A Local REST service to sign transactions in a secured environment

I recently joined BitGo, leading the developer platform team tasked with helping Bitcoin exchanges and partners integrate multi-signature wallets. Over the past few months, I’ve come to notice that a major hurdle towards multi-sig integration has been the cost of engineering resources. A personal friend of mine who owns a small exchange told me that they’d need to delay multi-sig to work on growth features, such as Facebook connect and tipping. I see his point: end-users care about features, but often don’t care about security until it fails.

At BitGo, we operate 2-of-3 multi-signature wallets where we control a single key to co-sign transactions. The security model requires that transactions must be signed by the user, who should keep their key secret. Developers have asked for REST APIs accepting their private key, to which we had to refuse — that would make BitGo privy to more than one key, and thus in control of customer funds.

BitGo has a Javascript SDK to help create and sign transactions, and we are actively building support for other languages, but for the moment, companies not running NodeJS had to write code to provision private keys, craft transactions and sign them. I wanted to make sending Bitcoin as simple as a REST call. No matter the language of choice, a developer should not have to implement cryptography and low-level Bitcoin logic.

The solution: BitGo Express, a local service that runs in your datacenter to handle client-side Bitcoin operations involving customer keys. It exposes endpoints that will prepare, sign and send partially constructed transactions to BitGo. This is done in a unified interface on top of other existing (and proxied) API endpoints.

BitGo Express Example Flow

Here are some of the new endpoints available (click for documentation):

Send Coins

Send Coins to Multiple Addresses

Create a keychain locally

Provision a wallet (including creating keys)

We also provide some helpful utilities:

Decrypt an encrypted string

Encrypt a string

Verify a Bitcoin Address

BitGo Express is available today. Let me know how/with what languages you’re using it!