itsy-btc 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 6cc6b7da4cccd2c198f421508ea9f27b44b6015e
+  data.tar.gz: 5296961199659fb87256ce91015965ad16111668
+SHA512:
+  metadata.gz: 9b62525545c12765e7ecd10fbe1382d1a98c6b325d7588f385c7b917590bed6e614b8e449808de91753b5f52245cd8bafd0ec9d3097e88b69fc5f40cdc4a500e
+  data.tar.gz: b19b4673fdcaa634a68933265cf5f3579f0cba67979ab4c5bdfb3db64c14be2090b9d87929ce1219b928129a1472935e9b221c1a2ca30406db7884006f2c7a11

data/Gemfile

@@ -0,0 +1,2 @@
+source :rubygems
+gemspec

data/Gemfile.lock

@@ -0,0 +1,21 @@
+PATH
+  remote: .
+  specs:
+    itsy-btc (0.0.1)
+      bitcoin-ruby
+      bundler
+      highline
+      open4
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    bitcoin-ruby (0.0.2)
+    highline (1.6.20)
+    open4 (1.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  itsy-btc!

data/LICENSE

@@ -0,0 +1,7 @@
+Copyright (c) 2013 Jeremy Ruten
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,108 @@
+# itsy-btc
+
+`itsy` is a funny little bitcoin wallet for people who can't trust their computers to keep a secret, especially when their *money* exists entirely as a collection of secrets. It also feels a lot like using git, where transactions are like commits that you create, sign, and then push to the distributed repository, i.e. the blockchain. If you like git, then you will feel right at home with this tool.
+
+## Rationale
+
+Here's the main problem this tool tries to solve: You likely have a computer that is years old, and over those many years you have downloaded and run countless executables from the internet, many of which themselves run on your computer and accept all sorts of connections to your computer from anyone in the world. You have to assume there are vulnerabilities in some of the code you have ran during your computer's history, and so you really can't assume that there isn't some ~~bad~~ code running that is inspecting your computer's memory for secrets and broadcasting them periodically to ~~bad~~ people.
+
+Now it does seem rather unlikely to me that my keys are being logged, or my screen is being shot, or my RAM is being scanned, for purposes of skimming bitcoin private keys. But I think it's good to be paranoid about the possibility of my secrets being stolen even if their unencrypted form only exists in RAM for short amounts of time. As bitcoin gets more popular, these kinds of attacks will probably become common. (Probably mostly by frustrated miners who can no longer afford the hardware to keep up, so they have to "mine" their precious bitcoins in more creative ways...) Another thing to worry about is all the intentional backdoors at the OS or hardware level that have been uncovered lately, through which who-knows-how-many employees could get into your computer and swipe some secrets.
+
+So the only solution I see is to create and manage all your secrets on a computer that is permanently offline. A nice cheap, convenient solution is to use a Raspberry Pi for this.
+
+## Install
+
+Install the `itsy-btc` gem on your online, every-day computer:
+
+    $ gem install itsy-btc
+
+Then you want to install it on your offline computer as well. Simply fetch the gem file and its dependencies and transfer them to your offline computer with a USB stick or similar, and install:
+
+    $ gem fetch itsy-btc bitcoin-ruby ffi highline
+    $ cp *.gem /mnt/usb/
+    ... switch computers ...
+    $ cd /mnt/usb
+    $ gem install itsy-btc-0.0.1.gem
+
+## Basic usage
+
+Most commands operate on a file called WALLET.itsy that is in your current directory. To create this file, use the `init` command:
+
+    $ itsy init
+
+It will ask what passphrase to use to encrypt the wallet with. Make it a good one! 
+
+Now generate an address:
+
+    $ itsy gen "optional comment"
+
+You can generate as many as you want. List them like this:
+
+    $ itsy list
+
+To make transactions, your online computer needs to know what all your addresses are, so copy your wallet file to your online machine. Your private keys are encrypted in this file, so as long as you never type your passphrase on your online computer, they should be safe.
+
+    $ cp WALLET.itsy /mnt/usb/
+
+Then on your online machine, after you've received money into your address, you can create a transaction to send some money to someone:
+
+    $ cd /mnt/usb
+    $ ls
+    WALLET.itsy
+    $ itsy tx 0.25 18wh2CbAjeB7i1w3zjPX8iCasy1zMYYgnv
+    Will send 0.25 BTC to 18wh2CbAjeB7i1w3zjPX8iCasy1zMYYgnv with a fee of 0.0001 BTC.
+    Transaction saved to 8b1738aaadb37a6c51d9caeec31a0b4f6bb0e0aa6ef7346a36a2813437298964.json.
+
+It figures out what inputs to use using information downloaded from blockexplorer.com.
+
+Okay, you have the transaction as a json file on your USB device. Now switch to your offline computer to sign the transaction:
+
+    $ itsy sign 8b1738aaadb37a6c51d9caeec31a0b4f6bb0e0aa6ef7346a36a2813437298964.json
+    1 input signed, transaction saved to 8b1738aaadb37a6c51d9caeec31a0b4f6bb0e0aa6ef7346a36a2813437298964-signed.json.
+
+Finally, transfer this new file to your online computer and push the signed transaction to the block chain:
+
+    $ itsy push 8b1738aaadb37a6c51d9caeec31a0b4f6bb0e0aa6ef7346a36a2813437298964-signed.json
+    Transaction pushed successfully.
+
+## Advanced usage
+
+Create custom transaction:
+
+    $ itsy tx
+    (1) Add input, (2) Add output, (3) Save, or (4) Cancel? 1
+    Prev tx? f480a09eb541c27fa4d3b7f3d3fceabde50840758248327fd0fb3cc6970c7486
+    Output index? 0
+    Input added. (Amount: 0.25 BTC)
+    (1) Add input, (2) Add output, (3) Save, or (4) Cancel? 2
+    Address? 1B2p7d1BPMqVrQMb97kTk5RbUvUH9CetBK
+    Amount? 0.1
+    Output added.
+    (1) Add input, (2) Add output, (3) Save, or (4) Cancel? 2
+    Address? 1C19FTsSj2ahsRjGfRFuiyDm9QJg9UZVSJ
+    Amount? 0.1499
+    Output added.
+    (1) Add input, (2) Add output, (3) Save, or (4) Cancel? 3
+    Will send 0.1 BTC from 1 input to 1B2p7d1BPMqVrQMb97kTk5RbUvUH9CetBK with a 0.0001 BTC fee.
+    Transaction saved to 9e62c79d41670168e11e98f68ed709ea22004a73978c37384e7d9613e5e2961e.json.
+
+Authenticate to access encrypted wallet during a session (otherwise it will ask for your key every time you sign a transaction or modify your wallet, which might be okay):
+
+    $ itsy auth
+    Your passphrase? mysup3rs3cretpassw0rd
+    Wallet unlocked until poweroff.
+
+## TODO
+
+* Unit tests
+* Tighten error checking, integrity checks all over, i.e. make it hard for users to do anything stupid
+* Document commands thoroughly, so `itsy help <command>` gives lots of info for each command
+* Experiment with interacting with the bitcoin network directly (with bitcoin-ruby) to remove some of the dependency on blockexplorer.com (especially for the `push` command)
+
+* Idea: maybe wallet should be partitioned into hot and cold storage, with simple ways of transferring one to the other. Then you can have the best of both worlds.
+
+## Warning
+
+This project is just me trying to do bitcoin the way I like to do things. I'm actually very new and inexperienced in bitcoin, crypto, and security. So read all the code and understand how it works before using it in any serious way, please.
+
+

data/bin/itsy

@@ -0,0 +1,41 @@
+#!/usr/bin/ruby
+
+require "itsy-btc"
+
+if ARGV.first == "test"
+  ItsyBtc.test_mode!
+  ARGV.shift
+end
+
+WALLET_PATH = ItsyBtc::DEFAULT_WALLET_FILENAME
+
+wallet = nil
+if File.exists?(WALLET_PATH)
+  wallet = ItsyBtc::Wallet.new(WALLET_PATH)
+end
+
+if ARGV.empty?
+  puts "Yes, that's my name. Now what do you want?"
+  puts
+  command_name = "help"
+else
+  command_name = ARGV.shift.downcase
+end
+
+command_class = ItsyBtc::Commands::LIST.find { |cmd| cmd.name == command_name }
+
+if command_class
+  begin
+    command = command_class.new(*ARGV)
+    command.wallet = wallet
+    command.run
+  rescue OpenSSL::Cipher::CipherError
+    puts "Wrong passphrase! Aborting..."
+    exit
+  end
+else
+  puts "Unrecognized command: #{command_name}"
+  puts "Type `itsy help` for help."
+  exit
+end
+

data/itsy-btc.gemspec

@@ -0,0 +1,21 @@
+Gem::Specification.new do |s|
+  s.name = "itsy-btc"
+  s.version = "0.0.1"
+  s.date = "2013-11-14"
+  s.summary = "A simple secure bitcoin wallet."
+  s.description = "itsy-btc is a simple secure bitcoin wallet that allows you to turn an offline computer into a hardware wallet."
+  s.author = "Jeremy Ruten"
+  s.email = "jeremy.ruten@gmail.com"
+  s.homepage = "http://github.com/yjerem/itsy-btc"
+  s.license = "MIT"
+  s.required_ruby_version = ">= 1.9.2"
+
+  s.files = ["Gemfile", "Gemfile.lock", "LICENSE", "itsy-btc.gemspec", "README.md"]
+  s.files += Dir["lib/**/*.rb"]
+  s.files += Dir["bin/itsy"]
+  s.executables = ["itsy"]
+
+  %w(bundler bitcoin-ruby ffi highline).each do |gem_name|
+    s.add_runtime_dependency gem_name
+  end
+end

data/lib/itsy-btc.rb

@@ -0,0 +1,38 @@
+require "bitcoin"
+require "open-uri"
+require "highline/import"
+require "bigdecimal"
+require "json"
+
+require "itsy-btc/wallet"
+require "itsy-btc/wallet_entry"
+require "itsy-btc/lookup"
+require "itsy-btc/commands"
+
+module ItsyBtc
+  DEFAULT_WALLET_FILENAME = "WALLET.itsy"
+
+  class << self
+    def format_value(satoshis)
+      (BigDecimal.new(satoshis) / 1e8).to_s("F")
+    end
+
+    def blockexplorer_url
+      if test_mode?
+        "http://blockexplorer.com/testnet"
+      else
+        "http://blockexplorer.com"
+      end
+    end
+
+    def test_mode?
+      @test_mode
+    end
+
+    def test_mode!
+      @test_mode = true
+      Bitcoin.network = :testnet
+    end
+  end
+end
+

data/lib/itsy-btc/commands.rb

@@ -0,0 +1,37 @@
+require "itsy-btc/commands/command"
+require "itsy-btc/commands/init_command"
+require "itsy-btc/commands/gen_command"
+require "itsy-btc/commands/import_command"
+require "itsy-btc/commands/delete_command"
+require "itsy-btc/commands/balance_command"
+require "itsy-btc/commands/list_command"
+require "itsy-btc/commands/comment_command"
+require "itsy-btc/commands/tx_command"
+require "itsy-btc/commands/sign_command"
+require "itsy-btc/commands/verify_command"
+require "itsy-btc/commands/push_command"
+require "itsy-btc/commands/decrypt_command"
+require "itsy-btc/commands/passwd_command"
+require "itsy-btc/commands/help_command"
+
+module ItsyBtc
+  module Commands
+    LIST = [
+      InitCommand,
+      GenCommand,
+      ImportCommand,
+      DeleteCommand,
+      BalanceCommand,
+      ListCommand,
+      CommentCommand,
+      TxCommand,
+      SignCommand,
+      VerifyCommand,
+      PushCommand,
+      DecryptCommand,
+      PasswdCommand,
+      HelpCommand
+    ]
+  end
+end
+

data/lib/itsy-btc/commands/balance_command.rb

@@ -0,0 +1,24 @@
+module ItsyBtc
+  module Commands
+    class BalanceCommand < Command
+      name "balance"
+      summary "show your total balance"
+
+      def run
+        if @wallet.nil?
+          puts "No wallet found! Use `itsy init` to create one."
+          exit
+        end
+
+        entries = @wallet.entries
+        if entries.empty?
+          puts "This wallet has no addresses."
+        else
+          total = entries.map { |e| Lookup.balance(e.address) || exit }.inject(:+)
+          puts ItsyBtc.format_value(total) + " BTC"
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/command.rb

@@ -0,0 +1,27 @@
+module ItsyBtc
+  module Commands
+    class Command
+      attr_accessor :wallet
+
+      def run
+        raise NotImplementedError, "command not implemented!"
+      end
+
+      def self.name(value=nil)
+        @name = value if value
+        @name
+      end
+
+      def self.args(value=nil)
+        @args = value if value
+        @args
+      end
+
+      def self.summary(value=nil)
+        @summary = value if value
+        @summary
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/comment_command.rb

@@ -0,0 +1,36 @@
+module ItsyBtc
+  module Commands
+    class CommentCommand < Command
+      name "comment"
+      args "<address> <new comment>"
+      summary "edit an address's comment field"
+
+      def initialize(address, comment)
+        @address = address.to_s
+        @comment = comment.to_s
+      end
+
+      def run
+        if @wallet.nil?
+          puts "No wallet found. Run `itsy init` to create one."
+          exit
+        end
+
+        entries = @wallet.addresses_starting_with(@address)
+        if entries.length == 1
+          address = entries.first.address
+          @wallet.update_comment(address, @comment)
+          puts "Comment for #{address} updated."
+        elsif entries.length == 0
+          puts "No addresses in your wallet start with '#{@address}'."
+        else
+          puts "Multiple addresses in your wallet start with '#{@address}':"
+          entries.each do |entry|
+            puts "  #{entry.address} #{entry.comment}"
+          end
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/decrypt_command.rb

@@ -0,0 +1,23 @@
+module ItsyBtc
+  module Commands
+    class DecryptCommand < Command
+      name "decrypt"
+      summary "show all of your private keys"
+
+      def run
+        unless @wallet
+          puts "No wallet found! Use `itsy init` to create one."
+          exit
+        end
+
+        @wallet.entries_with_keys.each do |entry|
+          puts "addr: #{entry.address}"
+          puts "key: #{entry.key}"
+          puts "comment: #{entry.comment}"
+          puts
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/delete_command.rb

@@ -0,0 +1,29 @@
+module ItsyBtc
+  module Commands
+    class DeleteCommand < Command
+      name "delete"
+      args "<address>"
+      summary "delete an address permanently"
+
+      def initialize(address)
+        @address = address.to_s
+      end
+
+      def run
+        if @wallet.nil?
+          puts "No wallet found. Run `itsy init` to create one."
+          exit
+        end
+
+        key = @wallet.key_for_address(@address)
+        if @wallet.remove(@address)
+          puts "Address #{@address} deleted."
+          puts "Here is the key in case you made a mistake: #{key}"
+        else
+          puts "There is no address #{@address} in your wallet."
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/gen_command.rb

@@ -0,0 +1,27 @@
+module ItsyBtc
+  module Commands
+    class GenCommand < Command
+      name "gen"
+      args "[comment]"
+      summary "generate an address"
+
+      def initialize(comment = "")
+        @comment = comment.to_s
+      end
+
+      def run
+        if @wallet.nil?
+          puts "No wallet found. Run `itsy init` to create one."
+          exit
+        end
+
+        key_gen = Bitcoin::Wallet::KeyGenerator.new
+        key = key_gen.get_key
+        @wallet.add(key.to_base58, @comment)
+
+        puts "Address #{@wallet.entries.last.address} added to wallet."
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/help_command.rb

@@ -0,0 +1,22 @@
+module ItsyBtc
+  module Commands
+    class HelpCommand < Command
+      name "help"
+      summary "print this summary"
+
+      SPACING = 40
+
+      def run
+        puts "Usage: itsy <command> [args...]"
+        puts
+        puts "Available commands:"
+        ItsyBtc::Commands::LIST.each do |cmd_class|
+          spacing = " " * (SPACING - cmd_class.name.length - 1 - cmd_class.args.to_s.length)
+          puts "  #{cmd_class.name} #{cmd_class.args}#{spacing}#{cmd_class.summary}"
+        end
+        puts
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/import_command.rb

@@ -0,0 +1,63 @@
+module ItsyBtc
+  module Commands
+    class ImportCommand < Command
+      name "import"
+      args "[path]"
+      summary "import an address from base58"
+
+      def initialize(path = nil)
+        @path = path
+      end
+
+      def run
+        if @wallet.nil?
+          puts "No wallet found. Run `itsy init` to create one."
+          exit
+        end
+
+        f = File.open(@path, "r") if @path
+
+        num_imports = 0
+        done = false
+        while not done
+          if @path
+            line = f.readline
+            base58, *comment = line.split
+            base58 = base58.to_s
+            comment = comment.join(" ")
+          else
+            base58 = ask("Base58 key? ").to_s
+            comment = ask("Comment? (optional) ").to_s
+          end
+
+          key = begin
+            Bitcoin::Key.from_base58(base58)
+          rescue
+            puts "Key '#{base58}' is invalid!" unless base58.empty? && @path
+            nil
+          end
+
+          if key
+            begin
+              @wallet.add(key.to_base58, comment)
+              num_imports += 1
+            rescue DuplicateAddressError
+              puts "Address '#{key.addr}' already exists in your wallet!"
+            end
+          end
+
+          if @path
+            done = f.eof?
+          else
+            done = ask("Import another key? [Y/n] ").to_s.downcase == "n"
+          end
+        end
+
+        f.close if @path
+
+        puts "#{num_imports} addresses added to wallet."
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/init_command.rb

@@ -0,0 +1,25 @@
+module ItsyBtc
+  module Commands
+    class InitCommand < Command
+      name "init"
+      summary "create new wallet"
+
+      def run
+        path = ItsyBtc::DEFAULT_WALLET_FILENAME
+        if File.exists?(path)
+          puts "A '#{path}' file already exists in this directory!"
+        else
+          passphrase1 = ask("Choose wallet passphrase: ") { |q| q.echo = false }
+          passphrase2 = ask("Verify your passphrase: ") { |q| q.echo = false }
+          if passphrase1 != passphrase2
+            puts "You typed different passphrases! Aborting..."
+          else
+            Wallet.new(path).create(passphrase1)
+            puts "'#{path}' created."
+          end
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/list_command.rb

@@ -0,0 +1,26 @@
+module ItsyBtc
+  module Commands
+    class ListCommand < Command
+      name "list"
+      summary "list your addresses"
+
+      def run
+        if @wallet.nil?
+          puts "No wallet found! Use `itsy init` to create one."
+          exit
+        end
+
+        entries = @wallet.entries
+        if entries.empty?
+          puts "This wallet is empty."
+        else
+          puts "Address                             Comment"
+          entries.each do |entry|
+            puts "#{entry.address}  #{entry.comment}"
+          end
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/passwd_command.rb

