aboutsummaryrefslogtreecommitdiff
path: root/src/simplewallet/simplewallet.h (follow)
AgeCommit message (Collapse)AuthorFilesLines
2022-04-18Bump ring size to 16 for v15 & remove set default in wallet clij-berman1-1/+0
2022-04-06Merge pull request #8197luigi11111-1/+1
da9aa1f Copyright: Update to 2022 (mj-xmr)
2022-03-10Make the wallet name optional when locked.Norman Moeschter1-0/+1
2022-03-04Copyright: Update to 2022mj-xmr1-1/+1
2022-02-22multisig key exchange update and refactorkoe1-1/+0
2021-03-29Merge pull request #7358luigi11111-0/+1
f346e3e wallet_rpc_payments: implement multithreading (gdmojo)
2021-02-20wallet_rpc_payments: implement multithreadinggdmojo1-0/+1
2021-02-17monero-wallet-cli: Added command scan_txHoria Mihai David1-0/+1
To implement this feature, the wallet2::scan_tx API was implemented.
2020-10-13wallet2: skip reorgs exceeding max-reorg-depth wallet settingxiphon1-0/+1
2020-08-17replace most boost serialization with existing monero serializationmoneromooo-monero1-0/+1
This reduces the attack surface for data that can come from malicious sources (exported output and key images, multisig transactions...) since the monero serialization is already exposed to the outside, and the boost lib we were using had a few known crashers. For interoperability, a new load-deprecated-formats wallet setting is added (off by default). This allows loading boost format data if there is no alternative. It will likely go at some point, along with the ability to load those. Notably, the peer lists file still uses the boost serialization code, as the data it stores is define in epee, while the new serialization code is in monero, and migrating it was fairly hairy. Since this file is local and not obtained from anyone else, the marginal risk is minimal, but it could be migrated later if needed. Some tests and tools also do, this will stay as is for now.
2020-07-24Wallet, daemon: From 'help_advanced' back to 'help', and new 'apropos' commandrbrunner71-1/+1
2020-07-19Merge pull request #6512Alexander Blair1-1/+1
5ef0607da Update copyright year to 2020 (SomaticFanatic)
2020-07-16Merge pull request #6488Alexander Blair1-0/+1
99684e3e simplewallet: add show_qr_code command (selsta)
2020-06-21simplewallet: add show_qr_code commandselsta1-0/+1
Thanks to iDunk for helping with Windows.
2020-06-09repo: update donation fund addressselsta1-1/+1
2020-06-08Merge pull request #6549luigi11111-0/+2
82d21f5 easylogging++: sanitize log payload (moneromooo-monero) 7d0b7e8 [master] MMS: New 'config_checksum' subcommand (rbrunner7)
2020-05-24[master] MMS: New 'config_checksum' subcommandrbrunner71-0/+2
2020-05-13simplewallet: don't complain about incoming payment ids on changemoneromooo-monero1-1/+1
2020-05-06Update copyright year to 2020SomaticFanatic1-1/+1
Update copyright year to 2020
2020-05-01Merge pull request #6449luigi11111-1/+2
27d551d simplewallet: add sweep_account command (moneromooo-monero)
2020-04-27trezor: adapt to new passphrase mechanismDusan Klinec1-1/+1
- choice where to enter passphrase is now made on the host - use wipeable string in the comm stack - wipe passphrase memory - protocol optimizations, prepare for new firmware version - minor fixes and improvements - tests fixes, HF12 support
2020-04-14simplewallet: add sweep_account commandmoneromooo-monero1-1/+2
Expects an account number, then the usual sweep_all options Useful to move monero that was accidentally sent to a subaddress with a very large account index.
2020-03-28simplewallet: warn about correlations if print-ring-members is not setmoneromooo-monero1-1/+1
The warning about spending more than one output with similar creation time was skipped if print-ring-members was not set, and it defaults to false, which means most people probably aren't getting this warning if they spend correlated outputs. Reported by SeventhAlpaca.
2020-02-28Merge pull request #6213Alexander Blair1-1/+1
94266eeb simplewallet: fix output age display with duplicate heights (moneromooo-monero) f1d379d2 simplewallet: fix "outputs in same tx" detector (moneromooo-monero)
2019-12-03simplewallet: fix output age display with duplicate heightsmoneromooo-monero1-1/+1
The highlight check was based on height, so would highlight any output at that height, resulting in several matches if a fake out was picked at the same height as the real spend
2019-11-13simplewallet: noob-friendly help menuwowario1-0/+1
2019-11-02simplewallet: plug a timing leakmoneromooo-monero1-3/+5
As reported by Tramèr et al, timing of refresh requests can be used to see whether a password was requested (and thus at least one output received) since this will induce a delay in subsequent calls. To avoid this, we schedule calls at a given time instead of sleeping for a set time (which would make delays additive). To further avoid a scheduled call being during the time in which a password is prompted, the actual scheduled time is now randomized.
