Topic: Setting up Blockstream Jade (Read 281 times)

To be honest, I have seen it somewhere, but I will disappoint you because I can't remember where.

The conversion could be even easier though.
Like this:
1 = 0
2 = 0
3 = 0
4 = 1
5 = 1
6 = 1

I am not sure one die is good enough to generate random enough entropy. It could have a tendency to roll one number or more of them than the rest. The more die you have for this purpose, the better.   

What's the source for this conversion system? Seems a bit too technical for me to do without a proper guide to explain the ins and outs. I am guessing it would require an airgapped wallet to do the work offline in a safe manner.

Ok I think I have undrestood.
So, basically, you need to:
1. throw the dice
2. manually convert the results into BIP39 words using their helper table.
3. press calculate in order to calculate the last word (it will internally use SHA256 etc).
Sounds good.

Let me add another way, with 1 classic 6-sided die.

1. Get 1 classic 6-sided die.
2. Convert the throw into bits like this: 1 = 00, 2 = 01, 3 = 10, 4 = 11, 5 = 0, 6 = 1
3. Generate 11 sequences of 11 bits each.
4. Convert each sequence into decimal.
5. Find the corresponding word in bip39 wordlist table.
6. Import the words in Jade, as mentioned in your list.
7. Jade will calculate the checksum for you.
8. Write the final seed phrase down and back it up at twice.

There is an advanced feature in Jade that allows you to generate your seed using dice. It's a bit complicated and isn't your average dice rolling method. It requires three die: two 16-sided and one 8-sided. There is a table that corresponds to words depending on the results of the three rolls. You can take a look at it here: https://help.blockstream.com/hc/en-us/article_attachments/21328564164505

After you have done that, you can import the words into Jade and let it calculate the final word. It works both in the stateless and the standard Jade signing mode.
Create a recovery phrase using dice

You mean in general, right?
Because you can't do that in Jade. There isn't a feature to import custom entropy, like there is for example in BlueWallet, where you can import dice rolls or coin flips etc.

Looking at it from the surface without going into too much details, I prefer the Jade to generate my new seeds rather than the Krux. I could also do it with a Trezor or a Ledger, but that's not recommended and defeats the purpose of an airgapped hardware wallet. Getting the entropy from dice rolls in combination with a passphrase for added security is also a good option.

You can load it onto a device like a Maix Amigo, or you can buy DIY development boards.  It can be as easy as you want or as DIY as you want.  I'm a huuuuuuge fan of using Krux on a Maix Amigo because the Amigo is a ready to go device with a large touchscreen, so just flash Krux onto it and you're good to go.



I haven't used Krux for creating a seed.  I already have seeds that I made with a Blockstream Jade.

The entropy Krux uses for encrypting seed QRs is excellent.  I have it set up to use AES-CBC, PBKDF2 Iterations: 100,000 (it has options for ECB and CBC).

I see. So it's just a piece of software you load onto an existing hardware device. The Krux belongs to the category of DIY hardware wallets, which made me think it's a device you need to build yourself using multiple parts like the Seedsigner. But I see that it's much easier than that.

These devices only generate entropy from a camera picture you take with them. Even the Krux team developers recommend using dice rolls for entropy generation according to their help section.

Krux runs on Kendryte K210 devices, including the M5StickV and Maix Amigo.  There's nothing to assemble.  The only thing you have to do is flash the Krux firmware onto it, but that's easy.

The M5StickV looks very similar to a Blockstream Jade.  The Maix Amigo is an amazing device that looks like a chunky smartphone, except it's all plastic.  It has a large touchscreen, and it only costs around $55.

I posted a review of Krux here in the forum along with tons of pics.  I'm a huge fan of this project.
https://bitcointalksearch.org/topic/m.62892423

I like Blockstream Jade too, but I only use it for BIP85 these days.  Krux, paired up with Blue Wallet as a companion app, is an amazing combo.

That's because you are using the stateless mode that Jade offers, where all your private data is wiped clean after you turn the device off. Jade works both as a traditional HW that saves the keys on its chip or a stateless device.

Now that you mention it, the Krux is only available as a DIY hardware wallet, right? Can it be purchased as a fully assembled unit, like the Seedsigner?

This is exactly how I use Jade, and it's what I'd recommend.

If somebody steals my Jade, the only thing they get is a device with nothing saved on it, which means the only thing I lose is the device itself.  And if the device dies, as all devices eventually will for one reason or another, again I lose nothing since nothing was saved on the device.

I'm not a fan of how clunky Jade is to use, but it gets the job done.  I use Krux on a Maix Amigo as my hardware wallet these days: it's airspeed & stateless like Jade, but it has huge advantages of having a large touchscreen, passphrase QR, encrypted Seed QR, among others.  I use Jade for BIP85.

Exactly, I have only used the PIN when I initially turned it on. I created the wallets and the PIN was mandatory. But if you decide to use the approach that I explained above, then the PIN is not necessary. In fact, the device will not ask for a PIN if you follow the steps I mentioned above. So ...

That's another reason to create a SeedQR code and use that every time you need to recover your wallet or create fresh PSBTs. If the navigation keys are of low quality, it's better to use the camera. That way you are sparing the buttons, to not wear them out as quickly.

The way I understood it is that the use of the PIN, and therefore also the virtual secure element, is optional. You can choose not to use it. And if it stops working, you can recover your coins with the recovery phrase or a SeedQR (if you created the latter).

From my side the biggest negative side of the device is the virtual secure element[1]. Blockstream claims that this secure element "allows it to remain fully open-source while also being protected from physical attacks and achieving similar (if not better) security from this potential threat" and in here[2] you are given a glimpse of how it works:
In other words, if the server that validates your PIN is down, you can't unlock your device and spend your funds. If that scenario happens, the only way that you will be able to spend your funds is by importing your seed into another device.

Does this make you feel that you are in control (as you should be) of your funds?

---

[1]https://help.blockstream.com/hc/en-us/articles/9639949755673-How-does-Blockstream-Jade-s-oracle-enforced-PIN-protection-work
[2]https://help.blockstream.com/hc/en-us/articles/13745404122265-Does-Blockstream-Jade-have-a-secure-element

I am so used to using Jade that I forgot to mention it. Very good catch dkbit98. The button and the wheel that Jade has is not very comfortable to use. The wheel is a bit clunky too. Not that it doesn't work, nor that it feels like it will break, but it kind of "moves" a bit, like the plastic could have been of better quality. If you know what I mean.

But as I said, Jade does a great work! I love it.

I like the small format but I think those navigation/function buttons can be a pain in the ass when typing anything.
Jade is great as small portable device and advantage compared to Seedsigner is internal battery, but I recently saw people started to make Seedsigner cases with integrated battery.
Another nice advantage for Jade is support for Liquid network, and you can also make your own diy Jade if you want.

Before answering the questions, I want to say that I haven't used Jade with a Blockstream's companion app (BS Green).
I use Jade with Sparrow and I have also tried it with Electrum.
Therefore, there is a big area regarding the Jade, in which I can't comment anything unfortunately. I am refering to the integration with their companion app and, as a consequence, I am also refering to the Bluetooth usage. In fact, my Jade's BT is always turned off.

They do have an option to generate entropy from a picture you take with the device's camera. I can't comment on the technical part of it, though or how secure such seeds are. I hope the Jade has been put under severe tests to verify that the generated entropy from the device is strong enough. It's not exactly the most popular HW (which is also true for the Seedsigner) and surely doesn't generate as much interest as the major brands.
[/quote]

Sure, I dislike the entropy generation using the camera, it feels very wrong, even though it may be not. Jade also uses the camera to gather some entropy bits. It also uses the battery state, the cpu usage, some CRNG, the bluetooth etc. ^[1]

Blockstream has never been very popular. I don't know why. I am not a fan, but I have never observed anything to disturb my confidence against them. I am okay with the Jade, but nothing more than that.


Yeah, sorry, I totally missed the question.

Well, the battery is good, I have never had problems. To be honest, I don't sign a lot of transactions with it. In the past couple of months, I have signed approx. 10 - 15 transactions. Each transaction takes about 5 minutes, in which I turn on the wallet, I scan the QR code, I scan the TX, I sign the TX and then I export the PSBT to be scanned from my "broadcasting" wallet (mostly Sparrow).

So, let's say 15 transactions x 5 minutes each = 75 minutes.
It's been approximately 60 days in which I have done these operations.
My battery at the moment is still a little below 50% (there is no percentage indication, so my estimation is based upon my ability to interpret the half-loaded battery symbol.

I don't really know if it's good or not, but it feels "okay-ish".

