Author Topic: Issues in decrypting MEMO  (Read 5900 times)

0 Members and 1 Guest are viewing this topic.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
you can derive the public key from the private key:
https://github.com/xeroc/python-graphenelib/blob/master/graphenebase/account.py#L250

something along the lines of

bts_pubkey = format(PrivateKey("5........"), "BTS")

Offline madforstrength

ok @xeroc thanks for your valuable input. Just one more thing, is there any way to validate that the private key entered by the merchant is correct? and belongs to his account?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Every account has 3 key pairs. One of which is for memo encryption/decryption.
Each pair consists of a pub and a private key.
The "pubkey" is used to encrypt the message for the recepient so that the recipient can only decrypt if he HAS the private key.
Usually, the wallet that has created the account and has access to its funds also has access to its memo private key.

Unless you have access to that wallet (i.e. private key) there is NO WAY to decrypt the encrypted memo!

Offline madforstrength

Ok I have tried everything now :(

I have used get_private_key but its giving error because:
Quote
The private key must already be in the wallet.

I have also tried get_account_history, it is showing me the transactions but with error:
Quote
Memo is encrypted to a key BTS81JWvhxW5YQ52rDC2fzCddi3BopYrEtT2qza3qu55s7iFAjLLo not in this wallet.

Now I guess there is no way I can get someone's private key programmatically. :(

Would appreciate if someone can verify this or identify any other method to get the private key of any account through api or wallet.
Thanks

Offline madforstrength

Technically, the memokey can be obtained via RPC call to the cli wallet, but if your merchant app is able to read a qr code, i would recommend to let the mrchant scan the memo priv key instead

Sorry @xeroc I can't understand above point. What do you mean by let the merchant scan the memo priv key? DO you mean let the merchant enter the memo priv key?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
the memo private key can only be used to decrypt memos .. unless the account is setup strangely it cannot be used to access the account or its funds.

Technically, the memokey can be obtained via RPC call to the cli wallet, but if your merchant app is able to read a qr code, i would recommend to let the mrchant scan the memo priv key instead

Offline madforstrength

@xeroc Can I ask the merchants for private key? won't they be hesitating in entering their private?

This will make my job a lot easier, but I dont know if it will be acceptible or not, as private keys are confidential.

Well right now I have established a trusted node on my local machine

here: https://github.com/bitshares/bitshares-2 I found:
Quote
Is there a way to allow external program to drive cli_wallet via websocket, JSONRPC, or HTTP?

Yes. External programs may connect to the CLI wallet and make its calls over a websockets API. To do this, run the wallet in server mode, i.e. cli_wallet -s "127.0.0.1:9999" and then have the external program connect to it over the specified port (in this example, port 9999).

If it is possible to create a websocket for CLI wallet then I can simply call this socket from my application and use either get_transaction_history or get_private_key

Am i right?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
@monsterer I am building an app that will enable a merchant to allow his customers to pay through smartcoins. So my app will be used by many different merchants all he need to do is enter his bitshares account name and select the currency which he wants to accept.

@xeroc I cant just hard code my private key in the application because every merchant will have his own key. So in order to decrypt the memo of transaction sent to a specific merchant i need the private key of this merchant mine will not be able to decrypt it :(
If you let merchants use their own account names, then you either need to let them replace the memo key to a key that you have the private key hard coded (not so good idea), or your need to ask the merchant for the memo private key as well ..

Offline madforstrength

@monsterer I am building an app that will enable a merchant to allow his customers to pay through smartcoins. So my app will be used by many different merchants all he need to do is enter his bitshares account name and select the currency which he wants to accept.

@xeroc I cant just hard code my private key in the application because every merchant will have his own key. So in order to decrypt the memo of transaction sent to a specific merchant i need the private key of this merchant mine will not be able to decrypt it :(

Offline monsterer

@monsterer I understand that, but the problem is I dont have receiver's private key, so can I get it through API call or is there any other method which do not require private key for decrypting memo?

What is your use case? Why do you need to try and decrypt memos which don't belong to you?
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
the database api is ONLY for reading blockchain stuff. It does not deal with private keys at all. You NEED to open the cli-wallet to get the private key for your account.
Once you have the private key, you can put it into your script and don't need to use the cli wallet any longer.
http://docs.bitshares.eu/integration/apps/index.html

Offline madforstrength

@xeroc Thanks buddy but get_private_key is not available in DATABASE API :(

Now the only option I can think of is creating a full node of my own and write a wrapper that will take my API calls and return me my desired information.

is there any other way?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
@monsterer I understand that, but the problem is I dont have receiver's private key, so can I get it through API call or is there any other method which do not require private key for decrypting memo?

>>> get_account <account name>

Take the public key that is given as "memo_key" in the options

>>> get_private_key <memo-pubkey>

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
@xeroc lemme explain what I am doing,

Well I am working on developing a payment gateway for bitshares in my project, I have created the invoice successfully, now when a user makes payment then he is redirected to my url along with block and transaction numbers.

I then call API with this data to get the whole transaction.
E.g.
Code: [Select]
{"id":1,"method":"get_transaction","params":[3153947,0]}
The API returns me transaction details like (to, from, amount and memo). but memo is encrypted :(

So I call the API again for getting the account to which payment was made.
E.g. 
Code: [Select]
{"id":1,"method":"get_accounts","params":[["1.2.96993"]]}
I extract the memo key from options and then use this memo key as wif key in your code but still getting the following error:

Code: [Select]
Traceback (most recent call last):
  File "memo/memo_test.py", line 11, in <module>
    priv = PrivateKey(wifkey)
  File "/home/developer03/.local/lib/python3.4/site-packages/graphenelib-0.3rc1-py3.4.egg/graphenebase/account.py", line 249, in __init__
  File "/home/developer03/.local/lib/python3.4/site-packages/graphenelib-0.3rc1-py3.4.egg/graphenebase/account.py", line 258, in compressedpubkey
  File "/usr/local/lib/python3.4/dist-packages/ecdsa/keys.py", line 149, in from_string
    assert len(string) == curve.baselen, (len(string), curve.baselen)
AssertionError: (33, 32)

That is now how you decrypt a memo.
The key that is used to encrypt the memo is derived from the senders private key and the receivers public memo key. This gives a shared secret that also the receiver can derive from HIS memo private key and the SENDERS public memo key. Taking only the public key will not allow you to encrypt it .. you will ALSO need the private key of YOUR MEMO KEY (which starts with 5 and has to be pasted as the 'wifkey' in the demo above)

Offline madforstrength

@monsterer I understand that, but the problem is I dont have receiver's private key, so can I get it through API call or is there any other method which do not require private key for decrypting memo?