trezor / connect Goto Github PK

Is there a way to sign BIP49 Segwit Multisig raw transaction?

Like this signing code from bitcoinjs-lib:

txb.sign(0, keyPairs[0], redeemScript, null, unspent.value, witnessScript)
txb.sign(0, keyPairs[2], redeemScript, null, unspent.value, witnessScript)
txb.sign(0, keyPairs[3], redeemScript, null, unspent.value, witnessScript)

Thanks

Rewrite all the fee logic to use bitcore logic.

Is necessary for #55 anyway.

• not initialized TREZOR should be handled inside Connect
• interestingly enough - TREZOR displays cancel/confirm - it probably shouldn't?

Add multitasking behaviour similar to mytrezor

All the getAccount etc. calls don't support segwit and the segwit accounts

It's going to be harder to support, since we changed the API of hd-wallet etc.

Currenty not possible to test, since connect doesn't support LTC (or testnet) account discovery

I'm having trouble getting the Trezor login to work on my website.

I stored the public key returned in the response from the Trezor and use that to verify against. However, the signature verification fails. After a bit of digging I noticed that the key in the signature and the public key in the response don't match. I tried entering the data (after converting the public key into an address) into coinig.com and got the following response:

If I enter the address it suggests (extracted from the signature) the verification passes.

There's a thread under NBitcoin's github about my issue here: MetacoSA/NBitcoin#134

What could be going wrong here?

In the symmetric encryption example, if I select "ask on encrypt" I'm asked when I want to decode, and if I select "ask on decrypt" I'ma sked when I want to encode.

Trying to sign a transaction with the following arguments:

inputs:[{
address_n: Array[5]
0: -2147483604
1: -2147483648
2: -2147483648
3: 0
4: 0
prev_hash: "c543d6d7d2f2e13f340f7fc48a6b048dc91bd761acd6f21d13ccfdbf0d5c5af4"
prev_index: 1
}]

outputs: [{
address_n: Array[5]
0: -2147483604
1: -2147483648
2: -2147483648
3: 1
4: 0
amount: 14840
script_type: "PAYTOADDRESS"
,{
address: "3EPpjULHyMeNn6W4fLkCH5GGmyRdqeYY13"
amount: 20000
script_type: "PAYTOADDRESS"
}]

(sorry the format, captured from the browser's console).

Returns:

Object {success: false, error: "Encountered invalid prevhash"}

Any hint?

Installing trezor-connect with bower install failed because your Github repo hasn't any release.

The popup is throwing this error:
Uncaught TypeError: Cannot assign to read only property 'identity' of {"type":"login","icon":"/assets/logo.png","challenge_hidden":"d92b09ccd0af8b611aca7d12daf031e5d531e3649f817cd739d1089fcc5e0827","challenge_visual":"2015-10-02 15:34:18"}

This line seems to be the culprit: https://github.com/trezor/connect/blob/gh-pages/popup/popup.js#L32

I'm using Google Chrome Version 45.0.2454.101 (64-bit) on OS X Yosemite

Regards

I send some bitcoin to a wallet address on my trezor

Then I create a transaction to spend that bitcoin via another framework or via another api which produces an unsigned hex

is it possible to sign the hex via the trezor connect api?

After action cancel is connected trezor.js (v5.0.0-8) still returning error "wrong previous session" ... to fix it, you need to reconnect device.

Allow selecting "Account #1" in account discovery even when not all accounts are fully loaded yet...

I have a client and I implementing authentication through trezor and he want fully autonomous authentication. He fears if we connecting to other servers they can be compromised.

Will it be more safe if I take connect.js and popup.html and serve them on my server? And will people trust us if we serve this files on our side?

Screenshot looks hot! I will try it out soon!

I noticed that the text on screen says "HTTP Login", even for an https web page? That seems confusing and HTTP is perhaps unnecessarily jargony. Indeed does it even need to say HTTP or web? What if someone wanted to use the protocol for IMAP or some custom app specific protocol?

We should add some license probably

We have GPLv3 in popup/package.json, but it's not clear how relevant it is

• connect should not return any data: challenge_hidden or visual; some implementators are able only returned data
• connect should require chalenge_hidden and visual and not generate its own

I am missing traditional "sign a message" feature as it is available in mytrezor.com.

I don't see any option to specify testnet when calling signTx. Does Trezor auto detect Bip44 testnet address?

Thanks
An

I tried out the login example. The popup stuck at Loading... forever.

The error in the JS console is:

popup.js:151 Uncaught TypeError: Cannot read property 'substring' of undefined
    at parseIdentity (popup.js:151)
    at onMessage (popup.js:75)

Any idea how to fix it?

Thanks

I am getting the following error when attempting to compose a transaction with this library.

{
  "success": false,
  "error": "Cannot read property 'lookupTransaction' of undefined"
}

This is happening in both my implementation and in your examples here https://connect.trezor.io/1/examples/. I've tried in Safari and Chrome with the same results. Is it possible that my Trezor has an issue? Thanks!

Hi

I am interested in using the sign api to sign an unsigned transaction
e.g.
0100000001bf1f87c5041063d8353f3d8e109fb11405456d7972c5f401308ced36eb9e8fea010000001976a914e1869fa1cec7741a502e7a5bd938ed8f5e354b5488acffffffff0200000000000000002e6a2c0b0b8cb664864cdf2ff70668595e63567b9d8ece36b2383513b6eeab7f1c15e70466593f13bb49618b8afe7079e93a00000000001976a914e1869fa1cec7741a502e7a5bd938ed8f5e354b5488ac00000000

Looking at the api I need to use inputs and outputs,
TrezorConnect.signTx(inputs, outputs, function (result) {

Is there a way to decode this hex into compatible inputs and outputs for the TrezorConnect.signTx function?

current state:

• user clicks Sign in with TREZOR without plugin / bridge / extension working
• nothing happens & error message is returned

proposal:

• show diaglog with information "TREZOR not installed properly. // Go to mytrezor.com to fix this. // TREZOR is unique device, which let's you login securely without password // Find out more..."

Connect doesn't support LTC / other BTC-based altcoins discovery

Again this will be harder to do because connect uses slightly outdated hd-wallet

Hello, Copay Dev here.

We have been asked by many users to support BitcoinCash on Copay/Trezor for multisig wallets. Some users mentioned BitcoinCash was already supported on Trezor, but I can't find any documentation on that, an I see also:

3d64e07

Was bitcoinCash support was removed? Any advice how to allow our users to sign a multisig transaction with trezor? thanks.

Hi guys,

Is there a way to connect a bitcoin testnet node (e.g.: https://test-insight.bitpay.com/) ? I saw 2 trezor bitcore node urls hardcoded inside ('https://btc-bitcore3.trezor.io', 'https://btc-bitcore1.trezor.io'). Then I switch to localhost to run the code in development mode, so that I can change the file popup.js and load it locally, instead of loading from https://connect.trezor.io/3/popup/popup.html . However, I then run into another error which is

signtx-paytoaddress.html:31 Error: Input not found
(anonymous) @ signtx-paytoaddress.html:31
(anonymous) @ connect.js:1006
onresponse @ connect.js:1014
respond @ connect.js:867
receive @ connect.js:873

Currently, I'm using npm http-server to run this locally.
A little help for running this in development mode or connecting to a testnet node is appreciated.

Thanks
An

TREZOR and Connect should behave differently under following authentication modes. Motivation: each action has different workflow and returned variables, only Sign up should display address

Singing up (trezor:signup) = linking TREZOR with account

• TREZOR message "HTTPS request" + site / challenge visual / "Sign up to this site?" (Cancel/Confirm)
• TREZOR message "Visual check. The following identity should match:" + address. (OK)
• Connect returns public key + signature
• site displays address and asks for visual validation and password authentication.

Checking linked publick key (trezor:checkidentity ~ something like Check on TREZOR (eye))

• site displays linked address and asks for visual validation
• TREZOR message "Visual check. The following identity should match:" + address. (OK)
• Connect returns nothing

Singing in (trezor:login)

• TREZOR message "HTTPS request" + site / challenge visual / "Log into this site?" (Cancel/Confirm)
• Connect returns public key + signature

Action confirmation (trezor:confirm) ~ for withdrawals inside account etc., when public key is known

• TREZOR message "HTTPS request" + site / challenge visual / "Confirm site action?" (Cancel/Confirm)
• Connect returns signature only

• TREZOR should display identity information, ONLY need when pairing account with public key (site should display the identity too, not needed during usual authentication)
• what to display: full bitcoin address? first bits of address hash? (easier to check)

Motivation

• leverage TREZOR secure display
• resistant to "fake public key submitted by Connect" (when SL turns bad, looses control of github or there is another middle man attack)
• trust is only between user and site

(again just copy-pasting @sipak issue from elsewhere, I don't understand it, do what you want with it)

https://connect.trezor.io/1/connect.js refers "bitcore2.trezor.io" and "bitcore3.trezor.io". Correct are "bitcore1" and "bitcore3"; "bitcore2" will be discontinued soon.

I got this error when attempting to sign a transaction which output has more than 21.48 BTC:

Range Error: value out of range

I believe this is because 20 BTC = 2 billions satoshi and the maximum integer number is: 2,147,483,647
How do I fix this?

I am using Trezor connect for the site here at: https://www.coincircles.com/

We also host it on tor, and with the tor browser(mozilla) the bridge does not work. It works via mozilla otherwise.

When going through tor, cloudflare gives me a Google Recaptcha, after which it asks me to install the bridge, which is already installed.

are requested in https://github.com/bitpay/copay/issues/3558

It would be nice to ask for reenter pin again after wrong input. Not just close the window.

Trezor connect dont works anymore since few hours
impossible to connect trezor to myetherwallet

Does anyone know which path Trezor derive master public key and addresses?

Thanks
An

message in confirmation dialog should not be
"Confirm action on your device ..."
but
"Check and confirm action on your device ..."

Hello,

I was trying to sign a multisig transaction. However, I kept getting the error: Failed to compile input. Here's my code:

// for a convenience, TrezorConnect internals convert xpubs to HDNodeType.

         // master public keys, path: m/44'/1'/0'
        // External master public key
         var ext1 = 'tpubDDhX9wCe9aSJZ3ytbPMeJ1tTzjwFu7uHSr1TV3D5efca3DuJEH8FLDhjnmXzgwF7DYSGszgBnMrdytYVisarf9FSwGugPWxYKDXeNnAZi5x';
        
        // trezor master public key
         var int1 = 'tpubDDLqCpkXDRQWNce4kax9pYiQHkHNBTSYw6HHDqBUqKxtFcouTXtEY7Hs5wthLjttYjA4BmNFvn9ZkYmN63K9Uzk35uQ9HRQQSRUN5pVTw8B';

         // spend a multisig input, address derived path: m/44'/1'/0'/0/0
         var inputs = [{
             address_n: [2147483692, 2147483649, 2147483649, 0, 0],
             prev_index: 1,
             prev_hash: '003c3cfbd827dfdc9887643fbee12388280de729d73c6b24dea6bfff5fd96900',
             script_type: 'SPENDMULTISIG',
             multisig: {
                 pubkeys: [{node: ext1, address_n: [2147483692, 2147483649, 2147483649, 0,0]},
                           {node: int1, address_n: [2147483692, 2147483649, 2147483649, 0,0]}],
                 signatures: ['', ''],
                 m:2 
             }
         }];

         // send to PAYTOADDRESS output and a change output
         var outputs = [{
             script_type: 'PAYTOADDRESS',
             amount: 250000,
             address: 'mtzeYi5DCdXzYdVZ99sG82TDf7947gF7a1'
         }];

         TrezorConnect.signTx(inputs, outputs, function (response) {
             if (response.success) {
                 console.log('Serialized TX:', response.serialized_tx); // tx in hex
                 console.log('Signatures:', response.signatures); // array of signatures, in hex
             } else {
                 console.error('Error:', response.error); // error message
             }
             document.getElementById("response").innerHTML = JSON.stringify(response, undefined, 2);
         }, false, 'Testnet');
     }

    </script>

Any idea why?

Also, popup.js seems not to have support for signning multisig testnet transaction. I had to modified the code manually for it to accept the testnet transaction.

let convertXpub = (o) => {
        if (o.multisig && o.multisig.pubkeys) {
            // convert xpubs to HDNodeTypes
            o.multisig.pubkeys.forEach((pk) => {
                if (typeof pk.node === 'string') {
                    **_pk.node = xpubToHDNodeType(pk.node);_**
                }
            });
        }
        return o;
    };

Thanks

Add "Show address on TREZOR" feature to Connect

Please add example which demonstrates using Connect to send transaction with OP_RETURN output.

Hey guys,
I'm getting "Wrong acquire input" Error with the latest Chrome extension (1.0.11).
Let me know if I can help in any way to diagnose this.

Thanks!

please update popup.html => popup.js (LiVE)

thx

p.s. will test the signmsg if it also works for eth

missing on Version2 and Version3 !

Currently the widget for account discovery & selecting an account allow user to choose account only when all accounts are loaded. Please change that so account can be chosen even when discovery is still in progress.

When waiting for user confirmation on TREZOR, user can't cancel action by closing the window. Browser is stuck in that time.

When user enters invalid PIN, do not exit with error, but offer dialog "Invalid PIN Enter. Retry?" Cancel / OK option

When extension / bridge not detected show dialog "TREZOR not installed. Install now?" Cancel // What is TREZOR? // Install now (redirect mytrezor.com)

getAccountInfo calls and others (signTx, composeAndSignTx, etc.) are contacting Bitcore instance to access the blockchain. The list of instances is hard-coded in the Connect code, but the list is limited to Bitcoin-only instances, which makes Connect unusable for alt-coins.

I see two options, how to fix the problem:

1. Connect detects the coin by parsing given BIP44 path, or even better the coin will be given explicitly as another parameter of the call. Connect will have a hard-coded list of Bitcore instances for each coin and use these.

2. We will allow the user of Connect API to specify the 3rd party Bitcore URL

I am voting for 1) although it means we'd need to host a Bitcore instance for every supported altcoin, because with 2) one can provide a malicious Bitcore instance.

function TrezorConnect.requestLogin returns signature and pubkey

I have a reason to not trust to the returned pubkey. I wish to reconstruct pubkey from the signature or at least verify that signature matches the pubkey. In the SLIP-0013 proposal I can read

"Signer takes this data and computes the private key according to section HD Structure. Then it concatenates sha256 hashes of challenge hidden and challenge visual and signs the result using the standard Bitcoin message signing. Finally, the signature is returned together with the node public key and node address."

As I understand, the message to sign is: "Bitcoin signed message" || || sha256(hidden) || sha256(visual)? Are the hashes in a binary form or in a hex form (or in a base64 for, or ... whatever)? Please provide some example in the document....

If there is a detailed documentation somewhere around, please move it at some "exposed" place.

Hi. I am just playing with trezor connect and there are few features I am missing. One of them is trezor detection. I want to show UI to user only if he/she can use the trezor. The feature can detect whether the bridge/extension is presented - this should be enough to achieve this requirement (user without the bridge probably hasn't the trezor at all).

Other missing features may appear in separate issues :)

Thank you!

It's already done in the newest firmware: trezor/trezor-mcu#189