[NOW AVAILABLE] BTChip / Ledger HW1 : Bitcoin Hardware Wallet in a USB smartcard

[btchip]

Revamped first post   old first post content stays after the line below, for historical purposes only as the scope and supported features changed quite a lot - you don't need to read below the line if you're new to the project

BTChip is a bitcoin/altcoin hardware wallet in a USB smartcard - low cost, secure, and available now - buy from https://buy.hardwarewallet.com (limited promotional offer, 2 cards for 20 €, payable in bitcoins)

See installation and setup instructions on http://www.hardwarewallet.com - BTChip works out of the box with GreenAddress (Chrome application & Android wallet) and Electrum (upcoming release)

For developers :

• Latest firmware documentation always available on https://btchip.github.io/btchip-doc/bitcoin-technical.html or https://github.com/btchip/btchip-doc
• C APIs : https://github.com/btchip/btchip-c-api
• Java APIs : https://github.com/btchip/btchip-java-api
• Web APIs (Chrome / Chromium only) : https://github.com/btchip/btchip-js-api - sample : KryptoKit integration https://github.com/btchip/btchip-kryptokit
• Python APIs : https://github.com/btchip/btchip-python

Updates are always posted on twitter : https://twitter.com/btchip

User tutorials :

• gdassori : https://bitcointalk.org/index.php?topic=787418

User reviews :

• Coding In My Sleep : http://codinginmysleep.com/hands-on-with-btchips-hw-1/
• Bitvoid : http://bitvoid.net/btchip/
• BitcoinInformation : https://bitcointalk.org/index.php?topic=134999.msg8819383#msg8819383
• Gabridome : https://bitcointalk.org/index.php?topic=782875.0

-------------------------------------------------------------------------------------------------------------------------------------------------------------------


(Word of warning for people who got a sample at 29c3 and plan to attack it - there will be some chip spoilers during this post)

Hi

Hardware bitcoin related projects look quite alive & kicking in 2012, which is great   here is my take on the topic of smartcard wallets, with a real world implementation

Smartcard wallet vs hardware wallet

First an hopefully unbiaised comparison between smartcard wallets and hardware wallets :

Pro smartcard wallet

• Hardware security : making sure an attacker who got the device will have a very hard time extracting something useful from it. Also protection against side channel attacks, especially during known-to-leak cryptographic operations.
• Cost : not considering an additional reader, an initial target cost per unit between 0.5 and 1 BTC is realistic (not considering large volumes). Shipping costs will be lower too, as sending an hardware wallet in a simple letter envelope seems harder.
• Durability : limited failure options with a single hardware component.

Against smartcard wallet

• Not Open Source : smartcard chips and associated toolchains are heavily covered by NDAs, which makes sharing the source a pain. It's of course possible to release an Open Source smartcard wallet application running on an open smartcard platform, but you still need to trust the platform.
• Limited protection against custom malware attacking bitcoin transactions : a hardware wallet will offer a display or buttons to review transactions. It is still possible to offer some protection against this in a smartcard as we will see, but not as extensively.
• Limited code options : modern smartcards f.e. SC000 based look more and more like typical microcontrollers, if you don't consider the RAM size - however that's still not what you get in a typical secure product. Moreover coding on an "open" platform such as Java Card limits you to what the cryptographic API can offer, which can be an issue for the bitcoin protocol (f.e. ECDSA signature is only offered over SHA-1 for one of the most recent Java Card version, considering the card supports ECDSA first)

BTChip project

 
http://www.btchip.com

1.4.4 firmware specification

This project started as a more or less 2 weeks hack of a generic smartcard OS to offer bitcoin friendly APIs. The initial motivation was to see if it could be done, and also the pleasure of tweaking a project initially dedicated to banking applications to support something outside the system

The chip used is an ST23YT66 which is your regular smartcard microcontroller with a twist : USB support. Which means it can be directly connected into a USB port with no reader necessary.

It features an implementation of the basic smartcard wallet described below an advanced smartcard wallet described in the specification, using USB HID as transport protocol - because it's more convenient than CCID for a general public application.

Here's the roadmap for the coming weeks, which will be updated as things get done :

• Release the first samples at 29c3 - done
• Improve the key generation & signing speed. Target is less than 2s, maybe less than 1s Now 900 ms to generate the keypair / 900 ms to sign
• Maybe support the advanced wallet model (discussion below check the specification), but that's unlikely.
• Support additional rich clients - so far there's a prototype for bitcoinj and integration into the official client is in progress. If you're a client developer and want a sample to play with, don't be shy and drop me a PM
• Support web clients - even if Java security has been a bit controversial in the past months (and Java browser support turned into a sick joke on OS X) I've had good success with javahidapi running in an applet container and Java should still be available on public computers, so it can be a starting point. since I wrote this Java security got even worse (hats off to Oracle, that's quite an achievement), so browser plug-ins here we come Exposing hidapi through FireBreath is quite easy, so that's the preferred approach so far.

A few words about GlobalPlatform

The GlobalPlatform Card Specifications are a set of specifications implemented by most recent multi application smartcards - they define how the card applications and cryptographic materials are isolated, as well as how to establish a secure transport channel (Secure Channel - think TLS with authentication and optional confidentiality using only symmetric keys) between the card and an external entity.

The smartcard wallet implementations will rely on GlobalPlatform concepts to :

• Define how keys are inserted into the card
• Authenticate the user to validate access rights to access specific keys
• Optionally authenticate the card responses

Smartcard wallet architecture

We assume the user store a lot of keys, not necessarily related to each other (i.e. not necessarily generated by a deterministic wallet)

To support this model, no ECDSA key will be stored on the smartcard and the smartcard will only manipulate the private component of an ECDSA key (S, 32 bytes) in an encrypted form.

A key used to encrypt private component of an ECDSA key is called a Context Key. Context Keys are stored on the smartcard itself and never revealed. The suggested encryption algorithm is Triple DES in CBC mode (because Triple DES capable cryptoprocessors are still way more common than AES capable cryptoprocessors nowadays on smartcard chips).

A bitcoin client stores the private key in an encrypted form along with the reference of the Context Key used to access it. It then sends SHA-256 hashes to sign to the smartcard for a non transaction aware smartcard wallet, or each component of the transaction to sign for a transaction aware smartcard wallet, along with the encrypted private key to sign with.

A Context Key can be associated to a specific GlobalPlatform Secure Channel. In this case, the user should be authenticated to the Secure Channel before being able to sign a transaction.

Basic smartcard wallet (non transaction aware)

The basic smartcard wallet just knows how to generate a keypair over the bitcoin ECDSA curve, and sign something. It is not aware of anything else bitcoin specific, and does not need to support SHA-256 either.

The following APIs are defined :

Generate Keypair : takes a Context Key reference, generates a keypair over secp256k1, returns the public component of the key (W) and the encrypted private component of the key (S') using the Context Key.

Import Private Key : takes a Context Key reference and a cleartext private key component (S), returns the encrypted private component of the key (S') using the Context Key.

Sign : takes an encrypted private key component (S'), the SHA-256 hash to sign, and returns the ASN-1 encoded signature components.

Verify (optional) : takes a public key component (W), the SHA-256 hash to verify, the signature and returns ok or not ok.

Advanced smartcard wallet (transaction aware) (old version, check the posts below for the updated version)

The following description is mostly outdated and kept only for reference - check the firmware specification instead

The advanced smartcard wallet proposal uses a simple concept to defeat useful malware : all output addresses must be authenticated by the card when included in a transaction.

In this model, before starting a transaction you'd take the output addresses, provide them to the card to be encrypted on a trusted computer or a different platform, then go on with the transaction signing.

Two new type of keys are defined, the Address Key, which is used to encrypt an address, and the Secure Hash key, which is used to encrypt a SHA-256 context.

In this implementation the smartcard needs to support SHA-256 and optionally RIPEMD-160 if automated keys generation for change is desired

The following APIs are defined :

Generate Keypair For Change : takes a Context Key reference, an Address Key reference, generates a keypair over secp256k1, returns the public component of the key (W), the encrypted private component of the key (S') using the Context Key, and the associated encrypt address.

Encode Address : takes an output address, an Address Key reference and returns an encrypted address that the smartcard will authenticate later.

Secure Hash Generic : takes a generic part of the transaction which is not an Output script, a Secure Hash context (or nothing if creating a new hash), a Secure Hash key reference and returns an updated (or new) Secure Hash context. The Secure Hash context holds the context of the SHA-256 hash, encrypted by the smartcard. It is sent back to the host instead of being kept in RAM in case people are interested to have a distributed implementation. This function must validate the provided data i.e. make sure that no Output script can be hashed by this function (f.e. by fragmenting it into meaningless parts).

Secure Hash Output Script : takes an Output script, a Secure Hash context, a Secure Hash key reference, a list of encrypted addresses and associated Address Key references and returns an updated Secure Hash context. The Output script structure is parsed and only accepted if the given address matches one of the encrypted addresses passed.

Sign Secure Hash : takes an encrypted private key component (S'), a Secure Hash context, a Secure Hash key reference and returns the ASN-1 encoded signature components.

Protecting against custom malware

Creating multiple Context Keys can be effective protected by a Secure Channel can help fragmenting the risks for large wallets - supposing an all powerful malware grabbed the authentication key of the Secure Channel and can play transactions, the risks are limited to the private keys linked to this Context Key.

Another simple method to protect against custom malware using an USB implementation can be to rely on an annoying fact : powering off a USB device by software is painful. Using this model, we can choose to accept one signature per session and force the user to unplug/plug again the device for each signed output - a cheap way to check that no additional outputs were added, but requires free fingers to count and doesn't prevent a malware that'd just replace a legitimate transaction by a fake one rather than adding outputs to a legitimate one.

Feel free to comment and improve on this  

[1713875047]

1713875047

[1713875047]

1713875047

[1713875047]

1713875047

[1713875047]

1713875047

[finway]

Cool

[paraipan]

Kick ass! Read half of your post and had to comment 

(goes back reading...)

[Mike Hearn]

I saw your clone of bitcoinj, great to see this announced. It sounds very cool.

I have some questions.

Firstly, you state that this chip can be attached directly to a USB port without any reader necessary, but the image you provide looks like a regular smartcard, which won't physically fit. So how does this work, exactly? Could you post a photo of one attached to your computer?

Secondly, I'm still a little confused as to use cases. As you admit, because it simply signs hashes in the standard mode, this is security-wise equivalent to having an encrypted wallet on a PC. If malware gets onto the machine it has to wait until the user makes a transaction, and can then steal all the funds. So a BTChip seems to have same security as a strong password, with the downside that you cannot back it up and you have to carry it around. Could you elaborate more on where you see this product fitting in? For instance, could it store time horizons (block time of earliest transaction, latest transaction) and be used as a kind of card-based wallet?

[btchip]

I saw your clone of bitcoinj, great to see this announced. It sounds very cool.

I have some questions.

Firstly, you state that this chip can be attached directly to a USB port without any reader necessary, but the image you provide looks like a regular smartcard, which won't physically fit. So how does this work, exactly? Could you post a photo of one attached to your computer?

Hi, sure. First you cut the shape in the center



Then you fold it



Then you can insert it

Secondly, I'm still a little confused as to use cases. As you admit, because it simply signs hashes in the standard mode, this is security-wise equivalent to having an encrypted wallet on a PC. If malware gets onto the machine it has to wait until the user makes a transaction, and can then steal all the funds.

The basic use case is indeed very similar to an encrypted wallet, but offers some additional security in my opinion.

One thing is that once a malware obtains the passphrase to an encrypted wallet, it can grab the private keys and use them later without requiring any interaction from the user. Using a smartcard wallet, the malware can request the smartcard to sign something using those keys, as long as the smartcard is connected and agrees to sign (you could set a session based limit according to the number of outputs you plan to sign, for example, and after this the card would have been to be removed / inserted again to be operational, or other creative countermeasures).

The biggest difference is that the private key is never manipulated in a usable form by the host.

You could also make the malware attack less successful by using different encryption keys for the private keys, each one using a different PIN.

So a BTChip seems to have same security as a strong password, with the downside that you cannot back it up and you have to carry it around.

You can back it up, and it's very important to do so the idea is to generate the context keys (encrypting the private keys) on a trusted computer when you first use the card (or decide to create a new context key), and keep the Triple DES key value in a safe place (printed / gpg encrypted ...). Thus you can exchange keys between another client implementation and the smartcard if you wish.

Could you elaborate more on where you see this product fitting in?

I can see it fitting some space between the pure software approach and the hardware wallet for people wanting some additional security, as it's cheaper to produce and distribute. And rebrand, if you consider the BTChip form factor (f.e. a web based wallet providing this to its users). Also as a side note more secure if physically attacked.

Now if the consensus is that basic mode is not secure enough, then I'll see how this can be improved and we can discuss it.

For instance, could it store time horizons (block time of earliest transaction, latest transaction) and be used as a kind of card-based wallet?

yes it could do that, although it has a very limited storage capacity (on this version, 16 kb). Can you elaborate more on this ?

[paybitcoin]

Secondly, I'm still a little confused as to use cases. As you admit, because it simply signs hashes in the standard mode, this is security-wise equivalent to having an encrypted wallet on a PC. If malware gets onto the machine it has to wait until the user makes a transaction, and can then steal all the funds. So a BTChip seems to have same security as a strong password, with the downside that you cannot back it up and you have to carry it around. Could you elaborate more on where you see this product fitting in? For instance, could it store time horizons (block time of earliest transaction, latest transaction) and be used as a kind of card-based wallet?

I can see it adding a bit more trust in a centralized, cloud-based card-provider scenario. The customer wins because the card provider doesn't have any way of getting at the funds directly as only the encrypted private key is stored (short of breaking 3DES.) They can also backup the funds directly in case the card provider goes defunct.

If you add more verification in the card itself to only allow signed transactions from the card provider, then the card provider and customer are secure in the fact that the signed transactions are not affected by malware (except if the recipient/merchant generating the transaction is infected, but at least someone can see it before it is signed.)

The customer would still have to trust the card provider not to spend all the funds as part of the next transaction, but then the card provider would also have to be cooperating with the merchant terminal/ host software provider to hide this fact when showing the receipt before signing.

Another note on this smartcard, there will always be some sort of cloud provider/host in the mix as the actual private key is _not_ stored in the card itself. Therefore (and as btchip just posted) it needs to be transferred to the card for signing.

btchip, if there is 16 kb of storage space available, is there a way to store and transfer out the encrypted key directly? Then you could do offline signing, as long as you trust the host software. Also, is it kilobits (Kb) or kilobytes (KB)? I see in the chip posted there is 66 Kbytes of User EEPROM...

[btchip]

btchip, if there is 16 kb of storage space available, is there a way to store and transfer out the encrypted key directly? Then you could do offline signing, as long as you trust the host software. Also, is it kilobits (Kb) or kilobytes (KB)? I see in the chip posted there is 66 Kbytes of User EEPROM...

16 kilobytes. There are 66 Kbytes indeed, which are mostly used by the bitcoin patch in this implementation

so yeah, you'd be able to store a few private keys, too. It's just less convenient when the card is lost, and less interoperable with other clients.

another idea for a (stupid) countermeasure against malware : generate a one time pad, and when signing, ask the user for a random value.

[Mike Hearn]

By time horizons, I mean, if I buy a card and put some keys in it and then load up those keys with some coins, if I give it to somebody else I want them to be able to quickly load up a usable wallet. For sites that have a full index of the blockchain (like blockchain.info or things that use their API) you don't need any other data, but most nodes don't have such an index. For them knowing the block span which may be useful to scan can speed up synchronization immensely. It means storing two extra ints, so hardly a big deal if you have 16kb.

[btchip]

ok I see, just for synchronization purposes. Yes, no problem doing that, creating extra files is already supported in the current version (and security restrictions can apply for read / update / delete access). I just need to map it in the client API.

[btchip]

Some news ...

On the key generation/signing speed, things are definitely improving.

More interestingly, we found a way to reclaim more free space on the chip. Which means the advanced scenario is definitely possible, and I'd like to improve it a bit.

The target is to have something that is easy to use and difficult to impersonate, of course, and define a protocol that could be applied to any hardware device without a display and buttons. The previous advanced protocol is a bit too complicated to use if all new addresses have to be encoded, IMHO.

So, a new idea, authenticating only the addresses :

When the device is received, a table is generated and can be printed. The table is a 0...255 index with values associated to user actions to perform. Values are assigned randomly to the indexes

• From 1 to 34 : enter char 1 to 34 of the address
• From 100 to 157 : enter number of time the character 0..57 of base58 is present in the address

When requesting a signature to an address, the dongle will generate a few challenges (number can be fixed by the owner) - each challenge is a 0...255 random number, and the user has to perform the action matching this index to proceed

The client software can display all information needed for computation, and the user can recheck its validity easily.

[btchip]

Some news ...

Key pair generation and signature are both at 900 ms each now.

Rather than adding a new giant wall of text to this forum the specification for the upcoming new firmware release has been published on github :

btchip 1.4.1 firmware specification (do not use the table of contents on this link, clone it locally if you want to do that)

Description of the challenge mechanism used to authenticate addresses - I've tried my best to be confusing for an automated malware, and hopefully not too confusing for the user, but let me know  

Now development of the firmware goes on and the first integration of the new features (including some absolutely non nice UI to play the challenge game) will be done for bitcoinj.

[btchip]

Another thread reminded me of a use case for this smartcard wallet which might not be obvious to everybody - server side security.

When you read the specification you might wonder why during the hashing process the hash-in-progress is sent encrypted to the host rather than staying on the chip - this is done to support transparent load balancing with several chips.

You can then support X * chips transactions per second on a server with a very good security level for cheap - an attacker will need to keep connected to the server in order to do something useful.



Of course if you plan to compete with Visa and Mastercard, old fashioned Hardware Security Modules are still recommended, but don't come with the same price tag 

[2112]

• Not Open Source : smartcard chips and associated toolchains are heavily covered by NDAs, which makes sharing the source a pain. It's of course possible to release an Open Source smartcard wallet application running on an open smartcard platform, but you still need to trust the platform.

OK, lets assume that I have no reservations against signing NDAs and developing wholy closed source. Could you please answer the following questions:

1) What is the cost of one complete development seat for the target platform?
2) Would the toolchain vendor even be willing to consider NDA from an one or two person shop (and no personal assets pledged) as valid?

[btchip]

ok, I assume you've already explored the "open" alternatives such as Java Card which are easier to design for and want to go native for your projects.

Then 1) is probably not the issue. I'd say less than 10k$ whatever the vendor. Often less than 5k$.

2) is more tricky. It's fine for a small shop if you can show references (preferred use case, but it might be a chicken and egg issue for you) or are extremely convincing, and in all cases can justify a business plan of a large amount (I'd say 1 million should be fine) of sold units for the next few years, most likely including a large pre-paid order.
 
I'd recommend attending a specialized industry show such as Cartes where you can find all vendors and see who's the most interested in your project.

[2112]

ok, I assume you've already explored the "open" alternatives such as Java Card which are easier to design for and want to go native for your projects.

Then 1) is probably not the issue. I'd say less than 10k$ whatever the vendor. Often less than 5k$.

2) is more tricky. It's fine for a small shop if you can show references (preferred use case, but it might be a chicken and egg issue for you) or are extremely convincing, and in all cases can justify a business plan of a large amount (I'd say 1 million should be fine) of sold units for the next few years, most likely including a large pre-paid order.
 
I'd recommend attending a specialized industry show such as Cartes where you can find all vendors and see who's the most interested in your project.

Thank you very much. I was mostly courious if the situation had changed since the last time I researched it. Only costs went somewhat down, other than that things haven't changed much.

[btchip]

In case some bitcoiners are attending Mobile World Congress 2013, I'll have a few samples available on the 26th and 27th with an intermediate firmware version (faster than the one distributed at 29c3, but without the anti malware features) - just leave a message.

Then development of the new firmware will resume faster, hopefully

[btcusr]

Is it possible to use two different keys in such a way that either of those keys could sign?
Just for the single key failover case / redundancy.
Hope it would act like duplicate door keys..

[btchip]

Is it possible to use two different keys in such a way that either of those keys could sign?
Just for the single key failover case / redundancy.
Hope it would act like duplicate door keys..

yes, as long as two chips share the same context (triple DES) keys, they can be exchanged.

[yokosan]

Contact Kim Dotcom. He has a job for you.

[btchip]

Contact Kim Dotcom. He has a job for you.

don't worry, we thought about that

(this space reserved for a not really useful but fun device picture)

[drazvan]

Hey guys, I've sent you an email (contact (at) btchip (dot) com ). I think I might have a solution for your problem with the fact that the smartcard doesn't have a display and keys. We have a service called VeriFi (https://www.veri.fi) that receives HTTP requests and calls you on the phone to ask you a question (it could be like "Rosie's shop wants to charge you $5 for shoes, do you want to authorize this transaction?" - you would say "yes" or "ok" and the transaction would go through. If you say anything else, it doesn't.

So if your BTChip smartcard asks the card reader to establish an encrypted (or maybe just signed) channel to our server, it can ask it to call the user and tell him the amount and the merchant name, then get his/her authorization to proceed and sign the transaction.

It could work something like this:
1. Terminal sends AMOUNT + MERCHANT_NAME to the smartcard.
2. Smartcard generates a signed request like "smartcardid:AMOUNT:MERCHANT_NAME:nonce:signature" and sends it to the terminal.
3 .Terminal sends request to VeriFi (it can't modify it, it's signed)
4. VeriFi calls the user, gets his response, then sends back "smartcardid:nonce:ANSWER:server_signature".
5. Terminal sends the signed response back to the smartcard.

Even if the terminal is hostile, it can't modify a request. Even if it replays a request, VeriFi will ask the question again but the answer will be useless since the smartcard will compare the returned nonce with the one it expects - so it won't accept the answer.

So it would essentially be like your smartcard wallet calling you on the phone to authorize the transaction. Pretty cool, huh?

Razvan

[btchip]

Yep, thanks for your inputs, that's interesting. I should browse that e-mail as often as I browse this forum

However I'd like the service to be as simple, cost effective and standalone as possible - so the new (to be published soon) specification provides a somewhat similar scheme, which is intended to be validated by a smartphone application in order to check the payment destination, amount, fees and change, to avoid having a malware gaming any part of the protocol - as well as profiles to automatically authorize transactions fitting authorized limits / authorized addresses.

I'll definitely keep your proposal in mind in case the smartphone use case proves too difficult to deploy though.

[btchip]

Specification updated to 1.4.2, which should be really close to the really final thing (yes really ) - featuring full transaction control, done automatically for user specified limits or with a manual confirmation from another device (such as a smartphone).

BTChip specification 1.4.2

Also, two of us will exhibit at Bitcoin 2013, don't hesitate to drop by, say hi and grab a sample.

[btchip]

Random show teaser 

[btchip]

For those who picked a sample at Bitcoin 2013 during the last 2 days, thanks - for the others, there is still plenty of time to pick one today

I've updated the http://www.btchip.com/wallet.html page of the website so that you can check if the browser Plug-in is working fine for you.

After enough people report I'll make a dedicated announcement as this can be used by all other HID based wallets (let's keep the spam level to a minimum for the time being)

Very impatient developers might also peek at the /jsapi directory on the website, at your own risks 

[btchip]

Test suite added for developers wanting something to play with  http://www.btchip.com/developer.html

[btchip]

Sample offline wallet posted for developers (only if you're ready to play with transactions directly) - http://www.btchip.com/wallet-developer.html - stay tuned for the real user friendly version 

[btchip]

The browser plug-in has been updated to fix Windows-64 issues, it should work fine now.

[Luke-Jr]

Hmm, I presume you're aware Bitcoin usually needs at least 2 outputs (and often more than 1 input) for transactions.. is that broken as implied by "Only a single point-to-point output"?

It would make sense to support sending to any arbitrary script equally - not just the (semi-deprecated!) pubkeyhash form

It might also be wise to *not* expose IMPORT PRIVATE KEY to untrusted users (at all), as this is an attack vector in ordinary wallets.

[btchip]

Hmm, I presume you're aware Bitcoin usually needs at least 2 outputs (and often more than 1 input) for transactions.. is that broken as implied by "Only a single point-to-point output"?

Sure, we might want to make this more clear in the specification then - I meant "one chosen no-change output" here. So one change output, one payment output, and multiple inputs are supported.

It would make sense to support sending to any arbitrary script equally - not just the (semi-deprecated!) pubkeyhash form

you can do that, but then lose the anti-malware protection you get when the card is able to check the content of the script - of course I'll gladly look into any better future proof format you can point me to provided it can be parsed easily - plus it'd be a great opportunity to test a firmware update

It might also be wise to *not* expose IMPORT PRIVATE KEY to untrusted users (at all), as this is an attack vector in ordinary wallets.

Which attack vector do you have in mind ? This function is used to work with an existing transaction (i.e. encrypt the private key with the context key so that the chip can sign a new input with it), but cannot be used to dump a private key.

