-
Notifications
You must be signed in to change notification settings - Fork 9
Skycoin hardware wallet
This is the firmware for the skycoin device which is intended to safely store a "seed" corresponding to a skycoin wallet.
It can generate addresses, sign messages or transactions and check signatures.
The hardware wallet has two buttons: Ok and Cancel. The user has to press one of these buttons when the hardware wallet requires user confirmation.
It communicates with a host PC using a USB wire. Please use Skycoin's web application or a Command line interface tools to communicate with this firmware.
More informations in tiny-firmware's README.md section 6. How to read the firmware's code.
Start the device in bootloader mode and flash the firmware file over USB.
The skycoin wallet is able to use a private key to sign any message and output the signature to the PC. But there is no way to have the firmware output the private key used to sign the message.
The seed used to generate key pairs is stored in the firmware's memory.
This seed is important it represents the wallet itself.
For safety it is strongly recommended that the user keeps a backup of that seed handwritten in a paper stored somewhere safe.
This seed can be very useful to recover the wallet's money in case the skycoin hardware wallet is lost.
When the hardware wallet is freshly configured with a seed. The screen displays a NEEDS BACKUP message. This means that you can send a backup message to the hardware wallet to enter backup mode.
If a pin code was set (see PIN code configuration section), it is required to enter backup mode.
The backup mode will display every word of the seed one by one and wait for the user to press the Ok button between each word. The user is supposed to copy these words on a paper (the order matters).
After a first round the words are displayed a second time one by one as well. The user is supposed to check that he did not mispelled any of these words.
Warning 1: once the backup is finished the NEEDS BACKUP disappears from the hardware wallet's screen and there is no way to do the backup again. If you feel you did not backup your seed properly better generate a new one and discard this one before you invested Skycoins on the wallet corresponding to that seed.
Warning 2: It is strongly recommended to do the backup short after the wallet creation, and before you invested Skycoins in it. If you loose a wallet that has an open door to do a backup, the person who finds it can use this backup to get the seed out of it. Especially if you did not configure a PIN code.
At the time this document is written the hardware wallet is only able to store one seed. TODO ? new feature store more than one seed ?
If the user sends a seed setting message, the hardware wallet's screen asks the user if he wants to write the seed. If the user presses hardware wallet's Ok button. The new seed is stored and if there was an other seed before, it is gone forever.
So don't configure a new seed on a hardware wallet that is representing a wallet you are still using (see backup section to avoid this problem).
You can configure a PIN code on the hardware wallet. Check this documentation to see how to use the PIN code feature.
You can modify an existing PIN code. But the previous PIN code will be asked.
If you are not able to input a correct PIN code there is no way to change it apart from wiping the device.
The PIN code is required for
- address generation (can be cached)
- check signature (can be cached)
- signature
- device backup
If the user inputs a correct PIN code once, the PIN code is cached. When the PIN code is cached the operations where PIN code cache is authorised do not ask PIN code again to perform properly.
The PIN code stays cached until the device is plugged off.
The PIN code has to be input every time no matter what for the operation that do not allow PIN code cache.
If the user enters a wrong PIN code, the next time he asks for an operation requiring to enter a PIN code he has to wait extra seconds before he can enter it.
The amount of time he has to wait before he can try again increases everytime he enters a wrong PIN code.
A message exist to wipe the device. It erases seed and PIN code.
When the device receives a wipe message it prompts the user to confirm by pressing Ok button.
There is no way back after a wipe. All the stored data is lost.
TODO ? check this issue
- When to ask passphrase ?
- Has impacts on web wallet integration
TODO ? Use passphrase as a key for encryption ?
All the dependencies to external code are located in tiny-firmware/vendor directory.
It is worth mentioning
- libopencm3 which is a library managing low level interface with STM32 microchip.
- nanopb contains few source files pb_common.c, pb_encode.c, pb_decode.c. They are low level interface to decode google protobuf messages used in the communication with the PC.
This mode is called by a long press on the "Yes button" (2 seconds).
If the user confirms he wants to perform a factory test:
The device performs the following steps:
- blinks the screen 10 times switching on and off all the led of the screen
- asks user to press No button
- asks user to press Yes button
- prints success or fail
In case of problem reopen this issue.
It is possible to update the device firmware from USB. But you need to start the device in bootloader mode. To do this press simultaneously both of the device's buttons while plugin it in.
- Manual
- How to check whether device is genuine
- Initialize the wallet setting up
- Getting to know the wallet
- Update firmware
- Restore configuration
- Backup your seed
- Test your seed (Dry run)
- Optimize account security
- Send and receive crypto assets
- Wiping a Skywallet
- Remove Skywallet from wallet list
- Rename a Skywallet
- If transaction is too large
- Check the firmware version
- Manage the PIN code
- Troubleshooting
- Not yet implemented future features