I’ve craeted a small online exchange based on Bitcoin Core. The features in this application are:
- User send request to get a new address, and the Bitcoin Core generate a new one with defined passphrase.
- User can receive BTC on his own address.
- User can send BTC from his own address, and for this purpose, I’ve used
sendtoaddressafter unlocking account with
In this scenario, there is one complicated passphrase which is able to unlock all accounts. But after reading about multisig feature, I thought about implementing a scenario in this regard on my application. But there are some questions in my mind:
- I have used a fixed passphrase in my codes while sending transactions. Regarding to multisig concepts, I need to use different private keys to sign data instead of using a passphrase to unlock that account. Am I right?
- As the operation in an online exchange should be do automatically, I think I have to use all required private keys in the final step of my codes. In this case, I think I did not add any new security mechanism to my application as everything is located beside each other. Can I cound on security impact of multisig accounts in my application at all?
I hope you can help me so solve these issues in my mind.