- Creation of your keys section
In the page it says “Address, WIF key or Multisig Redeem Script:”
Example: You have a multisig address with a friend, with the two of you required to sign, so a 2 of 2. Imagine that you enter a dispute and the other person does not cooperate, funds are locked.
Imagine you added a mediator, now it is 2 of 3. The mediator only have one signature, so can’t steal the funds.
Now if a dispute arises and your friend refuses to sign, you can contact the mediator, the mediator will mediate between you two, and decide who is right. Then his signature and the one of the winner of the dispute can control the funds, effectively unlocking them and resolving the dispute.
… but when you put in an address (happens to be a multisig) it may not work.
Added message if entered incorrectly:
This is a multisig address. You must use the redeem script, not the multisig address!
Honestly great work on this tool @ttutdxh even a simpleton like me can use it!
I’m not wowed easily, but the cointoolkit provided by @ttutdxh does that!
I can’t imagine how the FLOT would be able to deal with multisig addresses and transactions in a timely manner without it. I’m not yet sure about the “timely” aspect, but I know that cointoolkit speeds things up - without it, all would definitely last longer!
The improvement compared to coinbin (from which it was forked) is tremendous.
I want to point this out:
It is useful for the FLOT members. Each member (including me!) can consider how much efforts are saved thanks to it (and @ttutdxh’s amazing work).
And the NSR holders should ask themselves whether they find tools that make the FLOT more efficient, valuable.
I don’t know if there’s a fund for things like that:
I want to propose cointoolkit for a reward - and I’m not speaking of a formal praise
Are there others who feel the same about cointoolkit?
@masterOfDisaster tanks for the encouragement. Glad it helped you.
Today I am adding support for combining signatures in a multi signature transaction.
To understand why this first tool ever to automate this is useful, please consider this scenario first.
A group of people that controls a multi signature address have to sign transaction 00a0fff…(example of real, hex serialized transaction) from a 3 of 5 multi signature address.
Member 1 sign the transaction and results in 11a0fff…
Member 2 take 11a0fff… and sign it. He gets 22a0fff…
At the same time member 3 take the same tx signed by member 1, 11a0fff… and sign it himself. He gets 33a0ff…
Member 2 and member 3 publish their correspondent transactions, 22a0fff, 33a0ff.
Now we have 3 diferent versions of that tx:
They don’t have any transaction with the minimum 3 of 5, and they should since 3 of 5 members signed.
Members already did their corresponding signing and left. What can you do if you need the transaction ASAP?
Problem solved, deadline met.
@masterOfDisaster made me think:
I though, Cointoolkit should do that.
So after the last update you can now check everything you need from the verify tab, amounts and fee inclusive.
Don’t need much more words to explain how I perceive your cointoolkit
I have updated git-multisig to save unspent outputs in JSON format. This can help Cointoolkit retreive unspent outputs in case blockexplorer fails.
@masterOfDisaster and @jooize please update your flot-operations folder and repositories, by forking from mine : https://github.com/dc-tcs/flot-operations, as well as the newest git-multisig. The rest of FLOT (NBT group) may also download the newest version of git-multisig.
git clone email@example.com:jooize/flot-operations.git cd flot-operations git remote add upstream https://github.com/dc-tcs/flot-operations git fetch upstream git checkout master git merge upstream/master
Is there a way to resolve conflicts without an editor?
git add BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js/unspent git commit -m "Update to upstream" git push origin master
Removing the entire folder is an option. The script will automatically git clone. Perhaps I should deal with that, though I dared not put something that does “rm -r” in the scripts as it could lead to some pretty bad accidents…
can we seen which FLOT member signed or not？
@huafei yes, just click the signature count when verifying a transaction.
@dysconnect great news, that will avoid blockexplorer.nu availability problems.
Added @dysconnect, @masterOfDisaster and @jooize flot-operations repositories to Cointoolkit.
You can configure Cointoolkit to use these providers under “Unspent outputs” configuration in the Settings tab
Please note dysconect’s git-multisig currently only support FLOT NBT addresses, so right now these three providers only store data for FLOT NBT address BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js. It is still a great backup for urgent FLOT transaction crafting.
Also added script debugging:
and signature position data:
while verifying transactions. Hope that helps with future troubles.
Feature request: a “current signings” page that lists multisig signings that are not completed (and maybe a history of recent completed ones.) With this FLOT member don’t have to go to nubits.com to click on links to sign incomplete signings. With each signing a remark can be made by the signer to put reason and e.g. URLs to posts.
I think that may be counter-productive. There is risk someone signs that listed signings only because they are there. Any signing requires from FLOT to manually check and verify what and why they are signing it.
Maybe a better approach for that is using a wiki like in the voting hotlist so we can add and remove links to the signing requests on demand, state the reasons why it should be signed with link to the sources, the motions requiring us to do so…
If all required number of FLOT members do this there is little hope they will do their due deligence from a forum post or an email/bitmessage
How about allowing other allowed signers to add remarks even if they don’t sign
That adds a storage layer, identification layer, moderation, etc. That kind of changes would add the risk of attacks such as code injection, and that is a huge trade off.
Cointoolkit is designed so you don’t have to trust me or anyone else. Known identities are the exception because they are hardcoded and easy to audit and crosscheck.
Honestly I don’t see the advantages over a forum wiki with links.
I agree it would not be easy to make a secure off-line page. I was thinking of a convenience tool for online signing.
nubits.com could be taken down by ddos or maybe other ways.