[Luke-Jr]

It would make sense to support sending to any arbitrary script equally - not just the (semi-deprecated!) pubkeyhash form

you can do that, but then lose the anti-malware protection you get when the card is able to check the content of the script - of course I'll gladly look into any better future proof format you can point me to provided it can be parsed easily - plus it'd be a great opportunity to test a firmware update

How does checking the form of the script provide any malware protection? Malware can certainly use pubkeyhash just as easily as other scripts...
BIP 16 describes the current P2SH standard.

It might also be wise to *not* expose IMPORT PRIVATE KEY to untrusted users (at all), as this is an attack vector in ordinary wallets.

Which attack vector do you have in mind ? This function is used to work with an existing transaction (i.e. encrypt the private key with the context key so that the chip can sign a new input with it), but cannot be used to dump a private key.

Perhaps I'm misunderstanding your function here, but the attack vector on wallets would be something along the lines of:

• Put some worthless amount on a key, trick some user to import it to "redeem" the key (or, in this case, just import it to some unsuspecting smartcard in "untrusted" mode!).
• Later, initiate a payment to said person. But instead of the address they give you, send it to the one you tricked them into importing.
• Play dumb and have the user/merchant verify your payment manually. It's in the wallet, so it's theirs, right?
• Attacker receives his goods, and uses his copy of the private key to redeem all the funds back to an address he controls exclusively, out from the user/merchant's wallet.

[btchip]

How does checking the form of the script provide any malware protection? Malware can certainly use pubkeyhash just as easily as other scripts...
BIP 16 describes the current P2SH standard.

Thanks, that'll be easy enough.

In untrusted mode, we know the card always produces the same (simple) script given inputs + change address + payment address and does not take an arbitrary input script to sign, so this protects against something that would ask to sign "pay to X or oh by the way to me as well" instead of "pay to X" - granted this would likely be rejected by the client today, but I had the feeling it was safer to whitelist rather than to think about all possible scripting abuse here. We can still do that with BIP 16 by forcing the script we'll sign.

And we can add a mode in which we still check the inputs and the amount / fees / change involved then have the user verify the provided script, the same way we have them optionally check the amount / fees / change / change address today with a signature of what the card has seen, for more open use cases.

• Put some worthless amount on a key, trick some user to import it to "redeem" the key (or, in this case, just import it to some unsuspecting smartcard in "untrusted" mode!).
• Later, initiate a payment to said person. But instead of the address they give you, send it to the one you tricked them into importing.
• Play dumb and have the user/merchant verify your payment manually. It's in the wallet, so it's theirs, right?
• Attacker receives his goods, and uses his copy of the private key to redeem all the funds back to an address he controls exclusively, out from the user/merchant's wallet.

oh sure, makes sense. never forget good old social engineering I'll make sure this is disabled in untrusted mode (I think it already is but it can't hurt to double check and document it).

[btchip]

The specification has been bumped to BTChip Specification 1.4.3 (github link) to support submitting a transaction to a P2SH address.

You can use this great opportunity to suggest new features and stuff you'd like to change, even if there's almost no space left  

[crazy_rabbit]

So whats up with the BTChip project? I still have my "0.1" BTC cards from the conference, but the website looks more or less dead. Whats up with the project? I really like the idea- but has there been any progress?

[jonasbits]

So whats up with the BTChip project? I still have my "0.1" BTC cards from the conference, but the website looks more or less dead. Whats up with the project? I really like the idea- but has there been any progress?

I really like this concept, is there any progress?

[btchip]

Oops. Guess I should check that thread more often

There have been some thoughts about improving the malware detection, which will be available in the next firmware version.

Also, a lot of under the hood upgrades of the generic smartcard platform used to host BTChip (among those : code saving, RAM saving, more code saving, more RAM saving, migration from generic HID to WinUSB, did I mention code saving ?), and of course, significant yak shaving, such as an open source Java Card implementation that can be used for developers to play with the concept.

The biggest remaining task right now is a clean integration into a few clients - we don't want to go on sale without that, and we need to find more free time to do it properly. Also yes, the website needs some serious redesign - it started out fine, then I touched it 

So, sorry guys, we're not dead, just a bit slow on the bitcoin topic.

[btchip]

Big specification update at the usual location - BTChip Specification 1.4.3 (github link) (yes, the version isn't bumped yet)

Main new features :

• HD Wallets
• New anti-malware method, using the dongle as a keyboard (similar to the Java Card contactless notification option)
• WinUSB support for integration in Chrome-family browsers without external plugins
• Partial transactions signing (for CoinJoin oriented projects, with still some user validation)

And a new form factor



To be hopefully finalized during 30c3, come and get your sample if it's ready  

[btcusr]

All the best!

[nogreedy]

Hello,

and what about your competitor, Trezor?

http://www.bitcointrezor.com/

[btchip]

I think there is plenty of space for multiple secure hardware wallet implementations

Trezor is fully open source while we are with open specifications.

We are better protected than trezor against side channel attacks.

Trezor has a screen and buttons while we plan to be the cheapest secure hardware wallet available

so feel free to choose the best implementation for you, or even better, pick both

That said I fully support the trezor project, ordered one, and I'm typing this while waiting for their 30c3  presentation

[crazy_rabbit]

I'm still waiting on when I can redeem my 0.1 BTC chips!

[btchip]

I'm still waiting on when I can redeem my 0.1 BTC chips!

oh ok, then I think I should have been a bit more clear with what what distributed, sorry - the printed amount was mostly to show what could be done with the product - none of the chips contained anything else that the (now outdated) code.

[btchip]

A sample desktop video of an integration in KryptoKit : http://www.hardwarewallet.com/video.html (webm, so Chrome only ... just like KryptoKit  )

This shows a bit better how the second factor works

[apetersson]

A sample desktop video of an integration in KryptoKit : http://www.hardwarewallet.com/video.html (webm, so Chrome only ... just like KryptoKit  )

This shows a bit better how the second factor works

how exactly did you obtain the pin that you had to enter later?

[btchip]

A sample desktop video of an integration in KryptoKit : http://www.hardwarewallet.com/video.html (webm, so Chrome only ... just like KryptoKit  )

This shows a bit better how the second factor works

how exactly did you obtain the pin that you had to enter later?

and that's the interesting question

it's obtained by removing and inserting the dongle again, which could not be shown just by recording the desktop. It then re-enumerate as a HID keyboard and types the transaction summary + unique transaction PIN (to be done on the same computer or on a different device supporting HID keyboard depending how confident/paranoid you feel  )

[Cactusizer]

Good job.

[jonasbits]

This looks very good,

would it be possible to prepare a "emergency" transaction where the funds is sent to a cold storage paper wallet?

In case your Btchip is lost or stolen, you could have multiple ways to send this "emergency" transaction. On small problem is that this needs to be done every time you move coins in or out of your wallet.

[btchip]

This looks very good,

would it be possible to prepare a "emergency" transaction where the funds is sent to a cold storage paper wallet?

In case your Btchip is lost or stolen, you could have multiple ways to send this "emergency" transaction. On small problem is that this needs to be done every time you move coins in or out of your wallet.

The good thing is that thanks to HD Wallets, you can do that off card - in case it's lost, you can enter your seed into a client that'll iterate through all indexes of the wallet up to a given number, check the balances of all addresses against the blockchain, then prepare the transaction.

[FlappySocks]

Any news? 

[btchip]

Any news?  

Yes, an upcoming firmware update in a few days adding most of the missing features, C test code, and new APIs for multisignature and prepaid cards as we're discussing distribution deals with a few exchanges / marketplaces, right for the opening of "La Maison du Bitcoin" (a new physical french hub for bitcoin startups) and Bitcoin 2014 (where I'll be on the Prismicide booth, BTChip being used as a prototype of that card)

Getting closer to the commercial launch, for real this time you'll still be able to grab a few samples at the conference though

[FlappySocks]

Could the btchip be used like the Yubikey for web site 2fa?  If so, I think this would give additional value to my own customers.

[btchip]

Yes, you could do something closer to Fido than OATH (so better, IMHO) with BitID as the new version supports message signing.

It requires installing a browser extension though - it's not designed to just type OTPs (we have another unrelated product doing that)

[spring.yu]

Is it possible to use two different keys in such a way that either of those keys could sign?
Just for the single key failover case / redundancy.
Hope it would act like duplicate door keys..

yes, as long as two chips share the same context (triple DES) keys, they can be exchanged.

If so , did it safe?

[Search]

the same concern

[btchip]

the same bot ?

aside from necroreplying, updated specifications for 1.4.4 have been published, as well as C APIs

[btchip]

Added C API documentation and multisignature samples on https://github.com/btchip/btchip-c-api

[btchip]

Video how to http://youtu.be/jXigX_IyruQ - thanks Fred

[btchip]

Install video http://youtu.be/KaC74ULmfOI

Update how-to video http://youtu.be/iVdovocPbgA

[doof]

[Peter R]

Cool project!

I am new to this thread, so please excuse me if I'm slow but I want to make sure I understand the basic idea behind BTChip:

1. The smartcard stores a "context key" that is only known by the smartcard.

2. The smartcard can:
   a. read a cleartext private key, and return the cleartext public key and the "context key"-encrypted private key;
   b. generate a new keypair internally, and return the cleartext public key and the "context key"-encrypted private key;

3. The smartcard can also:
   a. decrypt a "context key"-encrypted private key (from the user) and use that to sign a hash (also from the user)
   b. verify an ECDSA signature.

I know there is a lot of advanced functionality, but did I get that right?  This has applications (like you point out) such as signing bitcoin transactions on a local machine in such a way that the private key decryption and hash signing is done "offline."  Another application is to produce signatures at brick-and-mortar stores to authorize certain transactions (assuming the merchant could determine a valid cyphertext private key).


I have a few questions:

You mentioned using the ST23YT66 secure smartcard microcontroller.  Was this chosen instead of a regular microcontroller so that you could take advantage of the security provisions, cryptographic primitives and user identification methods without having to write your own?  

You mentioned that "the smartcard wallet implementations will rely on GlobalPlatform concepts to define how keys are inserted into the card, authenticate the user to validate access rights to access specific keys, optionally authenticate the card responses."  Is this basically ISO/IEC 7816?  I can understand adhering up to ISO/IEC 7816-4 (ADPUs) and in your case ISO/IEC 7816-12 (USB), but since a custom reader application will always be required, is there a need to adhere to any other sections?  

Basically, I am wondering if it would be possible to start with something like an ARMCore MCU, write firmware to support up to ISO/IEC 7816-4 (APDUs), add whatever cryptographic operations you need to Trezor-Crypto, and then define your own spec for "how keys are inserted into the card, authenticate the user to validate access rights to access specific keys, etc."  This would allow everything to be open-sourced too, if that was your desire.  At the same time, I think you'd still be compatible with the majority of smart-card readers currently deployed in the field (as they'd need an update to their application software anyways to interface with BTChip).  

[btchip]

(Fry really wants to buy something)

I plan to keep talking while taking your money, how cool is that ?  

Cool project!

I am new to this thread, so please excuse me if I'm slow but I want to make sure I understand the basic idea behind BTChip:

No problem, welcome ! Also the whole thread is quite outdated and the technical description got stuck 2 years in the past, but let's see

The best up to date references are the API https://btchip.github.io/btchip-doc/bitcoin-technical.html and C API https://github.com/btchip/btchip-c-api

1. The smartcard stores a "context key" that is only known by the smartcard.

This was the old architecture when I couldn't generate BIP 32 keys. Now the "context key" only applies to "trusted input" - only a way to bind an amount to a prevout by having the card sign a specific output of a transaction.

2. The smartcard can:
   a. read a cleartext private key, and return the cleartext public key and the "context key"-encrypted private key;
   b. generate a new keypair internally, and return the cleartext public key and the "context key"-encrypted private key;

yup. Still, for the old version.

3. The smartcard can also:
   a. decrypt a "context key"-encrypted private key (from the user) and use that to sign a hash (also from the user)
   b. verify an ECDSA signature.

Still correct (also still for the old version). The new version fully parses the transaction.

I know there is a lot of advanced functionality, but did I get that right?  This has applications (like you point out) such as signing bitcoin transactions on a local machine in such a way that the private key decryption and hash signing is done "offline."  Another application is to produce signatures at brick-and-mortar stores to authorize certain transactions (assuming the merchant could determine a valid cyphertext private key).


I have a few questions:

You mentioned using the ST23YT66 secure smartcard microcontroller.  Was this chosen instead of a regular microcontroller so that you could take advantage of the security provisions, cryptographic primitives and user identification methods without having to write your own?  

yes, especially because it is hardened by design. also because we write operating systems for smartcards during the bitcoinless parts of our professional lives  

You mentioned that "the smartcard wallet implementations will rely on GlobalPlatform concepts to define how keys are inserted into the card, authenticate the user to validate access rights to access specific keys, optionally authenticate the card responses."  Is this basically ISO/IEC 7816?  I can understand adhering up to ISO/IEC 7816-4 (ADPUs) and in your case ISO/IEC 7816-12 (USB), but since a custom reader application will always be required, is there a need to adhere to any other sections?  

this was done because parts of an old version of the operating system was reused for a quick prototype - it's no longer the case now.