@@ -0,0 +1,29 @@
+module ItsyBtc
+  module Commands
+    class PasswdCommand < Command
+      name "passwd"
+      summary "change your wallet passphrase"
+
+      def run
+        if @wallet.nil?
+          puts "No wallet found. Run `itsy init` to create one."
+          exit
+        end
+
+        old_passphrase = ask("Old wallet passphrase? ") { |q| q.echo = false }
+        @wallet.verify_passphrase(old_passphrase)
+
+        new_passphrase1 = ask("New wallet passphrase? ") { |q| q.echo = false }
+        new_passphrase2 = ask("Verify passphrase? ") { |q| q.echo = false }
+
+        if new_passphrase1 != new_passphrase2
+          puts "You typed different passphrases! Aborting..."
+        else
+          @wallet.change_passphrase(new_passphrase1)
+          puts "Passphrase changed."
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/push_command.rb

@@ -0,0 +1,30 @@
+require "net/http"
+
+module ItsyBtc
+  module Commands
+    class PushCommand < Command
+      name "push"
+      args "<path to tx>"
+      summary "push a transaction to the network"
+
+      def initialize(tx_path)
+        @tx_path = tx_path
+      end
+
+      def run
+        tx = Bitcoin::Protocol::Tx.from_json_file(@tx_path)
+        hex = tx.to_payload.unpack("H*")[0]
+        
+        uri = URI("http://blockchain.info/pushtx")
+        response = Net::HTTP.post_form(uri, "tx" => hex)
+        if response.is_a? Net::HTTPSuccess
+          puts "Transaction pushed successfully."
+        else
+          puts "#{response.code} Error!"
+          puts "Blockchain.info says: #{response.body}" if response.response_body_permitted?
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/sign_command.rb

@@ -0,0 +1,66 @@
+module ItsyBtc
+  module Commands
+    class SignCommand < Command
+      name "sign"
+      args "<path to tx>"
+      summary "sign a transaction"
+
+      def initialize(tx_path)
+        @tx_path = tx_path
+      end
+
+      def run
+        if @wallet.nil?
+          puts "No wallet found! Use `itsy init` to create one."
+          exit
+        end
+
+        tx = Bitcoin::Protocol::Tx.from_json_file(@tx_path)
+
+        inputs_signed = 0
+        tx.in.each.with_index do |txin, i|
+          script = Bitcoin::Script.new(txin.script_sig)
+          if script.type == :unknown
+            puts "Input ##{i} already signed!"
+            inputs_signed += 1
+          else
+            address = case script.type
+                        when :hash160
+                          script.get_hash160_address
+                        when :pubkey
+                          script.get_pubkey_address
+                        else
+                          nil
+                        end
+            if address
+              if base58_key = @wallet.key_for_address(address)
+                key = Bitcoin.open_key(Bitcoin::Key.from_base58(base58_key).priv)
+                sig = Bitcoin.sign_data(key, tx.signature_hash_for_input(i, nil, txin.script_sig))
+                txin.script_sig = Bitcoin::Script.to_signature_pubkey_script(sig, [key.public_key_hex].pack("H*"))
+                puts "Input ##{i} signed."
+                inputs_signed += 1
+              else
+                puts "Input ##{i} to address #{address} cannot be signed, that address is not in your wallet!"
+              end
+            else
+              puts "Input ##{i} cannot be signed, its script type is #{script.type} which is unsupported."
+            end
+          end
+        end
+
+        tx = Bitcoin::Protocol::Tx.new(tx.to_payload)
+
+        if inputs_signed == 0
+          puts "No inputs signed."
+        elsif inputs_signed == tx.in.length
+          File.open("#{tx.hash}-signed.json", "w") { |f| f << tx.to_json }
+          puts "Transaction signed, saved to #{tx.hash}-signed.json."
+        else
+          File.open("#{tx.hash}-signed#{inputs_signed}.json", "w") { |f| f << tx.to_json }
+          puts "#{inputs_signed} of #{tx.in.length} inputs signed, saved to #{tx.hash}-signed#{inputs_signed}.json."
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/tx_command.rb

@@ -0,0 +1,152 @@
+require 'bigdecimal'
+
+module ItsyBtc
+  module Commands
+    class TxCommand < Command
+      name "tx"
+      args "[<amount> <recipient>]"
+      summary "create a transaction"
+
+      def initialize(amount = nil, recipient = nil)
+        @amount = amount
+        @recipient = recipient
+      end
+
+      def run
+        if @amount && @recipient
+          create_automatic_tx
+        else
+          create_custom_tx
+        end
+      end
+
+      private
+
+      def create_automatic_tx
+        if @wallet.nil?
+          puts "No wallet found! Use `itsy init` to create one."
+          exit
+        end
+
+        if not Bitcoin.valid_address?(@recipient)
+          puts "The recipient address you specified is not a valid Bitcoin address."
+          exit
+        end
+
+        tx = Bitcoin::Protocol::Tx.new
+
+        amount = (BigDecimal.new(@amount) * 1e8).to_i
+        tx_fee = 10000
+        current_value = 0
+        @wallet.entries.shuffle.each do |e|
+          outputs = Lookup.unspent_outputs(e.address) || exit
+          outputs.shuffle.each do |output|
+            prev_tx_hash = [output[:tx_hash]].pack("H*").reverse.unpack("H*")[0]
+            prev_tx = Lookup.tx(prev_tx_hash) || exit
+            txin = Bitcoin::Protocol::TxIn.new(prev_tx.binary_hash, output[:tx_output_n], 0)
+            txin.script_sig = prev_tx.out[output[:tx_output_n]].pk_script
+            tx.add_in txin
+
+            current_value += output[:value]
+            break if current_value >= amount + tx_fee
+          end
+          break if current_value >= amount + tx_fee
+        end
+
+        if current_value < amount
+          puts "Insufficient funds! You only have #{Bitcoin.format_value(current_value)} BTC."
+          exit
+        elsif current_value < amount + tx_fee
+          tx_fee = current_value - amount
+          puts "Warning: only #{Bitcoin.format_value(tx_fee)} BTC left for transaction fees."
+        end
+
+        change = current_value - amount - tx_fee
+        change_address = @wallet.entries.sample.address
+
+        tx.add_out Bitcoin::Protocol::TxOut.value_to_address(amount, @recipient)
+        tx.add_out Bitcoin::Protocol::TxOut.value_to_address(change, change_address)
+
+        tx = Bitcoin::Protocol::Tx.new(tx.to_payload)
+
+        print "Will send #{ItsyBtc.format_value(amount)} BTC to #{@recipient}, "
+        if tx_fee == 0
+          print "with no transaction fees.\n"
+        else
+          print "with a fee of #{ItsyBtc.format_value(tx_fee)} BTC.\n"
+        end
+        if change > 0
+          puts "#{ItsyBtc.format_value(change)} BTC will be sent to #{change_address} as change."
+        end
+
+        File.open("#{tx.hash}.json", "w") { |f| f << tx.to_json }
+        puts "Transaction saved to #{tx.hash}.json."
+      end
+
+      def create_custom_tx
+        tx = Bitcoin::Protocol::Tx.new
+
+        total_input = 0
+        total_output = 0
+        loop do
+          msg = "(1) Add input, (2) Add output, (3) Show summary, (4) Save, or (5) Cancel? "
+          choice = ask(msg, Integer) { |q| q.in = 1..5 }
+          case choice
+          when 1
+            prev_tx = Lookup.tx(ask("Prev tx? ").to_s.strip) || exit
+            if prev_tx
+              output_index = ask("Output index? ", Integer)
+              txin = Bitcoin::Protocol::TxIn.new(prev_tx.binary_hash, output_index, 0)
+              txin.script_sig = prev_tx.out[output_index].pk_script
+              tx.add_in txin
+              puts "Input added. (#{ItsyBtc.format_value(prev_tx.out[output_index].value)} BTC)"
+              total_input += prev_tx.out[output_index].value
+            end
+          when 2
+            address = ask("Address? ").to_s
+            if Bitcoin.valid_address? address
+              amount = ask("Amount? ").to_s
+              value = BigDecimal.new(amount) * 1e8
+              raise "precision error! (TODO)" if value != value.to_i
+              tx.add_out Bitcoin::Protocol::TxOut.value_to_address(value.to_i, address)
+              puts "Output added. (#{ItsyBtc.format_value(value.to_i)} BTC)"
+              total_output += value.to_i
+            else
+              puts "Invalid address!"
+            end
+          when 3
+            print_summary(total_input, total_output, tx.out.length)
+          when 4
+            tx = Bitcoin::Protocol::Tx.new(tx.to_payload)
+            print_summary(total_input, total_output, tx.out.length)
+            File.open("#{tx.hash}.json", "w") { |f| f << tx.to_json }
+            puts "Transaction saved to #{tx.hash}.json."
+            exit
+          when 5
+            puts "No transaction created."
+            exit
+          end
+        end
+      end
+
+      def print_summary(total_input, total_output, num_addresses)
+        fees = total_input - total_output
+        print "Will send #{ItsyBtc.format_value(total_output)} BTC "
+        print "to #{num_addresses} address#{'es' if num_addresses != 1}, "
+        if fees == 0
+          print "with no transaction fees.\n"
+        else
+          print "with a fee of #{ItsyBtc.format_value(fees)} BTC.\n"
+        end
+        if fees < 0
+          puts "Warning! This transaction is spending more than it is receiving!"
+        elsif fees < 10000
+          puts "Warning! Transaction fees should be at least 0.0001 BTC!"
+        elsif fees > 1000000
+          puts "Warning! Transaction fees are very large."
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/commands/verify_command.rb

