Revive ripple-client-desktop
Update: as of Jan 15, 2019, trading is working.
https://github.com/r0bertz/ripple-client-desktop
The first goal is to make it fully functional with RippleAPI.
Current status is most read only operations are working except order book.
Please follow this twitter thread for the most recent updates:
https://github.com/r0bertz/ripple-client-desktop
The first goal is to make it fully functional with RippleAPI.
Current status is most read only operations are working except order book.
Please follow this twitter thread for the most recent updates:
This weekend I tried to revive ripple-client-desktop. l I have reached a point at which I can run gulp without any warning on the command line. However, the app stuck at loading. Then I figured out that the client uses an ancient ripple-lib API.— r0bertz (@r0bertz) December 17, 2018
Comments
I just read your article about "Why to use regular key and disable master key and How to do it with ripple-desktop-client"
and I was wondering if you be able to tell me if this fork version of the ripple-desktop-client is using secp256k1 signatures?
https://github.com/rippex/ripple-client-desktop---UNMAINTAINED
This version I am using since early 2017 comes from a person called Rafael, he is the ceo of Rippex, an old ripple gateway from Brazil I believe. Once an active member of XRPCHAT.
Here is the link to his introduction for the wallet on XRPCHAT from 2016.
https://www.xrpchat.com/topic/1215-desktop-wallet-an-alternative-to-rippletrade/
clip from his post
"Because we think its very important to keep the Master Key totally private, since it is the ultimate authority over a ripple account. The desktop client does that by creating and saving the wallet files locally, never sending it over the internet, not even in an encrypted channel.
The desktop client has all the necessary functions to create wallets (even cold wallets), watch accounts, pay, trade, and manage account flags. There are other potential functions like offline signing that are developed but still require some bug killing. Another important working feature is creating and revoking regular keys. This is awesome because it allows managing an account without using the Master Key, so the later can be kept totally private and offline, and used only in an emergency situation."
Thanks & keep writing GREAT articles
Pete
https://github.com/ripple/ripple-keypairs/blob/9402975731d33f7eddc51489544a2fc75c3bf353/src/index.js#L86
To be clear, I didn't touch the code that generates address. So it is the same as ripple/ripple-client-desktop. Here is the code https://github.com/ripple/ripple-client-desktop/blob/3a23c50610fe75b0742fffbb3d2f342e99ffb742/src/js/util/types.js#L44
It appears to be using a curve called NIST P-256 (not secp256k1). But the strength seems to be the same. See https://github.com/bitwiseshiftleft/sjcl/wiki/Asymmetric-Crypto. Also since the public key is not prefixed with 0xED (see the first link), so you can think of it as secp256k1. Ripple's doc also says that secp256k1 is the default key type. https://developers.ripple.com/cryptographic-keys.html#signing-algorithms
So if you created your address using ripple-client-desktop, your key is secp256k1.
The problem, however, is not about the software that generates key. It's the one that signs transactions. In my fork, I use RippleAPI.sign function. https://github.com/r0bertz/ripple-client-desktop/blob/5000d979cbdb7bc892b184d1845c340f83d23b6c/src/js/services/network.js#L85
This function calls the sign function of ripple-keypairs https://github.com/ripple/ripple-lib/blob/f6a22d2121097289cf43dd31d8d45d249dd67589/src/transaction/sign.ts#L15
ripple-keypairs is a more recent project https://github.com/ripple/ripple-keypairs/commits/master/src/index.js
So it should be safe.