Basically, I am wondering if it would be possible to start with something like an ARMCore MCU, write firmware to support up to ISO/IEC 7816-4 (APDUs), add whatever cryptographic operations you need to Trezor-Crypto, and then define your own spec for "how keys are inserted into the card, authenticate the user to validate access rights to access specific keys, etc."  This would allow everything to be open-sourced too, if that was your desire.  At the same time, I think you'd still be compatible with the majority of smart-card readers currently deployed in the field (as they'd need an update to their application software anyways to interface with BTChip).  

yes, and that's definitely the approach we're taking with one part of http://www.prismicide.com/ - the other part being a 95.8% (insert another random % here) open Operating System working on a regular smartcard, which still has some benefits considering getting a sane crypto stack that's not trivially vulnerable to SPA/DPA is a hard problem, both on the IP and technical side, and preventing trivial information recovery from a generic purpose microcontroller that you can touch is also a hard problem

[btchip]

Cleaned up the first post a bit, posted a new firmware specification, added JS and Python APIs

[btchip]

For a limited time, BTChip is available as a Prismicide perk - https://www.indiegogo.com/projects/prismicide-world-s-most-secure-bitcoin-hardware-wallet-and-anti-prism-platform - it'll then be possible to buy it directly from our commercial website, or through distributors

[btchip]

Shop is now open for everybody - get 2 cards for 20 €, payable in bitcoins @ https://buy.hardwarewallet.com

[flipperfish]

Shop is now open for everybody - get 2 cards for 20 €, payable in bitcoins @ https://buy.hardwarewallet.com

How long do you plan to offer the 2 for 1 deal? 

[btchip]

around 1 month

[zefir]

Just ordered one after reading the related CoinDesk article - without knowing if it is exactly what I expect, but the API looks like you can waste quite some time playing with it.

@OP: since this thread is where people are led to from your website, you should check your posts for outdated media / data. Most of the pictures and videos you link in your posts do not exist any more.


Good Luck with the sales.

[btchip]

Thanks - I think you won't get bored with it 

And yes, I should tidy up this thread a bit, you're right.

[Mitchell]

Well, I couldn't resist so I ordered a HW-1 Hardware Wallet. I hope it arrives quickly, so that I can take some pictures of it and try it out
Just wondering, is the Hardware Wallet engraved or something like that (like they did with the Trezor), since it's just launched?

[btchip]

Nope sorry, we don't have a special edition at launch, but we'll probably have some limited editions from time to time.

It should reach you quickly if you're in the EU, not so quickly outside

[inBitweTrust]

interesting product... will pick up a few...

[btchip]

thanks ! Considering a few starts at 2, everyone gets to have a few 

[sdersdf2]

nice to see positive innovation on this forum.

[Muhammed Zakir]

Great project! Looking forward about it! I live in India. Can I use standard shipping? Is there any way to import private key? I mostly use vanity address, so it would help me.

  ~~MZ~~

[Mitchell]

My payment has confirmed. How long does it take before it gets shipped out and what is the average shipping time to The Netherlands? Sorry, I am really excited, haha.

[btchip]

Great project! Looking forward about it! I live in India. Can I use standard shipping? Is there any way to import private key? I mostly use vanity address, so it would help me.

  ~~MZ~~

Thanks ! You can always try standard shipping, absolutely no warranties as I've never tried a standard delivery to India

You cannot import a private key in regular wallet mode to avoid losing keys, but you can play with it in developer mode if you want (no wallet is supporting this mode for the time being though) - we might support sweeping a few keys in a future release if we get enough code space to add that feature.

My payment has confirmed. How long does it take before it gets shipped out and what is the average shipping time to The Netherlands? Sorry, I am really excited, haha.

Shipments done today + those lagging behind should be done tomorrow - we have a bit of a backlog that should be solved by then.

[ticoti]

this attracts me but actually Its uses are not clear
I understand this stores the private key,but when using it,is it neccessary that the private key is stored anywhere? I mean,in the pc that you use or online.
can you erase the wallet and create new wallet? Can you use more this store more than one private key at the same time?

[btchip]

this attracts me but actually Its uses are not clear
I understand this stores the private key,but when using it,is it neccessary that the private key is stored anywhere? I mean,in the pc that you use or online.
can you erase the wallet and create new wallet? Can you use more this store more than one private key at the same time?

it's a Hierarachical Deterministic wallet - it derives an "infinity" of keys based from a seed. The whole point is that any private key never leaves the device. The seed leaves the device at one point to let you backup it in case you lose it, then it can never be accessed.

[webbrowser]

Can this be used on an Android smartphone? ie, connect to phone via USB OTG cable. Any supported wallets on Android?

[btchip]

Can this be used on an Android smartphone? ie, connect to phone via USB OTG cable. Any supported wallets on Android?

Yes. It is supported by GreenAddress today - on https://play.google.com/store/apps/details?id=it.greenaddress.cordova (Play Store) or https://f-droid.org/repository/browse/?fdid=it.greenaddress.cordova (F-Droid)

[Mitchell]

Yes. It is supported by GreenAddress today - on https://play.google.com/store/apps/details?id=it.greenaddress.cordova (Play Store) or https://f-droid.org/repository/browse/?fdid=it.greenaddress.cordova (F-Droid)

That is awesome! My phone has OTG support, but I never used it, because I didn't need it. Now I have a purpose for it.

[btchip]

yeah, most recent Androids should support OTG 

[Mitchell]

yeah, most recent Androids should support OTG 

Yeah, they should. I didn't even know my phone had it until I used needed to connect one of my USB Storage keys to it. Also, please ship faster. You are making me way to excited for this little gadget.

[btchip]

Sorry, backlog will be done today 

[ticoti]

this attracts me but actually Its uses are not clear
I understand this stores the private key,but when using it,is it neccessary that the private key is stored anywhere? I mean,in the pc that you use or online.
can you erase the wallet and create new wallet? Can you use more this store more than one private key at the same time?

it's a Hierarachical Deterministic wallet - it derives an "infinity" of keys based from a seed. The whole point is that any private key never leaves the device. The seed leaves the device at one point to let you backup it in case you lose it, then it can never be accessed.

