Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: Offline signing with KeepKey or Trezor (Read 1653 times)

dooglus
legendary
Activity: 2940
Merit: 1333
Offline signing with KeepKey or Trezor
October 11, 2017, 02:16:10 PM
#10
Quote from: BitcoinNewsMagazine on July 22, 2017, 09:07:40 AM
Quote from: dooglus on July 22, 2017, 02:39:53 AM
Is this still an issue, or is there now an easy way of using Trezor with an offline computer?

I don't want to plug a hardware wallet into an online computer. It seems much safer to use an offline one. Is this now a solved problem?

I think you are concerned about a non issue. Your Trezor is in effect the offline computer; it is impossible for malware to get to your private keys in Trezor.

The Trezor is offline until you plug it into a potentially compromised online computer. Then all bets are off, and you have to hope that the Trezor firmware doesn't have any exploitable bugs or backdoors in it.

I would want to be able to plug the Trezor into an offline computer, and sign the transaction there.

Is that possible yet?
BitcoinNewsMagazine
legendary
Activity: 1806
Merit: 1164
Re: Offline signing with KeepKey or Trezor
July 22, 2017, 09:07:40 AM
#9
Quote from: dooglus on July 22, 2017, 02:39:53 AM
Is this still an issue, or is there now an easy way of using Trezor with an offline computer?

I don't want to plug a hardware wallet into an online computer. It seems much safer to use an offline one. Is this now a solved problem?

I think you are concerned about a non issue. Your Trezor is in effect the offline computer; it is impossible for malware to get to your private keys in Trezor.
dooglus
legendary
Activity: 2940
Merit: 1333
Re: Offline signing with KeepKey or Trezor
July 22, 2017, 02:39:53 AM
#8
Is this still an issue, or is there now an easy way of using Trezor with an offline computer?

I don't want to plug a hardware wallet into an online computer. It seems much safer to use an offline one. Is this now a solved problem?
BitcoinNewsMagazine
legendary
Activity: 1806
Merit: 1164
Re: Offline signing with KeepKey or Trezor
May 17, 2016, 08:22:37 PM
#7
We used to have to use two computers to protect bitcoin private keys from theft or malware. I preferred Armory over Electrum for privacy reasons but it was a royal pain to boot up two computers then use a USB drive to carry transactions from the watching only online wallet to the offline Electrum or Armory wallet to sign. Trezor changed all that. You would have to explain your position that using Trezor is less secure than the old method.
Bridgewater
full member
Activity: 133
Merit: 100
Re: Offline signing with KeepKey or Trezor
May 17, 2016, 06:45:08 PM
#6
Thanks for the tip. I'll keep trying.

What I'm trying to do is fairly simple. Also, having multiple layers of protection is nothing new in the realm of security.

The biggest selling point of Electrum (for me at least) has always been its ability to use an online watch-only wallet in combination with an offline signing wallet.  The only thing Trezor would add in my use case is the ability to store the offline wallet's mnemonics in a much more secure and convenient way than an encrypted private key on the offline computer's hard drive.    By comparison, using Trezor directly with an online computer is arguably less secure than the plain Electrum online watch /offline sign method. 

FYI, if somebody sells a hammer and includes instructions on how to use it to build a house, it does not mean the hammer can only be used for house-building.  Given the open source nature of the Bitcoin ecosystem, I believe that Trezor's creators fully intended people to come up with creative ways to use their product.

All that being said, I'm now looking into multisig to get the extra layer instead.
BitcoinNewsMagazine
legendary
Activity: 1806
Merit: 1164
Re: Offline signing with KeepKey or Trezor
May 16, 2016, 06:03:27 PM
#5
Good luck with this, you appear to be trying to use Trezor with Electrum is a way not intended by the developers. You first initialize Trezor using myTrezor.com then connect to Electrum as described in the user manual. Electrum just takes the place of myTrezor.com.

If you want one of the developers to comment you will have better luck posting on /r/Trezor at Reddit.
Bridgewater
full member
Activity: 133
Merit: 100
Re: Offline signing with KeepKey or Trezor
May 16, 2016, 05:01:31 PM
#4
Does anybody know the answer to this?
Bridgewater
full member
Activity: 133
Merit: 100
Re: Offline signing with KeepKey or Trezor
April 23, 2016, 09:20:25 PM
#3
Quote from: RepairmanJack on April 23, 2016, 03:29:33 PM
I got to the same place with a trezor Sad

I think the problem is here.  It even says "FIXME..."
https://github.com/spesmilo/electrum/blob/master/plugins/trezor/plugin.py

Code:
def get_input_tx(self, tx_hash):
        # First look up an input transaction in the wallet where it
        # will likely be.  If co-signing a transaction it may not have
        # all the input txs, in which case we ask the network.
        tx = self.transactions.get(tx_hash)
        if not tx:
            request = ('blockchain.transaction.get', [tx_hash])
            [b]# FIXME: what if offline?[/b]
            tx = Transaction(self.network.synchronous_get(request))
        return tx

    def sign_transaction(self, tx, password):
        if tx.is_complete():
            return
        # previous transactions used as inputs
        prev_tx = {}
        # path of the xpubs that are involved
        xpub_path = {}
        for txin in tx.inputs():
            tx_hash = txin['prevout_hash']
            prev_tx[tx_hash] = self.get_input_tx(tx_hash)
            for x_pubkey in txin['x_pubkeys']:
                if not is_extended_pubkey(x_pubkey):
                    continue
                xpub = x_to_xpub(x_pubkey)
                for k, v in self.master_public_keys.items():
                    if v == xpub:
                        acc_id = re.match("x/(\d+)'", k).group(1)
                        xpub_path[xpub] = self.account_derivation(acc_id)

        self.plugin.sign_transaction(self, tx, prev_tx, xpub_path)

See how it has to check for transactions before it will sign?

I was finally able to sign a transaction completely offline, but only by painstakingly copying the transaction history from the online watch-only electrum wallet of the same xpub, then copying it into the wallet of the offline electrum.
RepairmanJack
newbie
Activity: 9
Merit: 0
Re: Offline signing with KeepKey or Trezor
April 23, 2016, 03:29:33 PM
#2
I got to the same place with a trezor Sad
Bridgewater
full member
Activity: 133
Merit: 100
Re: Offline signing with KeepKey or Trezor
April 18, 2016, 06:55:57 PM
#1
I've set up an online watch-only Electrum (2.6.4) with the xpub from my offline Electrum+KeepKey walet, created a transaction and loaded it into my offline Electrum to try to sign it with the KeepKey.

The problem is my offline Electrum tries to connect to server instead of instructing the KeepKey to sign the transaction.  It gives me a "Server did not answer" message and fails.

I tried this with a Trezor and it works fine, but not KeepKey for some reason.

Edit:

I was wrong, offline signing does not work even with the Trezor, either.

I thought it worked but the test was not fair because i simply unplugged the internet from a synced wallet to test it.  If the offline Electrum is not synced when trying to sign a loaded transaction, the Electrum keepkey/trezor plugin tries to connect to the server instead of simply instructing the hardware wallet to sign the loaded transaction.
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: