresponding to C (and thus can't produce a signature).
2 of 3
User A (coordinator)
Shared viewkey a,A
"spendkey" j,J
User B
"spendkey" k,K
User C
"spendkey" m,M
A collects K and M from B and C
B collects J and M from A and C
C collects J and K from A and B
A computes N = nG, n = Hs(jK)
A computes O = oG, o = Hs(jM)
B anc C compute P = pG, p = Hs(kM) || Hs(mK)
B and C can also compute N and O respectively if they wish to be able to coordinate
Address: N+O+P, A
The rest follows as above. The coordinator possesses 2 of 3 needed keys; he can get the other
needed part of the signature/key images from either of the other two.
Alternatively, if secure communication exists between parties:
A gives j to B
B gives k to C
C gives m to A
Address: J+K+M, A
3 of 3
Identical to 2 of 2, except the coordinator must collect the key images from both of the others.
The transaction must also be passed an additional hop: A -> B -> C (or A -> C -> B), who can then broadcast it
or send it back to A.
N-1 of N
Generally the same as 2 of 3, except participants need to be arranged in a ring to pass their keys around
(using either the secure or insecure method).
For example (ignoring viewkey so letters line up):
[4 of 5]
User: spendkey
A: a
B: b
C: c
D: d
E: e
a -> B, b -> C, c -> D, d -> E, e -> A
Order of signing does not matter, it just must reach n-1 users. A "remaining keys" list must be passed around with
the transaction so the signers know if they should use 1 or both keys.
Collecting key image parts becomes a little messy, but basically every wallet sends over both of their parts with a tag for each.
Thia way the coordinating wallet can keep track of which images have been added and which wallet they come from. Reasoning:
1. The key images must be added only once (coordinator will get key images for key a from both A and B, he must add only one to get the proper key actual key image)
2. The coordinator must keep track of which helper pubkeys came from which wallet (discussed in 2 of 2 section). The coordinator
must choose only one set to use, then include his choice in the "remaining keys" list so the other wallets know which of their keys to use.
You can generalize it further to N-2 of N or even M of N, but I'm not sure there's legitimate demand to justify the complexity. It might
also be straightforward enough to support with minimal changes from N-1 format.
You basically just give each user additional keys for each additional "-1" you desire. N-2 would be 3 keys per user, N-3 4 keys, etc.
The process is somewhat cumbersome:
To create a N/N multisig wallet:
- each participant creates a normal wallet
- each participant runs "prepare_multisig", and sends the resulting string to every other participant
- each participant runs "make_multisig N A B C D...", with N being the threshold and A B C D... being the strings received from other participants (the threshold must currently equal N)
As txes are received, participants' wallets will need to synchronize so that those new outputs may be spent:
- each participant runs "export_multisig FILENAME", and sends the FILENAME file to every other participant
- each participant runs "import_multisig A B C D...", with A B C D... being the filenames received from other participants
Then, a transaction may be initiated:
- one of the participants runs "transfer ADDRESS AMOUNT"
- this partly signed transaction will be written to the "multisig_monero_tx" file
- the initiator sends this file to another participant
- that other participant runs "sign_multisig multisig_monero_tx"
- the resulting transaction is written to the "multisig_monero_tx" file again
- if the threshold was not reached, the file must be sent to another participant, until enough have signed
- the last participant to sign runs "submit_multisig multisig_monero_tx" to relay the transaction to the Monero network
|
|
Scheme by luigi1111
|
|
|
|
|
|
|
|
- refactoring: proof generation/checking code was moved from simplewallet.cpp to wallet2.cpp
- allow an arbitrary message to be signed together with txid
- introduce two types (outbound & inbound) of tx proofs; with the same syntax, inbound is selected when <address> belongs to this wallet, outbound otherwise. see GitHub thread for more discussion
- wallet RPC: added get_tx_key, check_tx_key, get_tx_proof, check_tx_proof
- wallet API: moved WalletManagerImpl::checkPayment to Wallet::checkTxKey, added Wallet::getTxProof/checkTxProof
- get_tx_key/check_tx_key: handle additional tx keys by concatenating them into a single string
|
|
|
|
|
|
|
|
4090e8c6 simplewallet: add get/set for refresh-from-height (moneromooo-monero)
|
|
7b8d3ec6 wallet-cli: add --do-not-relay option (stoffu)
|
|
|
|
|
|
|
|
|
|
651baaec wallet: add encrypted seed functionality (moneromooo-monero)
|
|
840aed1c monero-wallet-cli: New command 'wallet_info' improved (rbrunner7)
9bdd985c monero-wallet-cli: New command 'wallet_info' (rbrunner7)
|
|
This uses luigi1111's CN_Add method.
