i'm trying to install the monero-gui package on Artix but i get "error: monero: signature from "kpcyrd <git⊙rc> is unknown trust"

lostpon: `pacman -S archlinux-keyring`

I mean, I don't know about Artix, but you seem to have an old key of mine in your keyring and you need to update the package that provides it

kpcyrd: thanks, Artix moved the package to another repo so it wasn't updated on my last update

added the new repo, updated the package, installed monero. thx

huh, interesting. glad it's working now tho. :)

hi ho!

hey... about Tx keys. I see private and public, but what happens if the private key is disclosed?

Transaction can't be reversed, they can't use it to create another payment, so... what evil could be done if 3rd party knows Tx private key?

Nomenclatura, they could spend your XMR

ohhh tx private

no

yeah tx

nvm... I know nothing

probably just tx details

With the tx private key, you can create an old style spend proof.

I think you can also tell which of the inputs are the real spends. Not 100% sure.

isn't private key the key that is used to spend outputs of that transaction?

the receiving side can calculate private key by using their wallet's private keys

Then you cannot tell which inputs are the real ones :)

Wait. No.

There's a Diffie Helman key exchange going there, the receiver does not recover the secert key I think.

Do you *think* they do, or do you *know* they do ?

¯\_(ツ)_/¯

getmonero.org/library/Zero-to-Monero-2-0-0.pdf 4.2 One-time addresses

info on that is meager, that's why I'm asking here.

To spend his ‘0’ amount output [sic] in a new transaction, all Bob needs to do is prove ownership by signing a message with the one-time key Ko. The private key ksB is the ‘spend key’ since it

is required for proving output ownership, while kvB is the ‘view key’ since it can be used to find outputs spendable by Bob.

Just for clarity, the output secret key is not the tx secret key.

The recipient uses its view sec key with the tx pub key to get... what the sender creates with the tx secret key and the recipient's view pubkey. To me, this implies the recipient cannot get the tx secret key back.

(otherwise, why do the dance)

But every transaction is unique so the private key is teh signature for that one transaction only not for ll transactions, right?

s/ll/all

The signature signs all the tx prefix, which includes the tx pub key. Not sure if that's what you're asking. Tx secret keys are randomly rolled per tx.

(and the tx pubkey is deterministically derived from the tx secret key)

Several txes can use the same tx secret key. In fact, it is likely some do on the current chain.

so it is like an ssk private key

and the public tx is like the hash of an specific connection

If you're using an ECC ssh key, I guess yes.

That second one lost me :D

mmm

but this is diffie hellman?

I think so. sec/pub vs pub/sec. Maybe not canonical, but that's the idea behind DH.

If the tx private key is like an ssh private key, then yes, it can be used to generate new keys, this is, new transactions and spend xmr in the address.

The output sec keys can be derived by the recipient, but not by the sender (thankfully). So that one's not a straight DH from the keys above.

But your questions are almost certainly answered in the PDF sech1 linked above. Which I really should read one day..

cables for 3 and 4 should be underneath 1 and 2 cables chrono

oops

sech1: thanks man, I'll read that

moneromooo: it's all clear now =p

But, what you see as "tx private key" in transaction details refers to the private view key or the private spend key?

neither

private view key and private spend key belong to wallets, not to txns

a txn has already been spent, so what sense would it make for it to have a spend key?

right!

So, the Tx key in transaction details is the public key, ain't it?

Reason is I am checking monerohash.com

To prove a transaction it asks for "Tx private key"

That's the old style "proof". The new style is better, since it doesn't leak the tx secret key.

so, private for the transaction signature I would assume, but reading sech1 I understand that is either the private spend or private view

right, but I wat to understand what it is

It's almost certainly the secret tx kjey, which is different from hte secret spend key and the secret view key. and the secret output key.

The view/spend ones make up your address (or, rather their public counterparts do),

The tx pub key is per tx, rolled randonly by the spender.

'cause if that website asks for tx private key, then it could spend the addresses of everybody who checks it there

The output secret key is per output, derived by the recipient.

No, it can't.

right, so, tx private key is what is used to sign that transaction alone, not all transactions, therefore it cannot be used to either view or spend in stake of that address, right?

It doesn't sign the tx. Your spend secret key does.

If so, then why have a private/public key and not just a hash?

okay it makes no sense

Your spend, and possibly view, key does.

Zero to monero will explain the details if you wnat to know them.

oh I'm reading it

not a 5 min read tho

So, in short... If tx private key is neither private spend or private view key, and tx privake key is the unique private to generate the public, which is the spend, then there is no possible misuse of the private tx key since it is the private key for the transaction already spent

correcto?

You can confirm you have outputs in a transaction by using the tx private key, and the destination public address

For example in p2pool Coinbase tx private key is known for blocks mined, and as such every other node can verify payments were done proper

okay

Then why not a hash instead of a private/public?

For example for this random miner p2pool.observer/miner/44fVopMqBVzPa…wGN9ibG8zaYbBUvwN9AcW8Kn6SThSkZ8wWK

last payout proof goes to p2pool.observer/p/EJKT/Ox

With tx private key 42fc2a92317fd6fe907297bb5d248bcb717269536df6d6620b061fb012c6ec0e

That way you can verify the miner provided a proper payout in the transaction that mined the block p2pool.observer/share/4e8526216ab90…2a4da9cdb99e168826723cef30a32fbd2c6

thinking_face.gif

Basically you can recreate the calculation to generate the ephemeral public key if you have the tx private key

oooooh I see

and the destination address

if ephemeral public key on output index equals what you have calculated, that output is yours

So you can use it to prove several outputs for the same address

Or prove outputs for many addresses

So, the only possible bad use is that having tx private key allows you to see what outputs that address has had

you need to know the destination address you want to test against, however, and the tx private key

yes

thank you!