@@ -0,0 +1,40 @@
+require 'bigdecimal'
+
+module ItsyBtc
+  module Commands
+    class VerifyCommand < Command
+      name "verify"
+      args "<path to tx>"
+      summary "verify that a transaction is signed"
+
+      def initialize(path)
+        @path = path
+      end
+
+      def run
+        tx = Bitcoin::Protocol::Tx.from_json_file(@path)
+
+        signed = true
+        tx.in.each.with_index do |txin, idx|
+          if Bitcoin::Script.new(txin.script_sig).type == :unknown
+            prev_tx = Lookup.tx(txin.previous_output)
+            if tx.verify_input_signature(idx, prev_tx)
+              puts "Input ##{idx} has a valid signature."
+            else
+              puts "Input ##{idx} has an invalid signature!"
+              signed = false
+            end
+          else
+            puts "Input ##{idx} is not signed."
+            signed = false
+          end
+        end
+
+        if tx.in.empty?
+          puts "Transaction has no inputs."
+        end
+      end
+    end
+  end
+end
+

data/lib/itsy-btc/lookup.rb

@@ -0,0 +1,76 @@
+module ItsyBtc
+  module Lookup
+    extend self
+
+    def tx(hash)
+      json_tx = open(ItsyBtc.blockexplorer_url + "/rawtx/#{hash}").read
+      Bitcoin::Protocol::Tx.from_json(json_tx)
+    rescue OpenURI::HTTPError => e
+      puts "Error looking up transaction: #{e.message}"
+      case e.io.status[0].to_i
+      when 400
+        puts "The transaction hash is invalid."
+      when 404
+        puts "blockexplorer.com doesn't know about the transaction."
+      else
+        puts "Make sure you have an internet connection and can load blockexplorer.com."
+      end
+      false
+    rescue SocketError => e
+      puts "Error looking up transaction: #{e.message}"
+      puts "Make sure you have an internet connection and can load blockexplorer.com."
+      false
+    end
+
+    def unspent_outputs(address)
+      json = open("http://blockchain.info/unspent?active=#{address}&format=json").read
+      data = JSON.parse(json, symbolize_names: true)
+      data[:unspent_outputs]
+    rescue OpenURI::HTTPError => e
+      if e.io.status[0].to_i == 500
+        []
+      else
+        puts "Error looking up unspent outputs: #{e.message}"
+        puts "Make sure you have an internet connection and can load blockchain.info."
+        false
+      end
+    rescue SocketEror => e
+      puts "Error looking up unspent outputs: #{e.message}"
+      puts "Make sure you have an internet connection and can load blockchain.info."
+      false
+    end
+
+    def balance(address)
+      html = open(ItsyBtc.blockexplorer_url + "/address/#{address}").read
+      received_btc = nil
+      sent_btc = nil
+      if html =~ /Received BTC: ([0-9.]+)/
+        received_btc = BigDecimal.new($1)
+      end
+      if html =~ /Sent BTC: ([0-9.]+)/
+        sent_btc = BigDecimal.new($1)
+      end
+      if received_btc && sent_btc
+        btc = received_btc - sent_btc
+        (btc * 1e8).to_i
+      else
+        puts "Can't parse the balance from blockexplorer.com's HTML. (They must have changed it.)"
+        false
+      end
+    rescue OpenURI::HTTPError => e
+      puts "Error looking up balance: #{e.message}"
+      case e.io.status[0].to_i
+      when 400
+        puts "The address is invalid."
+      else
+        puts "Make sure you have an internet connection and can load blockexplorer.com."
+      end
+      false
+    rescue SocketError => e
+      puts "Error looking up balance: #{e.message}"
+      puts "Make sure you have an internet connection and can load blockexplorer.com."
+      false
+    end
+  end
+end
+