2019-10-25simplewallet: add public_nodes commandmoneromooo-monero1-0/+5
Lists nodes exposing their RPC port for public use
2019-10-25daemon, wallet: new pay for RPC use systemmoneromooo-monero1-0/+17
Daemons intended for public use can be set up to require payment in the form of hashes in exchange for RPC service. This enables public daemons to receive payment for their work over a large number of calls. This system behaves similarly to a pool, so payment takes the form of valid blocks every so often, yielding a large one off payment, rather than constant micropayments. This system can also be used by third parties as a "paywall" layer, where users of a service can pay for use by mining Monero to the service provider's address. An example of this for web site access is Primo, a Monero mining based website "paywall": https://github.com/selene-kovri/primo This has some advantages: - incentive to run a node providing RPC services, thereby promoting the availability of third party nodes for those who can't run their own - incentive to run your own node instead of using a third party's, thereby promoting decentralization - decentralized: payment is done between a client and server, with no third party needed - private: since the system is "pay as you go", you don't need to identify yourself to claim a long lived balance - no payment occurs on the blockchain, so there is no extra transactional load - one may mine with a beefy server, and use those credits from a phone, by reusing the client ID (at the cost of some privacy) - no barrier to entry: anyone may run a RPC node, and your expected revenue depends on how much work you do - Sybil resistant: if you run 1000 idle RPC nodes, you don't magically get more revenue - no large credit balance maintained on servers, so they have no incentive to exit scam - you can use any/many node(s), since there's little cost in switching servers - market based prices: competition between servers to lower costs - incentive for a distributed third party node system: if some public nodes are overused/slow, traffic can move to others - increases network security - helps counteract mining pools' share of the network hash rate - zero incentive for a payer to "double spend" since a reorg does not give any money back to the miner And some disadvantages: - low power clients will have difficulty mining (but one can optionally mine in advance and/or with a faster machine) - payment is "random", so a server might go a long time without a block before getting one - a public node's overall expected payment may be small Public nodes are expected to compete to find a suitable level for cost of service. The daemon can be set up this way to require payment for RPC services: monerod --rpc-payment-address 4xxxxxx \ --rpc-payment-credits 250 --rpc-payment-difficulty 1000 These values are an example only. The --rpc-payment-difficulty switch selects how hard each "share" should be, similar to a mining pool. The higher the difficulty, the fewer shares a client will find. The --rpc-payment-credits switch selects how many credits are awarded for each share a client finds. Considering both options, clients will be awarded credits/difficulty credits for every hash they calculate. For example, in the command line above, 0.25 credits per hash. A client mining at 100 H/s will therefore get an average of 25 credits per second. For reference, in the current implementation, a credit is enough to sync 20 blocks, so a 100 H/s client that's just starting to use Monero and uses this daemon will be able to sync 500 blocks per second. The wallet can be set to automatically mine if connected to a daemon which requires payment for RPC usage. It will try to keep a balance of 50000 credits, stopping mining when it's at this level, and starting again as credits are spent. With the example above, a new client will mine this much credits in about half an hour, and this target is enough to sync 500000 blocks (currently about a third of the monero blockchain). There are three new settings in the wallet: - credits-target: this is the amount of credits a wallet will try to reach before stopping mining. The default of 0 means 50000 credits. - auto-mine-for-rpc-payment-threshold: this controls the minimum credit rate which the wallet considers worth mining for. If the daemon credits less than this ratio, the wallet will consider mining to be not worth it. In the example above, the rate is 0.25 - persistent-rpc-client-id: if set, this allows the wallet to reuse a client id across runs. This means a public node can tell a wallet that's connecting is the same as one that connected previously, but allows a wallet to keep their credit balance from one run to the other. Since the wallet only mines to keep a small credit balance, this is not normally worth doing. However, someone may want to mine on a fast server, and use that credit balance on a low power device such as a phone. If left unset, a new client ID is generated at each wallet start, for privacy reasons. To mine and use a credit balance on two different devices, you can use the --rpc-client-secret-key switch. A wallet's client secret key can be found using the new rpc_payments command in the wallet. Note: anyone knowing your RPC client secret key is able to use your credit balance. The wallet has a few new commands too: - start_mining_for_rpc: start mining to acquire more credits, regardless of the auto mining settings - stop_mining_for_rpc: stop mining to acquire more credits - rpc_payments: display information about current credits with the currently selected daemon The node has an extra command: - rpc_payments: display information about clients and their balances The node will forget about any balance for clients which have been inactive for 6 months. Balances carry over on node restart.
2019-10-16Merge pull request #5952luigi11111-0/+2
93d5cf2 wallet2: add ignore-outputs-{above/below} option (stoffu)
2019-10-14wallet: remove long payment ID sending supportmoneromooo-monero1-2/+0
2019-10-02wallet2: add ignore-outputs-{above/below} optionstoffu1-0/+2
https://github.com/aeonix/aeon/pull/131
2019-08-28simplewallet: lock console on inactivitymoneromooo-monero1-0/+21
2019-08-22Wallet: Option to export data to ASCIITadeas Moravec1-0/+1
New CLI wallet variable: export-format with options "binary" (the default), or "ascii". "Binary" behaves as before, "ascii" forces the wallet to convert data to ASCII using base64. Reading files from the disk tries to auto detect what format has been used (using a magic string added when exporting the data). Implements https://github.com/monero-project/monero/issues/2859
2019-08-21Merge pull request #5743luigi11111-0/+1
65f29a8 simplewallet: add restore_height command (tobtoht)
2019-07-24Merge pull request #5460luigi11111-0/+1
a23dbe6 simplewallet: prompt when spending more than one old out in one tx (moneromooo-monero)
2019-07-08simplewallet: add restore_height commandthotbot1-0/+1
2019-05-16wallet: add unlock_time details to show_transfersmoneromooo-monero1-1/+1
also add a note when receiving the tx, because the user might not notice the "XXX blocks to unlock" in the balance.
2019-04-18simplewallet: prompt when spending more than one old out in one txmoneromooo-monero1-0/+1
2019-04-11simplewallet: add a welcome/disclaimer message commandmoneromooo-monero1-0/+1
I saw one when landing on www.tribler.org, and it seemed like a good idea to have something similar, alongside some more general "what is monero" text.
2019-04-11Merge pull request #5388Riccardo Spagni1-0/+1
0be5b2ee simplewallet: new unset_ring command (moneromooo-monero)
2019-04-11Merge pull request #5374Riccardo Spagni1-1/+9
a2561653 wallet: new option to start background mining (moneromooo-monero)
2019-04-11simplewallet: new net_stats commandmoneromooo-monero1-0/+1
displays total sent and received bytes
2019-04-04wallet: new option to start background miningmoneromooo-monero1-1/+9
The setup-background-mining option can be used to select background mining when a wallet loads. The user will be asked the first time the wallet is created.
2019-04-02simplewallet: new unset_ring commandmoneromooo-monero1-0/+1
Useful when debugging, though not much for users
2019-03-22wallet: add freeze/thaw/frozen commandsmoneromooo-monero1-1/+5
These commands let one freeze outputs by key image, so they do not appear in balance, nor are considered when creating a transaction, etc This is helpful when receiving an output from a suspected spy, who might try to track your other outputs by seeing with what other outputs it gets spent. The frozen command may be used without parameters to list all currently frozen outputs.
