Secure a digital wallet in the public cloud

Summary

In this code pattern, you’ll learn how to deploy a digital wallet application with a web front end and an Electrum Bitcoin client in an IBM Cloud Hyper Protect Virtual Server using Electrum 3.3.6. The application will be deployed in an IBM Cloud Hyper Protect Virtual Server while integrating with IBM Cloud Hyper Protect Crypto Services to encrypt the Bitcoin wallet. This integration is optional, but adds another layer of security.

Description

Cryptocurrencies like bitcoin require top-level protection as hackers look to steal these digital assets. Digital wallets need to be secure in order to keep currency safe. In this example, you will create a digital wallet that’s deployed in the public cloud for easy access while still maintaining high security with IBM Cloud Hyper Protect Services.

To start, you’ll create an IBM Cloud Hyper Protect Virtual Server instance, which requires a generated SSH key pair to ensure that only the user has access to the instance. You’ll then build and deploy the Python back-end application. Finally, you’ll build and deploy the Electrum Bitcoin application that uses Node.js to serve a static website employing jQuery to make requests to the Python back-end app. The result is a digital wallet application that can accept user information to access bitcoin funds on the cloud. By running the app in an IBM Cloud Hyper Protect Virtual Server, you can ensure that the storage used by the applications is also encrypted. Additionally, with IBM Cloud Hyper Protect Crypto Services, you can ensure that the application itself is encrypted with keys stored in the tamper-proof HSM.

When you have completed this code pattern, you will understand how to:

  • Build and run an Etherum Bitcoin digital wallet application
  • Stand up an IBM Cloud Hyper Protect Virtual Server
  • (Optional) Integrate with IBM Cloud Hyper Protect Crypto Services to encrypt the wallet

Flow

Flow diagram

  1. User accesses Bitcoin wallet application via a browser that is connected to the Electrum front end.
  2. Requests (send/receive) are routed to the Electrum Bitcoin client server. This runs as a JSON RPC server to maintain a wallet by interacting with the Bitcoin network.
  3. In order to encrypt/decrypt the wallet file, the application has to use the keys that are stored in the HSM that can be accessed via IBM Cloud Hyper Protect Crypto Services.

Instructions

Find the detailed steps for this pattern in the README file.