3

I want to receive payments from Bitcoin on my web app, but I do not want to use corporate gateways (coinpayments, bitpay, etc), I'm wanting to make my own gateway. I do not know how best to do this but initially thought of generating the bitcoin address and storing the public/private key in MySQL after the payment was confirmed the system would use the private key and send the balance to an offline wallet.

How can I securely store the private keys that are generated for each payment in MySQL?

Let's say I do not want to leave the funds in these wallets, once I receive the system already sends the official wallet.

Vinicius Aquino
  • 133
  • 4

2 Answers2

4

Storing private keys in an online server is not best practices (even if you quickly transfer to an offline wallet). Generally, you should not store private keys on an online device

Instead, if you use a BIP32 HD wallet architecture, you can just store an extended public key on your online server. This will allow you to generate receiving addresses on the fly, while generating (and securely storing) the private keys on an offline machine.

chytrik
  • 18,170
  • 3
  • 19
  • 48
  • I do not understand the whole concept of BPIP32, it seems to be quite complex. For example, each request will have a single wallet to receive the funds, using the BIP32 it stores all the private keys of each address in a single parent key and I would just use the parent key to withdraw the coins and send it to an offline wallet? Sorry, it's a little confusing for me yet. – Vinicius Aquino Sep 14 '18 at 22:47
  • 1
    @viniciussvl I don't mean to be rude, but you'll need to take some time to read about BIP32 and its implementation, it isn't really possible to give a full synopsis in a short comment. There is lots of good info on this site alone. Think of it simply as a method of generating keypairs that is much easier to backup, and allows for better opsec. In regards to spending funds at a child key using a parent privkey (not possible), see the third part of this Q: https://bitcoin.stackexchange.com/questions/73376/a-few-questions-about-how-hd-wallet-works/73381?noredirect=1#comment92253_73381 – chytrik Sep 14 '18 at 23:24
  • Okay, I'll give it a look at it because it's too complex to understand. Thank you very much for your patience. – Vinicius Aquino Sep 14 '18 at 23:27
  • 1
    @viniciussvl happy to help :) Though BIP32 may be a little more complex, it is worth learning if you are trying to build a legitimate system! – chytrik Sep 14 '18 at 23:30
  • I wanted to develop something similar to Coinpayments, I already used it. Do you think they use the technology of HD wallets? – Vinicius Aquino Sep 14 '18 at 23:31
  • @viniciussvl I am not familiar with their system, sorry. – chytrik Sep 15 '18 at 00:14
  • 1
    @viniciusscl - Look at https://github.com/libbitcoin/libbitcoin/wiki/Altcoin-Version-Mappings#7-bitcoin-btc-bip-3944-technology-examples and surrounding info. Much safer to store public extended keys on a server. Here is how a public key can be synthesized from private BIP 39 words: % echo "radar blur cabbage chef fix engine embark joy scheme fiction master release" | bx mnemonic-to-seed | bx hd-new | bx hd-private -d -i 44 | bx hd-private -d -i 0 | bx hd-public -d -i 0 xpub6DHi64TFkDPx2AH4q2ku3vX9LJYNpTis5tLrET8Sb9irp174eCkgtAnvBpyzQXgrtmF31Lrq4gTMGFUGcjJicMu9LdueVdqt6FZ2Wzcg8F – skaht Sep 15 '18 at 01:05
  • 1
    You say "I would just use the parent key to withdraw the coins and send it to an offline wallet", but it's simpler for your customers to send their payments directly to addresses in your offline wallet, and that's what chytrik & skaht are suggesting. Customers can send money to your bank account while your plastic card is in your pocket (i.e. "offline"), and similarly, they can send bitcoins to addresses owned by you while your computer is switched off. Bitcoins are stored on the blockchain, not in wallets. Wallets do not need to be connected while their addresses are receiving. –  Sep 15 '18 at 06:58
  • I understand how I can store the extended public keys in the online server to generate receiving addresses but what if I want to send money from one of these addresses? how do I go from an online http request to the offline server to sign the transaction and avoid exposing the pvt keys? – Warao Aug 06 '21 at 18:24
0

You might want to checkout BTCPay, which is a self-hosted payment gateway

Michael Altfield
  • 172
  • 12