[1] https://help.blockstream.com/hc/en-us/articles/9640569620761-How-does-Blockstream-Jade-generate-it-s-recovery-phrase

I see. I take it that you bought it as non assembled and assembled the parts yourself. Otherwise, you could have purchased the assembled unit with the correct Pi Zero v1.3 from BTC Hardware Solutions. The Jade supports Bluetooth, though, while the Seedsigner doesn't.

They do have an option to generate entropy from a picture you take with the device's camera. I can't comment on the technical part of it, though or how secure such seeds are. I hope the Jade has been put under severe tests to verify that the generated entropy from the device is strong enough. It's not exactly the most popular HW (which is also true for the Seedsigner) and surely doesn't generate as much interest as the major brands.

You forgot to mention the battery. How do you like its performance?

I think it must be approximately 1 year since I bought it. Perhaps a bit more.

Well the seedsigner is fantastic but I wasn't able to find an RPi Zero (the one without the WiFi adapter).

The jade, came cheaper and more convenient for me, so I bought it.

Technically, a major difference is that the seedsigner doesn't generate entropy. So you must enter your own entropy by flipping coins or throwing dice. When it comes to backups, the Jade allows you to export the QR code in compact mode, whereas the SS allows you to export both compact and "not compact" QR codes.

The SS is closer to my general mentality but the Jade is silently doing its job very well and comes handy when you need it.

BlackHatCoiner has a brilliant guide for the SS. When I go home I will share it, unless he does so before me.

I wouldn't recommend the one or the other, they both work well. The SS is better in terms of privacy. In fact nobody knows what you want the spare parts for when you buy them. The Jade is super easy to use and comes very handy.

It seems like an interesting device, especially for its airgapped nature and affordable price. I might consider buying one. How long have you had it, and how satisfied are you with the battery performance? Since you mentioned Seedsigner, what made you buy the Jade and not the Seedsigner, for example? They are quite similar in several ways. The SeedQR is an invention by the developers of Seedsigner, unless I am mistaken.

Have you discovered any major cons or do you regret buying the Jade?

Yes, it's worth it. Definetely.

The way I use Jade is:

Backup system:
For each wallet I hold 2 backups, as follows:

• Backup 1: Seed phrase, QR code
• Backup 2: Seed phrase, QR code

Obviously the backups are in separate locations (the one is easily accessible).

Usage:
Every time I want to use Jade, I do the following:
1. Turn it on.
2. Scroll twice and click "Options".
3. Click "Temporary signer".
4. Click "Scan QR".
5. I do scan the QR code and my wallet is ready to sign transactions.
6. I turn Jade off. The memory is automatically flushed, so if you turn it on, nothing is saved.

So I mostly use Jade as the SeedSigner and after each usage, nothing remains in Jade's memory. So if someone gets access to it, they can't do anything. Obviously, if they get access to one of my backups, then my funds are gone. But the device itself can't help someone to compromise my funds.

I would rather use the SeedQR method instead of QR PIN unlock if I had a Blockstream Jade. It's quicker to gain access to your hardware wallet by just scanning a QR seed code then scanning multiple QR codes both on the hardware device and a secondary device. It's true though that you need some time to set up your SeedQR, but it's worth it.

QR PIN unlock is just a feature that allows you to "unhook" your wallet in fully air-gapped way.  It is the safer (in some extend)  procedure  than doing similar action  let's say via USB or Bluetooth. The step-by-step guide (accompanied by the relevant pictures) on how to utilize "QR PIN unlock" can be found on their supporting page https://help.blockstream.com/hc/en-us/articles/15572026940953-How-do-I-access-my-wallet-with-QR-PIN-Unlock

if you love, admire and trust blockstream to decide to use their software, why are you now not contacting them for support
(my question was rhetorical. no need to answer me, the answer is more for your own mind it injest)

The purpose why you need go to a webpage because you're using the blind oracle created by Blockstream, they claimed to be safe and not harm your privacy.


But you can create your own blind oracle if you skeptic https://help.blockstream.com/hc/en-us/articles/12800132096793-Set-up-a-personal-blind-oracle

Yeah in order to access the wallet it needs both Jade (hardware wallet) and another device, if you only have one of them, you can't access your wallet using QR PIN Unlock. But you can access your wallet using SeedQR aka seed phrase, so there are two ways to access it.

Blockstream Jade has a unlock feature called QR PIN unlock. First I enter my previously selected PIN numbers. Next is the part I don't understand its purpose I go to a webpage then I take QR pictures back and forth between Jade and website. Once I entered the PIN numbers on Jade, anybody with a phone can do the next part, right?