How to secure a bitcoin wallet on a server?

Y

YellowMongoose2020-01-21 13:10:10

linux

YellowMongoose, 2020-01-21 13:10:10

The task arose to raise a bitcoin node and write a JSON-RPC binding for accepting payments on the site (I know that you can use ready-made services, but it was decided to implement it yourself). There was a question with ensuring the security of this node so that an attacker could not gain access to the private keys of the wallet. Hence the question: what is the best way to do this? is it enough to set up iptables, authorization by keys on the server, etc. Or is it possible to hide private keys in some other way? I would be glad to any recommendations and advice

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Athanor, 2020-01-24
@Athanor

With one of our partners, we had the following task: it was necessary to store both fiat and crypto. When the task is to secure something, it is important to correctly formulate the threat model: what actions and intrusions should be protected from and design the architecture based on this.
For example, in the case of the Dark_Scorpion response , the threat model can be briefly formulated as follows:
1. The attacker gained access to the virtual machine with the API.
2. The attacker got access to the virtual machine with bitcoind and keys and all keys.
Then we think about how to reduce the negative effect in each of the cases.
1 case. An attacker can now sign requests himself. The solution may be, for example, multisig, where part of the key is stored by the user, and part by the server. Thus, an attacker will no longer be able to sign these requests. But here it is also important to understand in what jurisdiction the product will be located, because. There are legal implications. We have encountered them. Another solution could be the possibility of forcibly shutting down the virtual machine with bitcoind in some simple way: downtime is better than lost money.
2nd case. There's nothing to be done here. However, there are products like https://www.thalesgroup.com/en,which provide a piece of hardware that securely stores keys and is considered unbreakable. At the same time, the keys are available as long as the physical (or virtual) card is inserted into the card reader. Thus, if the system has been compromised, then it will be enough to pull out the card. There are other products that are more affordable.
In addition to protecting the keys, you can supplement the protection with two-factor authentication and a third party that can also sign the transaction.
From the point of view of architecture, something like this, good luck with the implementation) Best
regards,
Ivan Tomilov
CEO of Athanor

D

Dark_Scorpion, 2020-01-23
@Dark_Scorpion

According to the idea, the maximum security restrictions with storing the key only in secure memory.
If you bother, then generally make a separate server for signing requests / transactions. It turns out even if the main server is broken, then only get one API with one signing request. Part of the money will be withdrawn from them, but the keys will remain intact