data/lib/itsy-btc/wallet.rb

@@ -0,0 +1,156 @@
+require "openssl"
+
+module ItsyBtc
+  class Wallet
+    ALGORITHM = "aes-256-cbc"
+    PBKDF2_ITERATIONS = 4096
+    SALT_LEN = 8
+
+    class WalletError < RuntimeError; end
+    class WalletReadError < WalletError; end
+    class DuplicateAddressError < WalletError; end
+
+    attr_reader :path
+
+    def initialize(path)
+      @path = path
+      @passphrase = nil
+    end
+
+    def create(passphrase)
+      @passphrase = passphrase
+      write({entries: [], keys: encrypt_keys([])})
+    end
+
+    def add(base58, comment = "")
+      key = Bitcoin::Key.from_base58(base58)
+      data = read
+      raise DuplicateAddressError if data[:entries].any? { |e| e[:address] == key.addr }
+      data[:entries] << { address: key.addr, comment: comment }
+      keys = decrypt_keys(data[:keys])
+      keys << key.to_base58
+      data[:keys] = encrypt_keys(keys)
+      write(data)
+    end
+
+    def remove(address)
+      data = read
+      keys = decrypt_keys(data[:keys])
+
+      entry_index = data[:entries].index { |e| e[:address] == address }
+      if entry_index
+        data[:entries].delete_at(entry_index)
+        keys.delete_at(entry_index)
+
+        data[:keys] = encrypt_keys(keys)
+        write(data)
+        true
+      else
+        false
+      end
+    end
+
+    def verify_passphrase(passphrase)
+      @passphrase = passphrase
+      decrypt_keys(read[:keys])
+      nil
+    end
+
+    def change_passphrase(new_passphrase)
+      data = read
+      keys = decrypt_keys(data[:keys])
+      @passphrase = new_passphrase
+      data[:keys] = encrypt_keys(keys)
+      write(data)
+    end
+
+    def update_comment(address, comment)
+      data = read
+      entry_index = data[:entries].index { |e| e[:address] == address }
+      data[:entries][entry_index][:comment] = comment
+      write(data)
+    end
+
+    def addresses_starting_with(beginning)
+      entries.select { |e| e.address.start_with? beginning }
+    end
+
+    def key_for_address(address)
+      if entry = entries_with_keys.find { |e| e.address == address }
+        entry.key
+      end
+    end
+
+    def entries
+      read[:entries].inject([]) do |list, entry|
+        e = WalletEntry.new
+        e.address = entry[:address]
+        e.comment = entry[:comment]
+        list << e
+      end
+    end
+
+    def entries_with_keys
+      data = read
+      keys = decrypt_keys(data[:keys])
+      data[:entries].inject([]) do |list, entry|
+        e = WalletEntry.new
+        e.address = entry[:address]
+        e.comment = entry[:comment]
+        e.key = keys.shift
+        list << e
+      end
+    end
+
+    private
+
+    def read
+      data = JSON.parse(File.read(@path), symbolize_names: true)
+      raise "wallet is invalid!" if data[:entries].nil?
+      raise "wallet is invalid!" if data[:keys].nil?
+      data
+    end
+
+    def write(data)
+      raise "trying to write invalid data to wallet!" if data[:entries].nil?
+      raise "trying to write invalid data to wallet!" if data[:keys].nil?
+      File.write(@path, JSON.pretty_generate(data))
+    end
+
+    def encrypt_keys(keys)
+      encrypt(JSON.generate(keys)).unpack("H*")[0]
+    end
+
+    def decrypt_keys(hex)
+      JSON.parse(decrypt([hex].pack("H*")))
+    end
+      
+    def encrypt(txt)
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.encrypt
+      salt = OpenSSL::Random.random_bytes(SALT_LEN)
+      key_iv = OpenSSL::PKCS5.pbkdf2_hmac_sha1(passphrase, salt, PBKDF2_ITERATIONS, cipher.key_len + cipher.iv_len)
+      cipher.key = key_iv[0, cipher.key_len]
+      cipher.iv = key_iv[cipher.key_len, cipher.iv_len]
+      encrypted_txt = cipher.update(txt) + cipher.final
+
+      salt + encrypted_txt
+    end
+
+    def decrypt(data)
+      salt, encrypted_txt = data[0, SALT_LEN], data[SALT_LEN..-1]
+
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.decrypt
+      key_iv = OpenSSL::PKCS5.pbkdf2_hmac_sha1(passphrase, salt, PBKDF2_ITERATIONS, cipher.key_len + cipher.iv_len)
+      cipher.key = key_iv[0, cipher.key_len]
+      cipher.iv = key_iv[cipher.key_len, cipher.iv_len]
+      cipher.update(encrypted_txt) + cipher.final
+    end
+
+    def passphrase
+      @passphrase ||= ask("Wallet passphrase? ") { |q| q.echo = false }
+    end
+  end
+end
+

data/lib/itsy-btc/wallet_entry.rb

@@ -0,0 +1,6 @@
+module ItsyBtc
+  class WalletEntry
+    attr_accessor :address, :key, :comment
+  end
+end
+

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: itsy-btc
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Jeremy Ruten
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-11-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bitcoin-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: itsy-btc is a simple secure bitcoin wallet that allows you to turn an
+  offline computer into a hardware wallet.
+email: jeremy.ruten@gmail.com
+executables:
+- itsy
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- itsy-btc.gemspec
+- README.md
+- lib/itsy-btc/commands/balance_command.rb
+- lib/itsy-btc/commands/command.rb
+- lib/itsy-btc/commands/comment_command.rb
+- lib/itsy-btc/commands/decrypt_command.rb
+- lib/itsy-btc/commands/delete_command.rb
+- lib/itsy-btc/commands/gen_command.rb
+- lib/itsy-btc/commands/help_command.rb
+- lib/itsy-btc/commands/import_command.rb
+- lib/itsy-btc/commands/init_command.rb
+- lib/itsy-btc/commands/list_command.rb
+- lib/itsy-btc/commands/passwd_command.rb
+- lib/itsy-btc/commands/push_command.rb
+- lib/itsy-btc/commands/sign_command.rb
+- lib/itsy-btc/commands/tx_command.rb
+- lib/itsy-btc/commands/verify_command.rb
+- lib/itsy-btc/commands.rb
+- lib/itsy-btc/lookup.rb
+- lib/itsy-btc/wallet.rb
+- lib/itsy-btc/wallet_entry.rb
+- lib/itsy-btc.rb
+- bin/itsy
+homepage: http://github.com/yjerem/itsy-btc
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: 1.9.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: A simple secure bitcoin wallet.
+test_files: []