Skip to content

Instantly share code, notes, and snippets.

View matiu's full-sized avatar

ematiu matiu

  • Bitpay Inc.
  • Tucuman, Argentina
View GitHub Profile
// cryto exports:
return Bitcore.crypto.Hash.sha256(pk.toBuffer()).slice(0, 16).toString('base64');
// priv key validation
$.checkArgument(Bitcore.PrivateKey.isValid(privKey), 'The private key received is invalid');
@matiu
matiu / check.js
Created March 7, 2019 14:50
Checking a jsonPaymentProtocol signature witih bitcore-lib
const B = require('bitcore-lib');
// Example signature, from an actual jsonPaymentProtocol header.
const h ='6d580c9bc2fbaff7614e3a030d536417d07d6dfb93f7c8887aac4e67e27c3e32';
const s ='e7a6490572855eb8feedabe32872424a2aef5b0b0f6e8b7d1959f6621de8c15a3871283a8fa78fc292444c50dc578dc58bd924d947f2ecc4bb91c250885a518a';
const p ='03159069584176096f1c89763488b94dbc8d5e1fa7bf91f50b42f4befe4e45295a';
hbuf = Buffer.from(h,'hex');
[client.js.128:payload:] [{"address":"qqgpzjullztrd0xmsvsepxl6hp575pmjsyxwyaddp4"},{"address":"qrw5340g4tt3nk47sl5zpqph5y2gd6rddswc0qaa50"},{"address":"qzy0n4tq50lpjhe560uggpvxl4j28gykcu4n4tdw8r"},{"address":"qp90c6s67nayptr8jkmnp922r5vnxg8x45zcxp7e0n"},{"address":"qzd9r0xpcd8gvd7h7qcxzcnt7z443576wsjfwkcdrr"},{"address":"qz3wv55hyqz2edh4lkt4ff6z2k276363guvypvsl6x"},{"address":"qp4wpn3mkgm2jmv9ccxwu33jpcexf7fgpqg4uzk69l"},{"address":"qrp6s5jjudzs4e8h83g3j8hgaq3dlr2mxg6g0lw7yq"},{"address":"qpupl5x86jzw79spqfm8j3nyqdnd0uhpvqdwtvu4ej"},{"address":"qrxpsy8vacx9n8yfdcyv8n9nz9mfnxaagvk8624dlt"},{"address":"qqq06s8z509gxtqcn4z0znhtt767rqzu7vuwuljrs9"},{"address":"qq77x54g58jtgpqk8tpdhzmrn5s64azqzgkxxdr7g7"},{"address":"qzu3azwgj7ctv52eugxnd5zkvdfl5mtf7ucpf0uuc4"},{"address":"qqlwf0du4qecv8ddtscu5y5g43php2q4rqxwwlr3gs"},{"address":"qpmv900hcfv8mqqh9jzxxc2zh2m7hjuqyuhjhf3393"},{"address":"qrfqmzyft2jmhdkc4kqkweclhdvus6s4lqzpflpdq5"},{"address":"qpm92wzak9muxxtyc7n8ktj32tsj9j3h55anajghxh"},{"address":"qzmdasezmcclulnfd
@matiu
matiu / csp.md
Created November 29, 2018 14:56
Copay and Bitpay Wallet Network Restrictions

To prevent unautorized network access, Copay and Bitpay Wallet v5.3.0 and above use the following Content Security Policy (CSP)

  <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' https://bws.bitpay.com
  https://bitpay.com https://auth.shapeshift.io https://shapeshift.io https://api.coinbase.com https://coinbase.com; 
  img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:">

This restrict network connections to the listed hosts only. As a consecuence, accessing self-hosted Bitcore Wallet Service (BWS) hosts will not be allowed.

Using bitcoin-abc 0.17 hash: 855043153da2d7d5d4d577eede5ecf22f2c87080,
running bitcoind with: `-regtest -monolithactivationtime=0`
1. Base line
- send 10 p2pkh TX/s, 10 seconds. Check CPU and IO load.
- send 10 (small) op_ret TX/s, 100 seconds. Check CPU and IO load and mem usage.
2. Tests
@matiu
matiu / gist:f7b4afb3781c9f7c735435f19602db31
Last active June 23, 2021 21:21
Test new opcodes - bitcoin Cash
  1. run bitcoin-abc with: ./bitcoind -regtest -monolithactivationtime=0
  2. create some UTXOs: ./bitcoin-cli generate 100
  3. grab one UTXO: ./bitcoin-cli listunspent (grab the last TXIDs, vout; we will call them here: TXID: 64be40b2688e8767fc62f8556d3b9ee608aae28894b867f8228ac5aa74325aff vout: 0
  4. create a TX with the script you want to test, using P2SH: bitcoin-tx -regtest -json -create in=64be40b2688e8767fc62f8556d3b9ee608aae28894b867f8228ac5aa74325aff:0 outscript=49.999:"XOR 1 DUP":S (last :S is to use P2SH) => hex: 0200000001ff5a3274aac58a22f867b89488e2aa08e69e3b6d55f862fc67878e68b240be640000000000ffffffff01606b042a0100000017a9145944649bbd7f8d554b993e74f7b7884d2c78a2908700000000
  5. sign it:
@matiu
matiu / gist:61c9f529efeeba66c0e2
Created June 3, 2015 17:35
How to verify Copay file signatures
  1. Download signature file
  2. Check it by running:
$ gpg --verify \
 $FILENAME.sig \
 $FILENAME

# If should say:

 "Good signature from "Copay (visit copay.io) "
  • createTX
    • output: 1bitcoin
    • amount: 1BTC
    • useCoinJoin: true
      • coinJoinToSignTimeout: 1hr
      • coinJoinToBroadcastTimeout: 24hr
      • coinJoinTimeoutPolicy: broadcastWithoutCoinJoin | rejectByServer
@matiu
matiu / gist:50eb38b77f03284a5cc9
Last active August 29, 2015 14:16
BWS access schema

BWS Access Control

There are 3 tiers of access control

  1. Access is controlled at the server

All requests to an existing wallet must be signed by a private key and are verified by the server. All copayers have a always valid private key, m/1/1, and can generate more with restricted access thru the grantAccess removeAccess API.

Extra access keys pairs are always derived from the extended master private key using m/1/x.

Hoy

  var storage = new Client.FileStorage({
    filename: args.file || process.env['BIT_FILE'],
  });
  var c = new Client({
    storage: storage,
    baseUrl: args.host || process.env['BIT_HOST'],
    verbose: args.verbose,
  });