uCoin Web Client

Hi, nice people.

I’m interested in doing a web (app) client for uCoin. That’s it.

I think is interesting because:

  1. It would be easy to access (no installation needed).
  2. It would work on any OS (desktop & mobile & others).
  3. It would avoid the typical difficulty of development and deployment of the current Linux ecosystem (fragmentation).
  4. It could be able to attract more contributors (it seems like everyone nowadays knows a bit about web development - myself included :stuck_out_tongue: ).
  5. It could be possible to share some (server) code with uCoin (Node.js).
  6. It would be easy to “export” to specific OSes/environments (like NW.js/Electron - for desktop in general -, or Android’s WebView , or GNOME’s GJS, etc).

Also, I want to share general interface efforts with CuteCoin (and others), if they want it too.

What do you think?

3 J'aime

Hi @diogocampos,

Thanks for your proposal.
In fact, that a great idea to create a web client.

1 J'aime

Good idea :slight_smile:
One question : would it be hosted on some server ? If so, beware of security problem, the private key should not be uploaded to another server. But it should not be too hard to do : just sign documents in the browser and send them to the server.
You just need to check if scrypt can be used locally in the browser, or if we need an extension :slight_smile: I think that is how encrypted webmails are doing the job.
Anyway, go on, it’s a great idea. We should be able to help if you have any technical issue :slight_smile:

Good. Thank you.

If I understood right, this thing should resolve this issue. But I’m not sure.

Surely I will need help. Thank you.

Yes it could. But I guess, a javascript implementation of low level algorithms should be quite slow :slight_smile: To be tested :wink:

That is definitely a good idea.

Actually, I’ve already made two web client prototypes:

https://github.com/ucoin-io/ucoin-web

An webapp to explore a ucoin currency. Funny, but very heavy and not very user friendly.

https://github.com/c-geek/cesium

A webapp for tablets/smartphones written with Ionic.js. This app can easily be packaged with Cordova to build native apps that can be installed through Stores (AppStore, Google Play, …).

This is a pure HTML/CSS/JS app. You can use it in a browser too. It is quite responsive :slight_smile:

I planned to use js-scrypt as key derivation library.

You can test it at: http://cesium.ucoin.io


Anyway, these were just 2 prototypes. Maybe I will continue Cesium for my personal learning of Ionic.js framework and phone apps, but I won’t make a webapp that would be available on large screens. And I don’t have the time to develop it right now :grin:

So, good idea :thumbsup:

4 J'aime

Yes yes yes,some knows how happy I am to read your idea.
I’d love to have a ucoin on my FFOS pocketcomputer or even better integrated in my cozycloud (cozy.io) which would solve the problem of
"would it be hosted on some server ? If so, beware of security problem,
the private key should not be uploaded to another server. But it should
not be too hard to do : just sign documents in the browser and send them
to the server."

Diogocampos, if I can help, I’ll try my best. I’ll follow this thread carrefuly and check your repo as soon as you start.

Cool.

Nice stuff!

I gave it a try.
What are the correct values for “N”, “r”, “p” and “L”?

:smiley:

I made something. Repo is here and it can be tested here.
Right now, the content is dummy, and I shamelessly copied the designs of CuteCoin. :stuck_out_tongue:


(thank you all for the kind words)

2 J'aime

From ucoin-cli code:

var TEST_PARAMS = {
  "N":4096,
  "r":16,
  "p":1
};

Please understand that we have chosen these parameters’ values randomly, but the fact that both ucoin-cli, cutecoin and ucoinApps share the same parameters’ values makes the generated being the same on each software.

Choosing other values would make impossible to retrieve your personal wallet when switching between softwares.

There is obviously something to propose here to make the key generation process easy for final users.

Thank you.

Ok.

I don’t get it. Do you mean changing parameters? Changing the underlying model (password+salt)? Creating better UIs? Or something else?


I am a bit lost (both meanings of “am” :stuck_out_tongue: ). So, for not flooding this here with way more dumb questions, here comes only the critical ones:

Where is the documentation of the API that I can consume from the uCoin nodes? uCoin-Cli (vucoin) can help me with this task? And if I try to do requests to the uCoin nodes directly from the browser (with CORS)? There is some known library that can help me with this?

Yes, this. Because one may want better security and increase values.

That is possible too. Why? Have a look at this subject on the forum: About uCoin brainwallets security

And if we change the way we generate keys, we need UIs allowing to do so. For example, we could imagine that N=4096, r=16, p=1 may be named “Default generation”. We could imagine also to have another set named “Strengthen generation” with N=16384, r=32, p=1. And why not a “Manual generation” where the user can choose manually its parameters.

Doing so might help other softwares to adopt the same namings and ease the comprehension of users.


About your other questions:

  • you can find the API doc here: HTTP_API.md
  • yes ucoin-cli can help you, but not in a browser :grin: (so can it help you?). It is basically a Node.js module (vucoin) to interact with other nodes through their HTTP API, but it also does high level interactions available in command-line (like sending a transaction, certifying someone). So unfortunately it has dependencies on modules that will not work in a browser (request.js, scrypt, naclb, …).

Note how it could be interesting to fork it to create a better library, given that the only code you could inspire from/duplicate is: https://github.com/ucoin-io/ucoin-cli/blob/master/index.js

The interesting part in this code is that:

  • it does have HTTP API already implemented
  • it defines DTO contracts, such as you can trust the answer you will receive matches the data structure you expect (in case the node you request answers weird data structure for some reason (bug or anything)), preventing big JS crashes :slight_smile:

About CORS, it is already implemented in uCoin. I think only one node does not have the feature, but it is to be shut down in the coming months.

Note that the HTTP api in this file is old. I can still find HDC and Amendments related stuff ^^

I think it is a great idea that we should implement in next cutecoin release !

This will most probably be a parameter only enabled in expert mode, thought.

Great! I think now I can solve some things by myself.

Probably. Although I’m feeling slightly tempted to create my own (browser/XHR/small) library, just for fun…

Awesome! Things will probably be this way.


To the Interested:
I’m putting the UI design stuff here; And I kindly accept any help, suggestion, feedback, and etc, of course.

1 J'aime

Guys, I can’t generate the same PubKeys as CuteCoin :confused:

I am doing, basically, a:

var passw = "diogocampos", salt = "diogocampos", RAWKey, key;
RAWKey = scrypt.crypto_scrypt(
    scrypt.encode_utf8(passw),
    scrypt.encode_utf8(salt),
    4096, 16, 1, 32
);

then a:

key = Base58.encode(RAWKey); 

(with the same alphabet that the ‘base58’ python library uses)

But the generated key doesn’t match with the key generated from CuteCoin (using the same salt and passw, of course).

What I am doing wrong?

HTML is here, JS is here, and both are running here.

Instead of encode_utf8, try using decode_utf8.

js-scrypt needs the input to be in Uint8Array. This is the reason for encode_utf8.

But I also tried to generate the public key directly on Node.js, using scriptsy (that receives a string), and I got the same wrong public key (code here).

So, I think I am misunderstanding something really basic (sorry about that).

This says something about “Ed25519”. But I don’t understand how this is related to the public key generation…

There is some resource about “public keys in uCoin” that I could/should read?

Oh, the semantics of this lib is the exact opposite of TweetNACL:

So you are right to use encode_utf8 here.

I can give you an example in uCoin where I verify a signature: https://github.com/ucoin-io/ucoin/blob/master/app/lib/crypto.js#L64

Maybe you can use TweetNacl.js for encoding/decoding to compare your results.

From salt+password, you need to create a “seed”, using Scrypt. And with this seed, you could generate public/secret keys, using a NaCL/Sodium lib.

I have done a simple Java class to do this, as example (could be helpful ?) :
https://github.com/E-IS/ucoinj/blob/master/ucoinj-core/src/main/java/io/ucoin/client/core/technical/crypto/SecretBox.java

good luck ! :wink:

To contribute to the explanations, in pseudocode, with SigningKey a NaCl SigningKey :

Key = SigningKey(seed = scrypt(salt, password, N, R, P))
ucoinPubkey = Base58Encode(Key.VerifyingKey)

For example, you could use https://github.com/dchest/tweetnacl-js to get the signingkey :

nacl.sign.keyPair.fromSeed(seed)

Or with libsodium : http://doc.libsodium.org/public-key_cryptography/public-key_signatures.html & https://github.com/jedisct1/libsodium.js

int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk, const unsigned char *seed); ©
crypto_sign_seed_keypair(seed, outputFormat) (js)

1 J'aime

Success!! Thank you three SO MUCH! :smiley:

1 J'aime