BitcoinDart (dart_bitcoin)

A Bitcoin package for Flutter and Dart Apps. With this package, a transaction can be created and signed, and an address can be created.

Released under the terms of the MIT LICENSE.

Should I use this in production?

If you are thinking of using the master branch of this library in production, stop. Master is not stable; it is our development branch, and only tagged releases may be classified as stable.

Can I trust this code?

Don't trust. Verify.

We recommend every user of this library and the dart-bitcoin-lib ecosystem audit and verify any underlying code for its validity and suitability, including reviewing any and all of your project's dependencies.

Mistakes and bugs happen, but with your help in resolving and reporting issues, together we can produce open source software that is:

  • Easy to audit and verify,
  • Tested, with test coverage >95%,
  • Advanced and feature rich,
  • Friendly, with a strong and helpful community, ready to answer questions.

Installation

# install dart_bitcoin package
dart pub add dart_bitcoin

# optionally, install a key derivation library as well

# ecpair is the ECPair class for single keys
dart pub add dart_ecpair
# bip32 is for generating HD keys
dart pub add dart_bip32

Usage

Crypto is hard.

When working with private keys, the random number generator is fundamentally one of the most important parts of any software you write. For random number generation, we default to the ECPair.randombytes module. Although this default is ~OK, there is no simple way to detect if the underlying RNG provided is good enough, or if it is catastrophically bad. You should always verify this yourself to your own standards.

This library uses dart-ecpair, which uses RFC6979 to help prevent k re-use and exploitation. Unfortunately, this isn't a silver bullet.

Finally, adhere to best practice. We are not an authoritative source of best practice, but, at the very least:

  • Don't re-use addresses.
  • Don't share BIP32 extended public keys ('xpubs'). They are a liability, and it only takes 1 misplaced private key (or a buggy implementation!) and you are vulnerable to catastrophic fund loss.
  • Enforce that users always verify (manually) a freshly-decoded human-readable version of their intended transaction before broadcast.
  • Don't ask users to generate mnemonics, or 'brain wallets', humans are terrible random number generators.

Running the test suite

dart test

Complementing Libraries

  • BIP21 - A BIP21 compatible URL encoding library
  • BIP38 - Passphrase-protected private keys
  • BIP39 - Mnemonic generation for deterministic keys
  • BIP32-Utils - A set of utilities for working with BIP32
  • BIP66 - Strict DER signature decoding
  • BIP68 - Relative lock-time encoding library
  • BIP69 - Lexicographical Indexing of Transaction Inputs and Outputs
  • Base58 - Base58 encoding/decoding
  • Base58 Check - Base58 check encoding/decoding
  • Bech32 - A BIP173/BIP350 compliant Bech32/Bech32m encoding library
  • coinselect - A fee-optimizing, transaction input selection module for dart-bitcoin-lib-lib.
  • merkle-lib - A performance conscious library for merkle root and tree calculations.
  • minimaldata - A module to check bitcoin policy: SCRIPT_VERIFY_MINIMALDATA

LICENSE MIT

Libraries

dart_bitcoin
A Dart Bitcoin library.