2019-03-21Merge pull request #5211Riccardo Spagni1-3/+3
c9b13fbb tests/trezor: HF9 and HF10 tests (Dusan Klinec) a1fd1d49 device/trezor: HF10 support added, wallet::API (Dusan Klinec) d74d26f2 crypto: hmac_keccak added (Dusan Klinec)
2019-03-20device/trezor: HF10 support added, wallet::APIDusan Klinec1-3/+3
- import only key images generated by cold signing process - wallet_api: trezor methods added - wallet: button request code added - const added to methods - wallet2::get_tx_key_device() tries to decrypt stored tx private keys using the device. - simplewallet supports get_tx_key and get_tx_proof on hw device using the get_tx_key feature - live refresh enables refresh with trezor i.e. computing key images on the fly. More convenient and efficient for users. - device: has_ki_live_refresh added - a thread is watching whether live refresh is being computed, if not for 30 seconds, it terminates the live refresh process - switches Trezor state
2019-03-19Merge pull request #4889Riccardo Spagni1-1/+1
f42263eb wallet: adds rescan_bc option with preserving key images (Dusan Klinec)
2019-03-15wallet: adds rescan_bc option with preserving key imagesDusan Klinec1-1/+1
- enables to perform rescan_spent / ki sync with untrusted daemon. Spent check status involves RPC calls which require trusted daemon status as it leaks information. The new call performs soft reset while preserving key images thus a sequence: refresh, ki sync / import, rescan_bc keep_ki will correctly perform spent checking without need for trusted daemon. - useful to detect spent outputs with untrusted daemon on watch_only / multisig / hw-cold wallets after expensive key image sync. - cli: rescan_bc keep_ki
2019-03-05Update 2019 copyrightbinaryFate1-1/+1
2019-01-16simplewallet: disable long payment ids by defaultmoneromooo-monero1-0/+2
unless --long-payment-id-support is used
2019-01-16Merge pull request #5009Riccardo Spagni1-0/+1
5e10dee3 simplewallet: fix show_transfers colouring, and add red for failed (moneromooo-monero)
2019-01-16Merge pull request #4981Riccardo Spagni1-0/+1
60b35c91 Add --restore-date param (Howard Chu)
2018-12-31wallet: optionally keep track of owned outputs usesmoneromooo-monero1-0/+2
2018-12-23simplewallet: fix show_transfers colouring, and add red for failedmoneromooo-monero1-0/+1
Also add the type back, as it was somehow weirdly split into two different fields, one being a union...
2018-12-14Add --restore-date paramHoward Chu1-0/+1
Estimate restore height from given date Check date format early, error out early if invalid
2018-12-12MMS (Multisig Messaging System): Initial versionrbrunner71-1/+44
2018-12-04device/trezor: ask for KI sync on first refreshDusan Klinec1-0/+2
When doing a first refresh on HW-token based wallet KI sync is required if money were received. Received money may indicate wallet was already used before the restore I.e., some transaction could have been already sent from the wallet. The spent UTXO would not be detected as spent which could lead to double spending errors on submitting a new transaction. Thus if the wallet is HW-token based with the cold signing protocol and the first refresh detected received money the user is asked to perform the key image sync.
2018-11-29device/trezor: passphrase entry on hostDusan Klinec1-0/+3
- simple device callback object added. Device can request passphrase/PIN entry via the callback or notify user some action is required - callback is routed to wallet2, which routes the callback to i_wallet_callback so CLI or GUI wallets can support passphrase entry for HW tokens - wallet: device open needs wallet callback first - passphrase protected device needs wallet callback so user can enter passphrase
2018-11-12Add new command "export_transfers" to save transfers to csvsachaaaaa1-0/+18
2018-11-06Merge pull request #4731Riccardo Spagni1-1/+4
f26ce08c wallet: add a non destructive blockchain rescan (moneromooo-monero)
2018-11-03wallet: add a non destructive blockchain rescanmoneromooo-monero1-1/+4
2018-11-02device/trezor: trezor support addedDusan Klinec1-0/+3
2018-10-01Arbitrary M/N multisig schemes:naughtyfox1-0/+1
* support in wallet2 * support in monero-wallet-cli * support in monero-wallet-rpc * support in wallet api * support in monero-gen-trusted-multisig * unit tests for multisig wallets creation
2018-09-21Merge pull request #4388Riccardo Spagni1-1/+0
05edc969 simplewallet: remove obsolete transfer_original command (moneromooo-monero)
2018-09-16simplewallet: remove obsolete transfer_original commandmoneromooo-monero1-1/+0
2018-09-14hw_device: support for multiple devices added [for review]Dusan Klinec1-1/+2
- device name is a new wallet property - full device name is now a bit more structured so we can address particular device vendor + device path. Example: 'Ledger', 'Trezor:udp', 'Trezor:udp:127.0.0.1:21324', 'Trezor:bridge:usb01'. The part before ':' identifies HW device implementation, the optional part after ':' is device path to look for. - new --hw-device parameter added to the wallet, can name the hardware device - device reconnect added
2018-08-23wallet: store trusted-daemon flag in wallet2stoffu1-2/+0
2018-08-16store secret keys encrypted where possiblemoneromooo-monero1-0/+1
The secret spend key is kept encrypted in memory, and decrypted on the fly when needed. Both spend and view secret keys are kept encrypted in a JSON field in the keys file. This avoids leaving the keys in memory due to being manipulated by the JSON I/O API.
2018-08-16wallet: wipe seed from memory where appropriatemoneromooo-monero1-3/+4
2018-08-15Merge pull request #4195luigi11111-4/+4
f13c7a8 simplewallet: make sure wallet config is stored right after creation (stoffu)
2018-08-15Merge pull request #4188luigi11111-0/+1
a3fe1c5 simplewallet: add set_tx_key for importing tx keys from 3rd party wallets (stoffu)
2018-07-30simplewallet: add set_tx_key for importing tx keys from 3rd party walletsstoffu1-0/+1
2018-07-30simplewallet: make sure wallet config is stored right after creationstoffu1-4/+4
2018-07-23monero-wallet-cli: added locked_sweep_all commandjcktm1-1/+2
2018-07-03Allow fractional outputs to be ignoredstoffu1-0/+1
2018-05-29Merge pull request #3477luigi11111-1/+2
3f5fb6f simplewallet: add --untrusted-daemon option (moneromooo-monero)
2018-04-13simplewallet: add version commandmoneromooo-monero1-0/+1
2018-03-22simplewallet: add --untrusted-daemon optionmoneromooo-monero1-1/+2
2018-03-18Merge pull request #3426Riccardo Spagni1-0/+1
8ea3c4d5 simplewallet: new --use-english-language-names flag (moneromooo-monero)
2018-03-17simplewallet: new --use-english-language-names flagmoneromooo-monero1-0/+1
On some Windows systems, displaying language names in their own languages freezes the display.
2018-03-17wallet: make the segregation height settablemoneromooo-monero1-0/+1
via user setting first, then DNS TXT record, hardcoded fallback
2018-03-16Add command line option allowing to restrict the default sub-address ↵stoffu1-0/+2
lookahead in order to avoid so looooong time of set-up when creating a HW based wallet.
2018-03-16wallet: add a set_ring commandmoneromooo-monero1-0/+1
This is so one can set rings for spent key images in case the attackers don't merge the ring matching patch set.
2018-03-16wallet: add an output blackball list to avoid using those in ringsmoneromooo-monero1-0/+3
2018-03-16wallet: key reuse mitigation optionsmoneromooo-monero1-0/+2
If a pre-fork output is spent on both Monero and attack chain, any post-fork output can be deduced to be a fake output, thereby decreasing the effective ring size. The segregate-per-fork-outputs option, on by default, allows selecting only pre-fork outputs in this case, so that the same ring can be used when spending it on the other side, which does not decrease the effective ring size. This is intended to be SET when intending to spend Monero on the attack fork, and to be UNSET if not intending to spend Monero on the attack fork (since it leaks the fact that the output being spent is pre-fork). If the user is not certain yet whether they will spend pre-fork outputs on a key reusing fork, the key-reuse-mitigation2 option should be SET instead. If you use this option and intend to spend Monero on both forks, then spend real Monero first.
2018-03-16wallet: add shared ring databasemoneromooo-monero1-0/+2
This maps key images to rings, so that different forks can reuse the rings by key image. This avoids revealing the real inputs like would happen if two forks spent the same outputs with different rings. This database is meant to be shared with all Monero forks which don't bother making a new chain, putting users' privacy at risk in the process. It is placed in a shared data directory by default ($HOME/.shared-ringdb on UNIX like systems). You may use --shared-ringdb-dir to override this location, and should then do so for all Monero forks for them to share the database.
2018-03-15wallet2+cli+rpc: eliminate redundant m_http_client from cli/rpc and delegate ↵stoffu1-1/+0
calls to wallet2
2018-03-04Code modifications to integrate Ledger HW device into monero-wallet-cli.cslashm1-0/+2
The basic approach it to delegate all sensitive data (master key, secret ephemeral key, key derivation, ....) and related operations to the device. As device has low memory, it does not keep itself the values (except for view/spend keys) but once computed there are encrypted (with AES are equivalent) and return back to monero-wallet-cli. When they need to be manipulated by the device, they are decrypted on receive. Moreover, using the client for storing the value in encrypted form limits the modification in the client code. Those values are transfered from one C-structure to another one as previously. The code modification has been done with the wishes to be open to any other hardware wallet. To achieve that a C++ class hw::Device has been introduced. Two initial implementations are provided: the "default", which remaps all calls to initial Monero code, and the "Ledger", which delegates all calls to Ledger device.
2018-01-27Merge pull request #3188Riccardo Spagni1-0/+1
fbc0a6dd Bugfix : Missing i18n import in simplewallet (Neozaru)
2018-01-28wallet: automatically use low priority if safe (no backlog & recent blocks ↵stoffu1-0/+1
not full)
2018-01-27Merge pull request #3118Riccardo Spagni1-0/+1
ca336c62 simplewallet: check file overwrite when exporting stuff (stoffu)
2018-01-26Update 2018 copyrightxmr-eric1-1/+1
2018-01-26Bugfix : Missing i18n import in simplewalletNeozaru1-0/+1
2018-01-26simplewallet: check file overwrite when exporting stuffstoffu1-0/+1
2018-01-25Merge pull request #3057Riccardo Spagni1-0/+2
9ffa97fe Factor the monero donation address (Maxithi)
2018-01-10Reserve proofstoffu1-0/+2
2018-01-05Factor the monero donation addressMaxithi1-0/+2
Signed-off-by: Maxithi <34792056+Maxithi@users.noreply.github.com>
2018-01-02Merge pull request #2960Riccardo Spagni1-0/+3
5cbcf0aa wallet: support for multisig seeds (moneromooo-monero)
2017-12-20wallet: support for multisig seedsmoneromooo-monero1-0/+3
They are hex rather than words, because they are a lot longer than "normal" seeds, as they have to embed a lot more information
2017-12-18Account taggingstoffu1-0/+1
2017-12-17simplewallet: add export_raw_multisig commandmoneromooo-monero1-0/+1
It exports raw transactions, so they may be used by other tools, for instance to be relayed to the network externally.
2017-12-17N-1/N multisigmoneromooo-monero1-0/+1
2017-12-17Add N/N multisig tx generation and signingmoneromooo-monero1-0/+5
Scheme by luigi1111: Multisig for RingCT on Monero 2 of 2 User A (coordinator): Spendkey b,B Viewkey a,A (shared) User B: Spendkey c,C Viewkey a,A (shared) Public Address: C+B, A Both have their own watch only wallet via C+B, a A will coordinate spending process (though B could easily as well, coordinator is more needed for more participants) A and B watch for incoming outputs B creates "half" key images for discovered output D: I2_D = (Hs(aR)+c) * Hp(D) B also creates 1.5 random keypairs (one scalar and 2 pubkeys; one on base G and one on base Hp(D)) for each output, storing the scalar(k) (linked to D), and sending the pubkeys with I2_D. A also creates "half" key images: I1_D = (Hs(aR)+b) * Hp(D) Then I_D = I1_D + I2_D Having I_D allows A to check spent status of course, but more importantly allows A to actually build a transaction prefix (and thus transaction). A builds the transaction until most of the way through MLSAG_Gen, adding the 2 pubkeys (per input) provided with I2_D to his own generated ones where they are needed (secret row L, R). At this point, A has a mostly completed transaction (but with an invalid/incomplete signature). A sends over the tx and includes r, which allows B (with the recipient's address) to verify the destination and amount (by reconstructing the stealth address and decoding ecdhInfo). B then finishes the signature by computing ss[secret_index][0] = ss[secret_index][0] + k - cc[secret_index]*c (secret indices need to be passed as well). B can then broadcast the tx, or send it back to A for broadcasting. Once B has completed the signing (and verified the tx to be valid), he can add the full I_D to his cache, allowing him to verify spent status as well. NOTE: A and B *must* present key A and B to each other with a valid signature proving they know a and b respectively. Otherwise, trickery like the following becomes possible: A creates viewkey a,A, spendkey b,B, and sends a,A,B to B. B creates a fake key C = zG - B. B sends C back to A. The combined spendkey C+B then equals zG, allowing B to spend funds at any time! The signature fixes this, because B does not know a c corresponding to C (and thus can't produce a signature). 2 of 3 User A (coordinator) Shared viewkey a,A "spendkey" j,J User B "spendkey" k,K User C "spendkey" m,M A collects K and M from B and C B collects J and M from A and C C collects J and K from A and B A computes N = nG, n = Hs(jK) A computes O = oG, o = Hs(jM) B anc C compute P = pG, p = Hs(kM) || Hs(mK) B and C can also compute N and O respectively if they wish to be able to coordinate Address: N+O+P, A The rest follows as above. The coordinator possesses 2 of 3 needed keys; he can get the other needed part of the signature/key images from either of the other two. Alternatively, if secure communication exists between parties: A gives j to B B gives k to C C gives m to A Address: J+K+M, A 3 of 3 Identical to 2 of 2, except the coordinator must collect the key images from both of the others. The transaction must also be passed an additional hop: A -> B -> C (or A -> C -> B), who can then broadcast it or send it back to A. N-1 of N Generally the same as 2 of 3, except participants need to be arranged in a ring to pass their keys around (using either the secure or insecure method). For example (ignoring viewkey so letters line up): [4 of 5] User: spendkey A: a B: b C: c D: d E: e a -> B, b -> C, c -> D, d -> E, e -> A Order of signing does not matter, it just must reach n-1 users. A "remaining keys" list must be passed around with the transaction so the signers know if they should use 1 or both keys. Collecting key image parts becomes a little messy, but basically every wallet sends over both of their parts with a tag for each. Thia way the coordinating wallet can keep track of which images have been added and which wallet they come from. Reasoning: 1. The key images must be added only once (coordinator will get key images for key a from both A and B, he must add only one to get the proper key actual key image) 2. The coordinator must keep track of which helper pubkeys came from which wallet (discussed in 2 of 2 section). The coordinator must choose only one set to use, then include his choice in the "remaining keys" list so the other wallets know which of their keys to use. You can generalize it further to N-2 of N or even M of N, but I'm not sure there's legitimate demand to justify the complexity. It might also be straightforward enough to support with minimal changes from N-1 format. You basically just give each user additional keys for each additional "-1" you desire. N-2 would be 3 keys per user, N-3 4 keys, etc. The process is somewhat cumbersome: To create a N/N multisig wallet: - each participant creates a normal wallet - each participant runs "prepare_multisig", and sends the resulting string to every other participant - each participant runs "make_multisig N A B C D...", with N being the threshold and A B C D... being the strings received from other participants (the threshold must currently equal N) As txes are received, participants' wallets will need to synchronize so that those new outputs may be spent: - each participant runs "export_multisig FILENAME", and sends the FILENAME file to every other participant - each participant runs "import_multisig A B C D...", with A B C D... being the filenames received from other participants Then, a transaction may be initiated: - one of the participants runs "transfer ADDRESS AMOUNT" - this partly signed transaction will be written to the "multisig_monero_tx" file - the initiator sends this file to another participant - that other participant runs "sign_multisig multisig_monero_tx" - the resulting transaction is written to the "multisig_monero_tx" file again - if the threshold was not reached, the file must be sent to another participant, until enough have signed - the last participant to sign runs "submit_multisig multisig_monero_tx" to relay the transaction to the Monero network
2017-12-17wallet: add multisig key generationmoneromooo-monero1-0/+2
Scheme by luigi1111
2017-12-06set_node command, allows setting node without restartTobias Hoffmann1-1/+2
2017-11-26Added command descriptionsCifrado1-0/+1
2017-11-21Spend proof without txkeystoffu1-0/+2
2017-11-18Tx proof (revised):stoffu1-1/+0
- refactoring: proof generation/checking code was moved from simplewallet.cpp to wallet2.cpp - allow an arbitrary message to be signed together with txid - introduce two types (outbound & inbound) of tx proofs; with the same syntax, inbound is selected when <address> belongs to this wallet, outbound otherwise. see GitHub thread for more discussion - wallet RPC: added get_tx_key, check_tx_key, get_tx_proof, check_tx_proof - wallet API: moved WalletManagerImpl::checkPayment to Wallet::checkTxKey, added Wallet::getTxProof/checkTxProof - get_tx_key/check_tx_key: handle additional tx keys by concatenating them into a single string
2017-11-15wallet: add sweep_single commandstoffu1-0/+1
2017-11-14wallet-cli: added --generate-from-spend-key optionstoffu1-0/+1
2017-10-16Wallet: Descriptions through new commands 'set_description', 'get_description'rbrunner71-0/+2
2017-10-15Merge pull request #2606Riccardo Spagni1-0/+1
4090e8c6 simplewallet: add get/set for refresh-from-height (moneromooo-monero)
2017-10-15Merge pull request #2586Riccardo Spagni1-0/+7
7b8d3ec6 wallet-cli: add --do-not-relay option (stoffu)
2017-10-08simplewallet: add get/set for refresh-from-heightmoneromooo-monero1-0/+1
2017-10-07Subaddresseskenshi841-6/+9
2017-10-07wallet-cli: add --do-not-relay optionstoffu1-0/+7
2017-10-02simplewallet: allow to set threshold before warning about tx backlogselsta1-0/+1
2017-09-25Merge pull request #2257Riccardo Spagni1-0/+2
651baaec wallet: add encrypted seed functionality (moneromooo-monero)
2017-09-20Merge pull request #2381Riccardo Spagni1-0/+1
840aed1c monero-wallet-cli: New command 'wallet_info' improved (rbrunner7) 9bdd985c monero-wallet-cli: New command 'wallet_info' (rbrunner7)
2017-09-12wallet: add encrypted seed functionalitymoneromooo-monero1-0/+2
This uses luigi1111's CN_Add method. See https://xmr.llcoins.net for details.
