Author Topic: Issues in decrypting MEMO  (Read 2307 times)

0 Members and 1 Guest are viewing this topic.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12896
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Re: Issues in decrypting MEMO
« Reply #15 on: February 03, 2016, 06:55:26 am »
[member=23912]monsterer[/member] I am building an app that will enable a merchant to allow his customers to pay through smartcoins. So my app will be used by many different merchants all he need to do is enter his bitshares account name and select the currency which he wants to accept.

[member=120]xeroc[/member] I cant just hard code my private key in the application because every merchant will have his own key. So in order to decrypt the memo of transaction sent to a specific merchant i need the private key of this merchant mine will not be able to decrypt it :(
If you let merchants use their own account names, then you either need to let them replace the memo key to a key that you have the private key hard coded (not so good idea), or your need to ask the merchant for the memo private key as well ..
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline madforstrength

Re: Issues in decrypting MEMO
« Reply #16 on: February 03, 2016, 07:16:07 am »
[member=120]xeroc[/member] Can I ask the merchants for private key? won't they be hesitating in entering their private?

This will make my job a lot easier, but I dont know if it will be acceptible or not, as private keys are confidential.

Well right now I have established a trusted node on my local machine

here: https://github.com/bitshares/bitshares-2 I found:
Quote
Is there a way to allow external program to drive cli_wallet via websocket, JSONRPC, or HTTP?

Yes. External programs may connect to the CLI wallet and make its calls over a websockets API. To do this, run the wallet in server mode, i.e. cli_wallet -s "127.0.0.1:9999" and then have the external program connect to it over the specified port (in this example, port 9999).

If it is possible to create a websocket for CLI wallet then I can simply call this socket from my application and use either get_transaction_history or get_private_key

Am i right?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12896
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Re: Issues in decrypting MEMO
« Reply #17 on: February 03, 2016, 07:24:03 am »
the memo private key can only be used to decrypt memos .. unless the account is setup strangely it cannot be used to access the account or its funds.

Technically, the memokey can be obtained via RPC call to the cli wallet, but if your merchant app is able to read a qr code, i would recommend to let the mrchant scan the memo priv key instead
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline madforstrength

Re: Issues in decrypting MEMO
« Reply #18 on: February 03, 2016, 07:30:12 am »
Technically, the memokey can be obtained via RPC call to the cli wallet, but if your merchant app is able to read a qr code, i would recommend to let the mrchant scan the memo priv key instead

Sorry [member=120]xeroc[/member] I can't understand above point. What do you mean by let the merchant scan the memo priv key? DO you mean let the merchant enter the memo priv key?

Offline madforstrength

Re: Issues in decrypting MEMO
« Reply #19 on: February 03, 2016, 10:26:51 am »
Ok I have tried everything now :(

I have used get_private_key but its giving error because:
Quote
The private key must already be in the wallet.

I have also tried get_account_history, it is showing me the transactions but with error:
Quote
Memo is encrypted to a key BTS81JWvhxW5YQ52rDC2fzCddi3BopYrEtT2qza3qu55s7iFAjLLo not in this wallet.

Now I guess there is no way I can get someone's private key programmatically. :(

Would appreciate if someone can verify this or identify any other method to get the private key of any account through api or wallet.
Thanks

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12896
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Re: Issues in decrypting MEMO
« Reply #20 on: February 03, 2016, 12:08:01 pm »
Every account has 3 key pairs. One of which is for memo encryption/decryption.
Each pair consists of a pub and a private key.
The "pubkey" is used to encrypt the message for the recepient so that the recipient can only decrypt if he HAS the private key.
Usually, the wallet that has created the account and has access to its funds also has access to its memo private key.

Unless you have access to that wallet (i.e. private key) there is NO WAY to decrypt the encrypted memo!
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline madforstrength

Re: Issues in decrypting MEMO
« Reply #21 on: February 04, 2016, 05:08:51 am »
ok [member=120]xeroc[/member] thanks for your valuable input. Just one more thing, is there any way to validate that the private key entered by the merchant is correct? and belongs to his account?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12896
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Re: Issues in decrypting MEMO
« Reply #22 on: February 04, 2016, 07:59:51 am »
you can derive the public key from the private key:
https://github.com/xeroc/python-graphenelib/blob/master/graphenebase/account.py#L250

something along the lines of

bts_pubkey = format(PrivateKey("5........"), "BTS")
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH