Cointoolkit FLOT guide and changelog

This guide will cover FLOT verifying and signing workflow.
Cointoolkit can be used for other ends, but should at least be used by shareholders to verify FLOT addresses, transactions and signatures.
It have numerous advantages to working directly with the command line, like known key verification, multi signature signed counter, transaction verification, works in any device with a browser, no need to be on 24x7, etc.

This guide is valid for NuBits, NuShares, Peercoin, Bitcoin, BlockShares and BlockCredits, and the steps will be exactly the same. Just make sure you have selected the mode you want to work in, on the dropdown at the top right of the page.

Remember that this application can be used offline for enhanced security, and that the live version at http://ttutdxh-nubits.github.io/cointoolkit/ is loading directly from https://github.com/ttutdxh-nubits/cointoolkit, so no changes can be made to the code without being reflected in GitHub. Everyone can check the code and be sure what the code is doing to your data.

Using it as a offline solution is specially secure working with QR data between you online device and your offline verifying and signing device.

Creation of your keys

Note: If you already have created a address/pubkey in the desktop wallet you can "dumpprivkey {address}"
in the console to get your WIF, then paste it in Verify page to get all the details and skip this step.
Navigate to the New Address page. You have a few options to create the private key/pubkey/address.

  • Generate from a Seed or Brainwallet: This allows you to use a password as your private key, allowing you to memorize it and be available without the need of having the private key at hand.
    Check the box “Custom Seed or Brainwallet” and enter your unique password, then click generate.
    Repeat this step a few times to be sure that the keys match and you are entering your password correctly.
    Remember that you can use the same password/seed in multiple modes (like NBT, NSR and BTC) and you will get a correspondent address for each mode, allowing you to only remember one.

Warning: Brainwallets are as secure as the seed.
Attackers are professionals, continually trying to guess people passwords, and they are pretty good at it.
They brute force numbers, dates, word lists, and even quotes or book texts!
You will be robbed if you use anything that is written on the internet. Only use >12 random words like “result result quit crew tiny potato frost apple rib puppy federal sausage absent”, or totally random strings like: "Th\sI33AReallyL==ngRa`nnnd$mAndS*c4reBr[inWal!etSeed!"
Bonus tip: Add your email address at the end of the seed to make it extra secure, so attackers will have to explicitly target you instead of just crack it out of thin air.

  • Click generate with the default options: This will create a random key, so you will have to store/correctly backup the Private key in order to use it later.
    You can calculate the public key and address of your private key later. Paste your private key in the Verify page and click “Verify” to calculate them.

You now have your keys/address ready to receive and send funds from that address.

Creation of the multi signature address

Navigate to the New Multisig Address page and you will see empty rows where you can add each signer public keys.

Known public keys identities will be shown in the gray box next to the public key.
Current FLOT members public keys are known by the application and can be added clicking on the “Need a Mediator?” button. You can then select the FLOT member from the mediator dropdown and select add public key to add the corresponding public key to the list.

When you are done selecting the signers select the amount of signatures required to release the coins and click on Submit.

Warning: Altering the order of the public keys results in different addresses, so it is recommended to order them lexicographically to avoid mistakes.

An address and a redeem script will be generated, which is necessary to spend from that address.
Ideally you should share the shareable url, so other people can verify the address belongs to FLOT members.
The group is now ready to receive funds.

This is the first NBT address created by FLOT (click to verify): BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js

Creating a transaction

Only one of the FLOT members will have to create the transaction. If you have received the transaction you must continue to the next step.
Navigate to the New Transaction page and you will see a field to input an address, WIF key or the previously created redeem script.
In this case, since is a multisig address, you will have to input the redeem script created in the previous section and click “Load”.

All the unspent outputs of the address will be loaded under the “Inputs” tab, where you can review and delete unnecessary ones.
Now go to “Outputs” tab and enter the receiving address, the change address (should be the same multisig address from where the funds are being spent, so the change comes back to the same group control) and the amounts.

Warning: The remaining amount not sent to the change address will be used as a transaction fee.

Click generate and you will get a hex encoded transaction that you can share or save for the next step.

Transaction verifying

This step and the signing step are crucial since they will dictate where is the money being sent, and equally critical, what funds are being spent.
Navigate to the Verify page where you can paste the transaction or load it from a QR Code, then click “Verify” and carefully examine and cross-reference what the transaction is doing.
If you find any discrepancy, alert immediately the rest of the members.

When you have verified the transaction, click on the blue button “Continue to sign” to copy it over to the Sign page.

In the Verify page you can verify transactions, redeem scripts, pubic keys and private keys
Private keys must be in WIF format! To verify hex private keys go to New Address page and use the hex key under “Custom seed”. Be sure to check the box “This is a 64 char hex private key”, else it will be handled like a brainwallet seed!

Transaction signing

Do not sign transactions that you haven’t verified in the previous step.
Copy the verified transaction from the Verify page to the Sign page. Insert your private key corresponding to that transaction and you will get your signed transaction.

You can now repeat the Transaction verifying step with the signed transaction, to see if it has been correctly signed. If everything is fine you can then share the link at the bottom on “Shareable verification link” to let the next signer continue with the request.


Hope this guide and Cointoolkit is useful to you, if it is, please consider donating! Thanks!

9 Likes

The fetches unspent inputs from blockexplorer? What is the API?

Currently there is no API, this just fetchs the data the same way as blockexplorer.nu and filters it.

Very neat!

Maybe this above line should be put on the page as it asks for address but doesn’t accept one here.

In the “Need a Mediator?” box it says

for a low fee your mediator will help with the recovery of the funds should any disputes arise

How does a mediator help to recover the funds if the funds are sent?

I have been able to verify the BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js address.

Can this page be saved and run locally?

Very useful resource … To avoid this getting lost at some point, can someone volunteer to put it up on docs.nubits.com?

The repository is written in markdown, so it’s enough to copypaste what you just wrote.

https://github.com/NuNetwork/documentation is the repo, complete with instructions on how to add a section.

If you want I can volunteer in creating the section while someone else can then keep it up to date.

What do you think?

Absolutely, but better to wait a few weeks for a final version since the guide and application are being actively improved.

Added:

  1. Creation of your keys section

In the page it says “Address, WIF key or Multisig Redeem Script:”

Example: You have a multisig address with a friend, with the two of you required to sign, so a 2 of 2. Imagine that you enter a dispute and the other person does not cooperate, funds are locked.
Imagine you added a mediator, now it is 2 of 3. The mediator only have one signature, so can’t steal the funds.
Now if a dispute arises and your friend refuses to sign, you can contact the mediator, the mediator will mediate between you two, and decide who is right. Then his signature and the one of the winner of the dispute can control the funds, effectively unlocking them and resolving the dispute.

Thanks.

… but when you put in an address (happens to be a multisig) it may not work.

Added message if entered incorrectly:

This is a multisig address. You must use the redeem script, not the multisig address!

1 Like

Honestly great work on this tool @ttutdxh even a simpleton like me can use it!

I’m not wowed easily, but the cointoolkit provided by @ttutdxh does that!
I can’t imagine how the FLOT would be able to deal with multisig addresses and transactions in a timely manner without it. I’m not yet sure about the “timely” aspect, but I know that cointoolkit speeds things up - without it, all would definitely last longer!
The improvement compared to coinbin (from which it was forked) is tremendous.

I want to point this out:

It is useful for the FLOT members. Each member (including me!) can consider how much efforts are saved thanks to it (and @ttutdxh’s amazing work).
And the NSR holders should ask themselves whether they find tools that make the FLOT more efficient, valuable.

I don’t know if there’s a fund for things like that:
I want to propose cointoolkit for a reward - and I’m not speaking of a formal praise :wink:

Are there others who feel the same about cointoolkit?

2 Likes

@masterOfDisaster tanks for the encouragement. Glad it helped you.


Today I am adding support for combining signatures in a multi signature transaction.
To understand why this first tool ever :tada: to automate this is useful, please consider this scenario first.

A group of people that controls a multi signature address have to sign transaction 00a0fff…(example of real, hex serialized transaction) from a 3 of 5 multi signature address.

  • Member 1 sign the transaction and results in 11a0fff…

  • Member 2 take 11a0fff… and sign it. He gets 22a0fff…

  • At the same time member 3 take the same tx signed by member 1, 11a0fff… and sign it himself. He gets 33a0ff…
    Member 2 and member 3 publish their correspondent transactions, 22a0fff, 33a0ff.

  • Now we have 3 diferent versions of that tx:

    • 11a0fff… With signature of member 1. (total 1 of 5)
    • 22a0fff… With signature of member 1 and 2. (total 2 of 5)
    • 33a0ff… With signature of member 1 and 3. (total 2 of 5)

They don’t have any transaction with the minimum 3 of 5, and they should since 3 of 5 members signed.
Members already did their corresponding signing and left. What can you do if you need the transaction ASAP?

  • Go to http://ttutdxh-nubits.github.io/cointoolkit/#verify and select the network mode in the top right.
  • Go to the Verify tab, paste the first transaction and click verify.
  • A list of inputs will show up, click on the number of signatures of one of the inputs.
  • The list of required signers will appear, and at the bottom you can paste another version of the transaction.
  • Click “Combine transaction” and a new one will be generated with all the signatures from the different transactions.

Problem solved, deadline met.

4 Likes

@masterOfDisaster made me think:

I though, Cointoolkit should do that.
So after the last update you can now check everything you need from the verify tab, amounts and fee inclusive.

It currently works with BTC, NSR and NBT.

4 Likes

Stunning!
Don’t need much more words to explain how I perceive your cointoolkit :wink:

I have updated git-multisig to save unspent outputs in JSON format. This can help Cointoolkit retreive unspent outputs in case blockexplorer fails.

@masterOfDisaster and @jooize please update your flot-operations folder and repositories, by forking from mine : https://github.com/dc-tcs/flot-operations, as well as the newest git-multisig. The rest of FLOT (NBT group) may also download the newest version of git-multisig.

Cool. Updated. :evergreen_tree:

git clone git@github.com:jooize/flot-operations.git
cd flot-operations
git remote add upstream https://github.com/dc-tcs/flot-operations
git fetch upstream
git checkout master
git merge upstream/master
vi BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js/unspent

Is there a way to resolve conflicts without an editor?

git add BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js/unspent
git commit -m "Update to upstream"
git push origin master

Removing the entire folder is an option. The script will automatically git clone. Perhaps I should deal with that, though I dared not put something that does “rm -r” in the scripts as it could lead to some pretty bad accidents…

can we seen which FLOT member signed or not?

@huafei yes, just click the signature count when verifying a transaction.


@dysconnect great news, that will avoid blockexplorer.nu availability problems.