Revive ripple-client-desktop

Update: as of Jan 15, 2019, trading is working.

https://github.com/r0bertz/ripple-client-desktop

The first goal is to make it fully functional with RippleAPI.

Current status is most read only operations are working except order book.

Please follow this twitter thread for the most recent updates:

Comments

pucksterpete said…
Hello r0bertz,
I just read your article about "Why to use regular key and disable master key and How to do it with ripple-desktop-client"
and I was wondering if you be able to tell me if this fork version of the ripple-desktop-client is using secp256k1 signatures?

https://github.com/rippex/ripple-client-desktop---UNMAINTAINED

This version I am using since early 2017 comes from a person called Rafael, he is the ceo of Rippex, an old ripple gateway from Brazil I believe. Once an active member of XRPCHAT.
Here is the link to his introduction for the wallet on XRPCHAT from 2016.

https://www.xrpchat.com/topic/1215-desktop-wallet-an-alternative-to-rippletrade/

clip from his post
"Because we think its very important to keep the Master Key totally private, since it is the ultimate authority over a ripple account. The desktop client does that by creating and saving the wallet files locally, never sending it over the internet, not even in an encrypted channel.

The desktop client has all the necessary functions to create wallets (even cold wallets), watch accounts, pay, trade, and manage account flags. There are other potential functions like offline signing that are developed but still require some bug killing. Another important working feature is creating and revoking regular keys. This is awesome because it allows managing an account without using the Master Key, so the later can be kept totally private and offline, and used only in an emergency situation."

Thanks & keep writing GREAT articles

Pete
Robert Zhang said…
It looks like it depends on the key:

https://github.com/ripple/ripple-keypairs/blob/9402975731d33f7eddc51489544a2fc75c3bf353/src/index.js#L86
Robert Zhang said…
I dug a bit more.

To be clear, I didn't touch the code that generates address. So it is the same as ripple/ripple-client-desktop. Here is the code https://github.com/ripple/ripple-client-desktop/blob/3a23c50610fe75b0742fffbb3d2f342e99ffb742/src/js/util/types.js#L44

It appears to be using a curve called NIST P-256 (not secp256k1). But the strength seems to be the same. See https://github.com/bitwiseshiftleft/sjcl/wiki/Asymmetric-Crypto. Also since the public key is not prefixed with 0xED (see the first link), so you can think of it as secp256k1. Ripple's doc also says that secp256k1 is the default key type. https://developers.ripple.com/cryptographic-keys.html#signing-algorithms

So if you created your address using ripple-client-desktop, your key is secp256k1.

The problem, however, is not about the software that generates key. It's the one that signs transactions. In my fork, I use RippleAPI.sign function. https://github.com/r0bertz/ripple-client-desktop/blob/5000d979cbdb7bc892b184d1845c340f83d23b6c/src/js/services/network.js#L85

This function calls the sign function of ripple-keypairs https://github.com/ripple/ripple-lib/blob/f6a22d2121097289cf43dd31d8d45d249dd67589/src/transaction/sign.ts#L15

ripple-keypairs is a more recent project https://github.com/ripple/ripple-keypairs/commits/master/src/index.js

So it should be safe.
Robert Zhang said…
Also, what Rafael said about the client applies to my fork too. I didn't change anything in that regard.
pucksterpete said…
Okay, thank you for your explanation on this. I feel more comfortable now.