Online addresses + offline seed signing setup does not work

[goblin]

I'm having problems with grayed out "Sign" button in 2.9.3. Haven't tried earlier versions.

My scenario:

1. On an offline machine, I created wallet_1 with a seed. Then I copied the first generated bitcoin address to an online machine.
2. I prepared the transaction on the online machine (watch-only wallet_2 with 1 imported bitcoin address)
3. Finally I copied the transaction over back to the offline machine and loaded it from file. The "Sign" button is grayed out.

To actually sign the transaction on the offline machine I had to export the private key from the first address in wallet_1, and then to create a new standard wallet_3 using this (imported) private key. Only on wallet_3 could I sign the transaction.

As I understand it, the "Sign" button may be grayed out because Electrum doesn't know how far in the HD hierarchy to search for the key. However, it should at least scan the first ones that it's displaying in the Address tab. Preferably, if there's no key there, there should be an option to specify the HD index manually when displaying an unsigned transaction.

[ecdsa]

you cannot combine online addresses and offline seed, for the reason you explained.

you need one of those:

• online xpub, offline seed
• online addresses, offline set of import private keys

[goblin]

Could this be left open as an enhancement proposal? I might consider implementing it myself.

The problem with online xpub is that Electrum only allows a single xpub key, so you cannot import multiple keys this way.

One problem with offline set of imported private keys is convenience: why should the user have to create more wallets than necessary to accomplish a simple task of signing a transaction? But the other problem is more severe: on the offline wallet, once you run out of original 20-or-so generated addresses, there's no visible way to create/export more of them. Allowing the user to specify an HD index manually when signing would make it easier. Another option would be to have a button to create more addresses.

[goblin]

Yet another good solution for me would be for Electrum to allow to import multiple public EC keys (as opposed to a single xpub) in the online wallet.

[ecdsa]

I don't see how you could possibly do this.
unless you want the user to manually enter the HD index, and I believe that would not be a feature.

[goblin]

I'll have to familiarize myself with the code a bit more to know the details.

But if the user can sign the transaction by copy&pasting keys around wallets, surely it can be automated instead.

[goblin]

I mean the human-language algorithm would be to:

1. iterate over the available addresses (as shown in the Addresses tab) and check if any of them matches an input on the transaction being previewed
2. if so, use its key to allow to Sign the transaction
3. if not, keep the Sign button grayed out, together with a message saying a signing key was not found, and a button to look deeper or to specify an HD index manually

[ecdsa]

thats already what it does, except for the final part

[goblin]

Nope, that's not what happened to me. The offline seed-based wallet doesn't allow you to sign anything, even using the first address/key.

EDIT: OK, maybe it allows you to sign a transaction that was prepared from an xpub-wallet. But if the transaction was done from a watch-address-wallet, it doesn't. Haven't checked (yet)

[goblin]

In other words, I'm saying "online addresses, offline seed" doesn't work, for no real technical reason. It should work, at least with the first ~20 addresses generated from the seed.

[johnib]

Where we at with this guys?
I’m unfamiliar with the technicalities but I have the wallet on an offline machine and the read only wallet on the online machine.

I want to be able to issue transactions created in the readonly and sign them in the offline machine.

For the signature, it should only need the private key - so I’m not sure what makes the above impossible.

Thanks !

[goblin]

@johnib I have a branch at https://github.com/goblin/electrum/tree/fix_2897 (pretty much unmaintained now) which implements an experimental version of this feature. Ecdsa didn't want it in master, so it'll probably never make it there.

There are two ways to do that without my patch:

1. Use the master pubkey on the online machine instead of just a Bitcoin address or
2. If you HAVE TO use the Bitcoin address on the online machine, then on the offline one you first have to pick the right address from the list manually, then right-click it and export its private key. Then you need to create a new offline wallet using just that private key, and it'll let you sign the tx with that.

[elliotolds]

I just ran into this problem as a new Electrum user. To me the workflow of "create offline wallet with new seed, create online wallet by importing the address you care about, create transaction online, sign it offline, ...etc" seems very natural and it's a shame that I have to do manual work (create a new offline wallet and import the relevant private key) every time I want to sign a transaction in this way.

The reason I don't want to import an xpub to the online machine is that I don't want to leak information about all addresses I control to the online machine.

[cculianu]

@goblin I love your fix. It lets the average user get stuff done. The information to sign it is THERE in the wallet -- the fact that it can't be signed because the user didn't know what "Bip32" was and what an xpub seed is -- is a little weird to me too.

I'm thinking of creating a PR for the Electron Cash wallet to merge your fix in there.

Thank you so much for posting the link to your fix!!

[SomberNight]

note: we might port Electron-Cash#484 but I want #3738 fixed first