2017-08-31monero-wallet-cli: New command 'wallet_info'rbrunner71-0/+1
2017-08-29simplewallet: new "fee" command to display fee informationmoneromooo-monero1-0/+1
including expected transaction backlog at different priorities
2017-08-26wallet: new option to check/confirm txpool backlog when sendingmoneromooo-monero1-0/+1
2017-08-15Merge pull request #2293Riccardo Spagni1-0/+1
dee41efa simplewallet: mnemonic language command-line arg (Eugene Otto)
2017-08-15Merge pull request #2240Riccardo Spagni1-0/+1
b7d6ec83 simplewallet: add (out of sync) or (no daemon) markers in the prompt (moneromooo-monero) fa23a500 wallet2: add a is_synced function (moneromooo-monero) f1307bbd node_rpc_proxy: add a proxy for target height (moneromooo-monero)
2017-08-13simplewallet: mnemonic language command-line argEugene Otto1-0/+1
Add `--mnemonic-language` command-line arg so it's possible to generate a wallet without interacting with the CLI.
2017-08-07change mixin to ring size in user visible placesmoneromooo-monero1-1/+1
2017-08-02simplewallet: add (out of sync) or (no daemon) markers in the promptmoneromooo-monero1-0/+1
Should help people who don't realize why they haven't seen their monero yet.
2017-07-29Add option to join multisig wallet pieces togetherJollyMort1-0/+1
Asks user for all the data required to merge secret keys from multisig wallets into one master wallet, which then gets full control of the multisig wallet. The resulting wallet will be the same as any other regular wallet.
2017-06-22Signature proving payment to destination by only revealing key derivation, ↵stoffu1-0/+3
not the actual tx secret key
2017-06-10simplewallet: new command to generate a random payment idmoneromooo-monero1-0/+1
This is trivial, but often requested, and possibly hard to do in Windows. That makes it more user friendly.
2017-04-24wallet: add sweep_below functionmoneromooo-monero1-0/+2
It sweeps all outputs below the given threshold This is available via the existing sweep_all RPC, by setting amount_threshold the desired amount (in atomic units)
2017-03-25wallet: option to merge destinationsmoneromooo-monero1-0/+1
With the change from the original transfer method to the new algorithm, payments to the same destination were merged. It seemed like a good idea, optimizing space. However, it is a useful tool for people who want to split large outputs into several smaller ones (ie, service providers making frequent payments, and who do not like a large chunk of their balance being locked for 10 blocks after each payment). Default to off, which is a change from the previous behavior.
2017-03-24wallet: try to save large outputs when using an unneeded second inputmoneromooo-monero1-0/+2
When a single input is enough to satisfy a transfer, the code would previously try to add a second input, to match the "canonical" makeup of a transaction with two inputs and two outputs. This would cause wallets to slowly merge outputs till all the monero ends up in a single output, which causes trouble when making two transactions one after the other, since change is locked for 10 blocks, and an increasing portion of the remaining balance would end up locked on each transaction. There are two new settings (min-output-count and min-output-value) which can control when to stop adding such unneeded second outputs. The idea is that small "dust" outputs will still get added, but larger ones will not. Enable with, eg: set min-output-count 10 set min-output-value 30 to avoid using an unneeded second output of 30 monero or more, if there would be less than 10 such outputs left. This does not invalidate any other reason why such outputs would be used (ie, when they're really needed to satisfy a transfer, or when randomly picked in the normal course of selection). This may be improved in the future.
2017-03-03Merge pull request #1826Riccardo Spagni1-0/+1
2c468dd4 allow user I/O in millinero, micronero, nanonero, piconero (moneromooo-monero)
2017-03-02allow user I/O in millinero, micronero, nanonero, piconeromoneromooo-monero1-0/+1
2017-02-27Add support for the wallet to refresh pruned blocksmoneromooo-monero1-4/+4
2017-02-21update copyright year, fix occasional lack of newline at line endRiccardo Spagni1-1/+1
2017-02-11Merge pull request #1689Riccardo Spagni1-1/+1
ce7fcbb4 Add server auth to monerod, and client auth to wallet-cli and wallet-rpc (Lee Clagett)
2017-02-08extract some basic code from libcryptonote_core into libcryptonote_basickenshi841-2/+2
2017-02-06Add server auth to monerod, and client auth to wallet-cli and wallet-rpcLee Clagett1-1/+1
2017-02-04Merge pull request #1640Riccardo Spagni1-0/+1
f97526e6 simplewallet: option to always ask password for any crytical operations (kenshi84)
2017-02-03simplewallet: option to always ask password for any crytical operationskenshi841-0/+1
2017-01-29Add change_password for simplewalletAshley Perpetual1-0/+1
2017-01-16Change logging to easylogging++moneromooo-monero1-0/+3
This replaces the epee and data_loggers logging systems with a single one, and also adds filename:line and explicit severity levels. Categories may be defined, and logging severity set by category (or set of categories). epee style 0-4 log level maps to a sensible severity configuration. Log files now also rotate when reaching 100 MB. To select which logs to output, use the MONERO_LOGS environment variable, with a comma separated list of categories (globs are supported), with their requested severity level after a colon. If a log matches more than one such setting, the last one in the configuration string applies. A few examples: This one is (mostly) silent, only outputting fatal errors: MONERO_LOGS=*:FATAL This one is very verbose: MONERO_LOGS=*:TRACE This one is totally silent (logwise): MONERO_LOGS="" This one outputs all errors and warnings, except for the "verify" category, which prints just fatal errors (the verify category is used for logs about incoming transactions and blocks, and it is expected that some/many will fail to verify, hence we don't want the spam): MONERO_LOGS=*:WARNING,verify:FATAL Log levels are, in decreasing order of priority: FATAL, ERROR, WARNING, INFO, DEBUG, TRACE Subcategories may be added using prefixes and globs. This example will output net.p2p logs at the TRACE level, but all other net* logs only at INFO: MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE Logs which are intended for the user (which Monero was using a lot through epee, but really isn't a nice way to go things) should use the "global" category. There are a few helper macros for using this category, eg: MGINFO("this shows up by default") or MGINFO_RED("this is red"), to try to keep a similar look and feel for now. Existing epee log macros still exist, and map to the new log levels, but since they're used as a "user facing" UI element as much as a logging system, they often don't map well to log severities (ie, a log level 0 log may be an error, or may be something we want the user to see, such as an important info). In those cases, I tried to use the new macros. In other cases, I left the existing macros in. When modifying logs, it is probably best to switch to the new macros with explicit levels. The --log-level options and set_log commands now also accept category settings, in addition to the epee style log levels.
2017-01-13Merge pull request #1559Riccardo Spagni1-0/+1
db56a03f Wallet2 + API: Callbacks for unconfirmed transfers (Jaquee)
2017-01-12Wallet2 + API: Callbacks for unconfirmed transfersJaquee1-0/+1
2017-01-09wallet cli: print originating block heights of mixin keys when making transferkenshi841-1/+3
2017-01-08Merge pull request #1537Riccardo Spagni1-0/+1
c2135082 simplewallet: add a show_transfer <txid> command (moneromooo-monero) 19c4041d wallet_rpc_server: new RPC call to get a transfer by txid (moneromooo-monero)
2017-01-08Merge pull request #1496Riccardo Spagni1-0/+1
adee1644 wallet cli: print unspent outputs with histogram (kenshi84)
2017-01-08Merge pull request #1482Riccardo Spagni1-0/+1
38f00d07 wallet cli: viewing and editing address book (kenshi84)
2017-01-08simplewallet: add a show_transfer <txid> commandmoneromooo-monero1-0/+1
2016-12-26wallet cli: print unspent outputs with histogramkenshi841-0/+1
2016-12-21make openalias also available for solo miner; introduce namespace ↵kenshi841-1/+0
tools::dns_utils; support integrated address with dns lookup
2016-12-21wallet cli: viewing and editing address bookkenshi841-0/+1
2016-12-19Refactored password prompting for walletsLee Clagett1-0/+3
2016-12-15wallet cli: donate commandKenshi Takayama1-0/+1
2016-11-16wallet: auto sync outputs and key images in cold signing filesmoneromooo-monero1-1/+1
When passing around unsigned and signed transactions, outputs and key images are passed along (outputs are passed along unsigned transactions from the hot wallet to the cold wallet, key images are passed along with signed transations from the cold wallet to the hot wallet), to allow more user friendly syncing between hot and cold wallets.
2016-11-10Created monero-wallet-rpc, moving functionality from monero-wallet-cliLee Clagett1-14/+7
2016-11-01Merge pull request #1281Riccardo Spagni1-0/+2
bb560dd wallet: new import_outputs/export_outputs commands (moneromooo-monero)
2016-10-30wallet: new import_outputs/export_outputs commandsmoneromooo-monero1-0/+2
The intended use is to export outputs from a hot wallet, which can scan incoming transfers from the network, and import them in the cold wallet, which can't. The cold wallet can then compute key images for those outputs, which can then be exported with export_key_images, etc.
2016-10-30wallet: print tx overview on submit_transfer toomoneromooo-monero1-0/+2
This is on the potentially compromised wallet, but still guards against stupid mistakes.
2016-10-04Merge pull request #1179Riccardo Spagni1-0/+1
714ee99 Fix description for locked_transfer (Oyvind Kvanes) 71538f3 Rename to lockblocks and add max value (Oyvind Kvanes) 68ac060 Fix locked_transfer (Oyvind Kvanes) 7d020bd Add locked_transfer (Oyvind Kvanes) d5f918a Revert transfer_main in simplewallet (Oyvind Kvanes) 3451963 Add motifications to test out locked_transfer (Oyvind Kvanes) e5e6d88 Add more information to transaction in wallet (Oyvind Kvanes) 9b8a062 Make a small test change (Oyvind Kvanes)
2016-10-04Merge pull request #1160Riccardo Spagni1-0/+1
80b4da3 wallet: wallet option to confirm transfers with no payment id (moneromooo-monero)
2016-10-01wallet: wallet option to confirm transfers with no payment idmoneromooo-monero1-0/+1
set confirm-missing-payment-id 0|1 Defaults to true.
2016-09-28Revert transfer_main in simplewalletOyvind Kvanes1-0/+1
2016-09-27wallet: cold wallet transaction signingmoneromooo-monero1-0/+3
This change adds the ability to create a new unsigned transaction from a watch only wallet, and save it to a file. This file can then be moved to another computer/VM where a cold wallet may load it, sign it, and save it. That cold wallet does not need to have a blockchain nor daemon. The signed transaction file can then be moved back to the watch only wallet, which can load it and send it to the daemon. Two new simplewallet commands to use it: sign_transfer (on the cold wallet) submit_transfer (on the watch only wallet) The transfer command used on a watch only wallet now writes an unsigned transaction set in a file called 'unsigned_monero_tx' instead of submitting the tx to the daemon as a normal wallet does. The signed tx file is called 'signed_monero_tx'.
2016-09-16wallet: change priority/fee to ArticMine's recommendationmoneromooo-monero1-1/+1
We keep 1, 2, 3 multipliers till the fee decrase from 0.01/kB to 0.002/kB, where we start using 1, 20, 166 multipliers. This ensures the higher multiplier will compensate for the block reward penalty when pushing past 100% of the past median. The fee-multiplier wallet setting is now rename to priority, since it keeps its [0..3] range, but maps to different multiplier values.
2016-08-28wallet: factor transfer_rct code with transfer codemoneromooo-monero1-1/+0
The "transfer" simplewallet command is renamed to "transfer_original". "transfer_new" is renamed "transfer", "transfer_rct" is removed, and the new "transfer" now selects rct or non rct transactions based on the current block height.
2016-08-28add rct to the protocolmoneromooo-monero1-3/+4
It is not yet constrained to a fork, so don't use on the real network or you'll be orphaned or rejected.
2016-08-11Merge pull request #952Riccardo Spagni1-0/+1
709c724 Better fix (#4) (hyc) d2644c1 fix restore-deterministic height (luigi1111)
2016-08-11Merge pull request #949Riccardo Spagni1-5/+7
da1007f simplewallet: make the refresh thread into more generic idle thread (moneromooo-monero)
2016-08-09Better fix (#4)hyc1-0/+1
2016-08-07simplewallet: make the refresh thread into more generic idle threadmoneromooo-monero1-5/+7
2016-08-01Fix #864guzzi_jones1-0/+1
Squashed commit of the following: commit 9af9e4223b58bbb65a3519af2c2bfc273cbd23d6 fixed some formatting commit c7920e1cf88ff46eb9294101344d9a567f22e2da Merge: 97eb28b 1da1c68 fix#864 fix using boolean commit 97eb28ba5dd49ddde8c8785f39b24d955e5de31c Fix #864 boolean value used to verify on new wallet commit 1da1c68bd3a9a373c70482b6e6e95251096149f1 fix #864 changed to boolean to prompt for verify commit 5bee96652434762d2c91ce31a1b1c9f169446ddc fix 864; made variable names easier for understanding branching. commit 45715960d30293f781b2ff9e5e647c2ec893f4a3 fix #864; allow password to be entered twice for new wallets for verification. fix #864 password entry verification; ammended boolean fix #864 ; default constructor for password_container should set verify=true
2016-07-24wallet: new {ex,im}port_key_images commands and RPC callsmoneromooo-monero1-0/+2
They are used to export a signed set of key images from a wallet with a private spend key, so an auditor with the matching view key may see which of those are spent, and which are not.
2016-07-20Merge pull request #902Riccardo Spagni1-1/+2
014f3a0 Add a daemon RPC version, and make simplewallet check it (moneromooo-monero)
2016-07-19wallet: add command and RPC to sign/verify datamoneromooo-monero1-0/+2
Signing is done using the spend key, since the view key may be shared. This could be extended later, to let the user choose which key (even a per tx key). simplewallet's sign/verify API uses a file. The RPC uses a string (simplewallet can't easily do strings since commands receive a tokenized set of arguments).
2016-07-10Add a daemon RPC version, and make simplewallet check itmoneromooo-monero1-1/+2
If the version is different, simplewallet will refuse to use that daemon, unless --allow-mismatched-daemon-version is used.
2016-06-22wallet: add a fee multipliermoneromooo-monero1-0/+1
Fee can now be multiplied by 2 or 3, if users want to give priority to their transactions. There are only three levels to avoid too much fingerprinting. Default is 1 (minimum fee). The default multiplier can be set by "set fee-multiplier X".
2016-06-20simplewallet: add a status commandmoneromooo-monero1-0/+1
It matches the daemon, and should allow people who're suspicious of the background refresh to know they're synced.
2016-04-26wallet: allow attaching notes to txidsmoneromooo-monero1-0/+2
2016-04-26Merge pull request #817Riccardo Spagni1-0/+1
4b1c0d6 simplewallet: some background refresh threading fixes (moneromooo-monero)
2016-04-26Merge pull request #815Riccardo Spagni1-0/+2
b0850a9 wallet: add a new sweep_all command and RPC command (moneromooo-monero)
2016-04-21simplewallet: some background refresh threading fixesmoneromooo-monero1-0/+1
We want to lock operations which access the blockchain in wallet2. We also want the background refresh to happen again when we cancel a foreground refresh. Wrap the locking setup in a macro so it doesn't get copy/pasted/mangled, and use a scope exit trick to ensure it's always properly restored.
2016-04-19wallet: add a new sweep_all command and RPC commandmoneromooo-monero1-0/+2
This sends all outputs in a wallet to a given address, alleviating the difficulty people have had trying to send all monero but being left with some small amount left.
2016-04-17Add --restore-height optionHoward Chu1-0/+1
For specifying the block height from which to start a restore
2016-03-26wallet: change sweep_dust to sweep_unmixablemoneromooo-monero1-1/+1
With the change in mixin rules for v2, the "annoying" outputs are slightly changed. There is high correlation between dust and unmixable, but no equivalence.
2016-03-25wallet: add a --generate-from-json flagmoneromooo-monero1-0/+2
It takes a filename containing JSON data to generate a wallet. The following fields are valid: version: integer, should be 1 filename: string, path/filename for the newly created wallet scan_from_height: 64 bit unsigned integer, optional password: string, optional viewkey: string, hex representation spendkey: string, hex representation seed: string, optional, list of words separated by spaces Either seed or private keys should be given. If using private keys, the spend key may be omitted (the wallet will not be able to spend, but will see incoming transactions). If scan_from_height is given, blocks below this height will not be checked for transactions as an optimization.
2016-03-11Use boost::thread instead of std::threadHoward Chu1-3/+3
and all other associated IPC
2016-02-22simplewallet: add a new --restore-from-keys optionmoneromooo-monero1-0/+3
It is similar in use to --restore-from-view-key, but also expects a spend private key. Requested by luigi1112, and useful to restore MyMonero wallets.
2016-01-29Fix V1/V2 use of hard fork related parametersmoneromooo-monero1-1/+2
Some of it uses hardcoded height, which will need some thinking for next (voted upon) fork.
2016-01-25simplewallet: remove leftover command line refresh-type handlingmoneromooo-monero1-2/+0
2015-12-31updated copyright yearRiccardo Spagni1-1/+1
2015-12-30wallet: add a rescan_bc command and rescan_blockchain RPCmoneromooo-monero1-0/+2
Blockchain hashes and key images are flushed, and blocks are pulled anew from the daemon. The console command is shortened to match bc_height. This should make it a lot easier on users who are currently told to remove this particular cache file but keep the keys one, etc, etc.
2015-12-05wallet: make the wallet refresh type a wallet settingmoneromooo-monero1-0/+1
instead of a command line setting. It makes sense that is is a long lived setting.
2015-11-29wallet: cancellable refreshmoneromooo-monero1-0/+3
^C while in manual refresh will cancel the refresh, since that's often an annoying thing to have to wait for. Also, a manual refresh command will interrupt any running background refresh and take over, rather than wait for the background refresh to be done, and look to be hanging.
2015-11-28wallet: optional automatic refresh from the daemonmoneromooo-monero1-0/+9
The daemon will be polled every 90 seconds for new blocks. It is enabled by default, and can be turned on/off with set auto-refresh 1 and set auto-refresh 0 in the wallet.