See https://xmr.llcoins.net for details.
|
|
|
|
including expected transaction backlog at different priorities
|
|
|
|
dee41efa simplewallet: mnemonic language command-line arg (Eugene Otto)
|
|
b7d6ec83 simplewallet: add (out of sync) or (no daemon) markers in the prompt (moneromooo-monero)
fa23a500 wallet2: add a is_synced function (moneromooo-monero)
f1307bbd node_rpc_proxy: add a proxy for target height (moneromooo-monero)
|
|
Add `--mnemonic-language` command-line arg so it's possible to generate a wallet
without interacting with the CLI.
|
|
|
|
Should help people who don't realize why they haven't seen their
monero yet.
|
|
Asks user for all the data required to merge secret keys from multisig wallets into one master wallet, which then gets full control of the multisig wallet. The resulting wallet will be the same as any other regular wallet.
|
|
not the actual tx secret key
|
|
This is trivial, but often requested, and possibly hard to do
in Windows. That makes it more user friendly.
|
|
It sweeps all outputs below the given threshold
This is available via the existing sweep_all RPC, by setting
amount_threshold the desired amount (in atomic units)
|
|
With the change from the original transfer method to the new
algorithm, payments to the same destination were merged. It
seemed like a good idea, optimizing space. However, it is a
useful tool for people who want to split large outputs into
several smaller ones (ie, service providers making frequent
payments, and who do not like a large chunk of their balance
being locked for 10 blocks after each payment).
Default to off, which is a change from the previous behavior.
|
|
When a single input is enough to satisfy a transfer, the code would
previously try to add a second input, to match the "canonical" makeup
of a transaction with two inputs and two outputs. This would cause
wallets to slowly merge outputs till all the monero ends up in a
single output, which causes trouble when making two transactions
one after the other, since change is locked for 10 blocks, and an
increasing portion of the remaining balance would end up locked on
each transaction.
There are two new settings (min-output-count and min-output-value)
which can control when to stop adding such unneeded second outputs.
The idea is that small "dust" outputs will still get added, but
larger ones will not.
Enable with, eg:
set min-output-count 10
set min-output-value 30
to avoid using an unneeded second output of 30 monero or more, if
there would be less than 10 such outputs left.
This does not invalidate any other reason why such outputs would
be used (ie, when they're really needed to satisfy a transfer, or
when randomly picked in the normal course of selection). This may
be improved in the future.
|
|
2c468dd4 allow user I/O in millinero, micronero, nanonero, piconero (moneromooo-monero)
|
|
|
|
|
|
|
|
ce7fcbb4 Add server auth to monerod, and client auth to wallet-cli and wallet-rpc (Lee Clagett)
|
|
|
|
|
|
f97526e6 simplewallet: option to always ask password for any crytical operations (kenshi84)
|
|
|
|
|
|
This replaces the epee and data_loggers logging systems with
a single one, and also adds filename:line and explicit severity
levels. Categories may be defined, and logging severity set
by category (or set of categories). epee style 0-4 log level
maps to a sensible severity configuration. Log files now also
rotate when reaching 100 MB.
To select which logs to output, use the MONERO_LOGS environment
variable, with a comma separated list of categories (globs are
supported), with their requested severity level after a colon.
If a log matches more than one such setting, the last one in
the configuration string applies. A few examples:
This one is (mostly) silent, only outputting fatal errors:
MONERO_LOGS=*:FATAL
This one is very verbose:
MONERO_LOGS=*:TRACE
This one is totally silent (logwise):
MONERO_LOGS=""
This one outputs all errors and warnings, except for the
"verify" category, which prints just fatal errors (the verify
category is used for logs about incoming transactions and
blocks, and it is expected that some/many will fail to verify,
hence we don't want the spam):
MONERO_LOGS=*:WARNING,verify:FATAL
Log levels are, in decreasing order of priority:
FATAL, ERROR, WARNING, INFO, DEBUG, TRACE
Subcategories may be added using prefixes and globs. This
example will output net.p2p logs at the TRACE level, but all
other net* logs only at INFO:
MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE
Logs which are intended for the user (which Monero was using
a lot through epee, but really isn't a nice way to go things)
should use the "global" category. There are a few helper macros
for using this category, eg: MGINFO("this shows up by default")
or MGINFO_RED("this is red"), to try to keep a similar look
and feel for now.
Existing epee log macros still exist, and map to the new log
levels, but since they're used as a "user facing" UI element
as much as a logging system, they often don't map well to log
severities (ie, a log level 0 log may be an error, or may be
something we want the user to see, such as an important info).
In those cases, I tried to use the new macros. In other cases,
I left the existing macros in. When modifying logs, it is
probably best to switch to the new macros with explicit levels.
The --log-level options and set_log commands now also accept
category settings, in addition to the epee style log levels.
|
|
db56a03f Wallet2 + API: Callbacks for unconfirmed transfers (Jaquee)
|
|
|
|
|
|
c2135082 simplewallet: add a show_transfer <txid> command (moneromooo-monero)
19c4041d wallet_rpc_server: new RPC call to get a transfer by txid (moneromooo-monero)
|
|
adee1644 wallet cli: print unspent outputs with histogram (kenshi84)
|
|
38f00d07 wallet cli: viewing and editing address book (kenshi84)
|
|
|
|
|
|
tools::dns_utils; support integrated address with dns lookup
|
|
|
|
|
|
|
|
When passing around unsigned and signed transactions, outputs
and key images are passed along (outputs are passed along unsigned
transactions from the hot wallet to the cold wallet, key images
are passed along with signed transations from the cold wallet
to the hot wallet), to allow more user friendly syncing between
hot and cold wallets.
|
|
|
|
bb560dd wallet: new import_outputs/export_outputs commands (moneromooo-monero)
|
|
The intended use is to export outputs from a hot wallet, which
can scan incoming transfers from the network, and import them
in the cold wallet, which can't. The cold wallet can then compute
key images for those outputs, which can then be exported with
export_key_images, etc.
|
|
This is on the potentially compromised wallet, but still guards
against stupid mistakes.
|
|
714ee99 Fix description for locked_transfer (Oyvind Kvanes)
71538f3 Rename to lockblocks and add max value (Oyvind Kvanes)
68ac060 Fix locked_transfer (Oyvind Kvanes)
7d020bd Add locked_transfer (Oyvind Kvanes)
d5f918a Revert transfer_main in simplewallet (Oyvind Kvanes)
3451963 Add motifications to test out locked_transfer (Oyvind Kvanes)
e5e6d88 Add more information to transaction in wallet (Oyvind Kvanes)
9b8a062 Make a small test change (Oyvind Kvanes)
|
|
80b4da3 wallet: wallet option to confirm transfers with no payment id (moneromooo-monero)
|
|
set confirm-missing-payment-id 0|1
Defaults to true.
|
|
|
|
This change adds the ability to create a new unsigned transaction
from a watch only wallet, and save it to a file. This file can
then be moved to another computer/VM where a cold wallet may load
it, sign it, and save it. That cold wallet does not need to have
a blockchain nor daemon. The signed transaction file can then be
moved back to the watch only wallet, which can load it and send
it to the daemon.
Two new simplewallet commands to use it:
sign_transfer (on the cold wallet)
submit_transfer (on the watch only wallet)
The transfer command used on a watch only wallet now writes an
unsigned transaction set in a file called 'unsigned_monero_tx'
instead of submitting the tx to the daemon as a normal wallet does.
The signed tx file is called 'signed_monero_tx'.
|
|
We keep 1, 2, 3 multipliers till the fee decrase from 0.01/kB
to 0.002/kB, where we start using 1, 20, 166 multipliers.
This ensures the higher multiplier will compensate for the
block reward penalty when pushing past 100% of the past median.
The fee-multiplier wallet setting is now rename to priority,
since it keeps its [0..3] range, but maps to different multiplier
values.
|
|
The "transfer" simplewallet command is renamed to "transfer_original".
"transfer_new" is renamed "transfer", "transfer_rct" is removed,
and the new "transfer" now selects rct or non rct transactions
based on the current block height.
|
|
It is not yet constrained to a fork, so don't use on the real network
or you'll be orphaned or rejected.
|
|
709c724 Better fix (#4) (hyc)
d2644c1 fix restore-deterministic height (luigi1111)
|
|
da1007f simplewallet: make the refresh thread into more generic idle thread (moneromooo-monero)
|
|
|
|
|
|
Squashed commit of the following:
commit 9af9e4223b58bbb65a3519af2c2bfc273cbd23d6
fixed some formatting
commit c7920e1cf88ff46eb9294101344d9a567f22e2da
Merge: 97eb28b 1da1c68
fix#864 fix using boolean
commit 97eb28ba5dd49ddde8c8785f39b24d955e5de31c
Fix #864 boolean value used to verify on new wallet
commit 1da1c68bd3a9a373c70482b6e6e95251096149f1
fix #864 changed to boolean to prompt for verify
commit 5bee96652434762d2c91ce31a1b1c9f169446ddc
fix 864; made variable names easier for understanding branching.
commit 45715960d30293f781b2ff9e5e647c2ec893f4a3
fix #864; allow password to be entered twice for new wallets for verification.
fix #864 password entry verification; ammended boolean
fix #864 ; default constructor for password_container should set verify=true
|
|
They are used to export a signed set of key images from a wallet
with a private spend key, so an auditor with the matching view key
may see which of those are spent, and which are not.
|
|
014f3a0 Add a daemon RPC version, and make simplewallet check it (moneromooo-monero)
|
|
Signing is done using the spend key, since the view key may
be shared. This could be extended later, to let the user choose
which key (even a per tx key).
simplewallet's sign/verify API uses a file. The RPC uses a
string (simplewallet can't easily do strings since commands
receive a tokenized set of arguments).
|
|
If the version is different, simplewallet will refuse to use that
daemon, unless --allow-mismatched-daemon-version is used.
|
|
Fee can now be multiplied by 2 or 3, if users want to give
priority to their transactions. There are only three levels
to avoid too much fingerprinting. Default is 1 (minimum fee).
The default multiplier can be set by "set fee-multiplier X".
|
|
It matches the daemon, and should allow people who're suspicious
of the background refresh to know they're synced.
|
|
|
|
4b1c0d6 simplewallet: some background refresh threading fixes (moneromooo-monero)
|
|
b0850a9 wallet: add a new sweep_all command and RPC command (moneromooo-monero)
|
|
We want to lock operations which access the blockchain in
wallet2. We also want the background refresh to happen again
when we cancel a foreground refresh. Wrap the locking setup
in a macro so it doesn't get copy/pasted/mangled, and use
a scope exit trick to ensure it's always properly restored.
|
|
This sends all outputs in a wallet to a given address, alleviating
the difficulty people have had trying to send all monero but
being left with some small amount left.
|
|
For specifying the block height from which to start a restore
|
|
With the change in mixin rules for v2, the "annoying" outputs are
slightly changed. There is high correlation between dust and
unmixable, but no equivalence.
|
|
It takes a filename containing JSON data to generate a wallet.
The following fields are valid:
version: integer, should be 1
filename: string, path/filename for the newly created wallet
scan_from_height: 64 bit unsigned integer, optional
password: string, optional
viewkey: string, hex representation
spendkey: string, hex representation
seed: string, optional, list of words separated by spaces
Either seed or private keys should be given. If using private
keys, the spend key may be omitted (the wallet will not be
able to spend, but will see incoming transactions).
If scan_from_height is given, blocks below this height will not
be checked for transactions as an optimization.
|
|
and all other associated IPC
|
|
It is similar in use to --restore-from-view-key, but also expects
a spend private key.
Requested by luigi1112, and useful to restore MyMonero wallets.
|
|
Some of it uses hardcoded height, which will need some thinking
for next (voted upon) fork.
|
|
|
|
|
|
Blockchain hashes and key images are flushed, and blocks are
pulled anew from the daemon.
The console command is shortened to match bc_height.
This should make it a lot easier on users who are currently
told to remove this particular cache file but keep the keys
one, etc, etc.
|
|
instead of a command line setting. It makes sense that is is
a long lived setting.
|