So the seed is store anywhere else? Like computer or online server? Or only in the key?

[webbrowser]

Looks great.

I noticed that you charged 20% VAT even though I'm outside of the EU. Is this correct?

[btchip]

Looks great.

I noticed that you charged 20% VAT even though I'm outside of the EU. Is this correct?

Yes, it's a personal sale (unless you're a business, in which case you shouldn't order here according to the Terms & Conditions that nobody is reading anyway  ), so it's fine to apply the VAT policy of the local country up to a given volume (usually in the 100k€ range, so we're not there yet in two days, maybe after a few more days)

[btchip]

this attracts me but actually Its uses are not clear
I understand this stores the private key,but when using it,is it neccessary that the private key is stored anywhere? I mean,in the pc that you use or online.
can you erase the wallet and create new wallet? Can you use more this store more than one private key at the same time?

it's a Hierarachical Deterministic wallet - it derives an "infinity" of keys based from a seed. The whole point is that any private key never leaves the device. The seed leaves the device at one point to let you backup it in case you lose it, then it can never be accessed.

So the seed is store anywhere else? Like computer or online server? Or only in the key?

the seed (or rather the first derivation of the seed) is stored into the card and nowhere else after it is displayed the first time.

[webbrowser]

Looks great.

I noticed that you charged 20% VAT even though I'm outside of the EU. Is this correct?

Yes, it's a personal sale (unless you're a business, in which case you shouldn't order here according to the Terms & Conditions that nobody is reading anyway  ), so it's fine to apply the VAT policy of the local country up to a given volume (usually in the 100k€ range, so we're not there yet in two days, maybe after a few more days)

I see.  It is my understanding that exported goods are exempt from VAT.

[Muhammed Zakir]

Great project! Looking forward about it! I live in India. Can I use standard shipping? Is there any way to import private key? I mostly use vanity address, so it would help me.

  ~~MZ~~

Thanks ! You can always try standard shipping, absolutely no warranties as I've never tried a standard delivery to India

You cannot import a private key in regular wallet mode to avoid losing keys, but you can play with it in developer mode if you want (no wallet is supporting this mode for the time being though) - we might support sweeping a few keys in a future release if we get enough code space to add that feature.

Can you tell me ETA of the shipment? I just want to enter the address according to it.

  ~~MZ~~

[btchip]

Can you tell me ETA of the shipment? I just want to enter the address according to it.

  ~~MZ~~

According to french postal service, 1 week to deliver to India. So this is better than BFL, but with absolutely no commitment.

(if you already ordered, then PM me the reference and I can tell you if it was shipped on our side - all orders passed before the 12th were shipped)

[btchip]

it would be nice to be able to buy a card with bitcoin on it at the local stores

you already have some tested ways to buy a prepaid HW.1 card which are described in the specification - either remotely, by locking the card to a PIN before it's sent (see 'forward setup' in the setup command), or locally, by splitting the seed in two parts to make sure the merchant is honest (see 'point of sale' in the setup command)

buying a prepaid card immediately available in a store is a bit more complex, because you have many parties to protect against, but it's quite possible to design a custom version for a specific vendor scheme.

[ticoti]

when is expected to come out an app out of chrome working with btchip?
i think electrum is expected soon

is there any way out of btchip to restore the btchip seed?

[btchip]

when is expected to come out an app out of chrome working with btchip?
i think electrum is expected soon

It's done already, just not released yet, but it works if you get it from github.

is there any way out of btchip to restore the btchip seed?

You get an option to read the seed right after it's generated, then you can setup the card (or another card) with a seed you provide yourself.

[ticoti]

when is expected to come out an app out of chrome working with btchip?
i think electrum is expected soon

You get an option to read the seed right after it's generated, then you can setup the card (or another card) with a seed you provide yourself.

I mean,imagine I don't have any card and I want to restore the seed,what can I do?

[btchip]

you can use it with any software supporting deterministic wallets and the right derivation path (if you're using GreenAddress or Electrum, you can just restore the seed into a software wallet or another card)

[ticoti]

you can use it with any software supporting deterministic wallets and the right derivation path (if you're using GreenAddress or Electrum, you can just restore the seed into a software wallet or another card)

So it just would be to copy the hw1 seed to a already existing electrum wallet when creating one,isn't is?

[Mitchell]

I have received my HW.1. I'm installing the drivers as we speak, let's hope this works

[btchip]

you can use it with any software supporting deterministic wallets and the right derivation path (if you're using GreenAddress or Electrum, you can just restore the seed into a software wallet or another card)

So it just would be to copy the hw1 seed to a already existing electrum wallet when creating one,isn't is?

yes, with some minimal manual work (HW.1 outputs an hexadecimal seed that you'll need to convert to a mnemonic)

I have received my HW.1. I'm installing the drivers as we speak, let's hope this works

Good  sorry the start page is not ready yet, I'm waiting for catchy videos, but GreenAddress setup should be straightforward - in any case don't hesitate to ask around if you're stuck.

[Mitchell]

Good  sorry the start page is not ready yet, I'm waiting for catchy videos, but GreenAddress setup should be straightforward - in any case don't hesitate to ask around if you're stuck.

First of all, redirect http://start.hardwarewallet.com to the https one. I got a nice error page because I visited the http one

Also, I have troubles with keeping the thing inside my USB port... It keeps falling out/losing the connection because it moved. It's not thick enough to stay in..

[btchip]

Good  sorry the start page is not ready yet, I'm waiting for catchy videos, but GreenAddress setup should be straightforward - in any case don't hesitate to ask around if you're stuck.

First of all, redirect http://start.hardwarewallet.com to the https one. I got a nice error page because I visited the http one

whoops, done.

Also, I have troubles with keeping the thing inside my USB port... It keeps falling out/losing the connection because it moved. It's not thick enough to stay in..

mmh, that's weird, how did you fold the clip ? do you have some picture ?

[Mitchell]

Uhm, you need to keep the clip on the HW.1? Because well... I broke it off.

[btchip]

Yes, the clip is basically what makes it thick enough to stay in the port  

you should be able to clip it back

[Mitchell]

Yes, the clip is basically what makes it thick enough to stay in the port 

you should be able to clip it back (picture coming soon)

You can clip it back and breaking it off is quite hard. In my defence, I really thought I had to remove it.


It "works"

[btchip]

nicely done, we should package it with fine french knives for the collector edition

[Mitchell]

nicely done, we should package it with fine french knives for the collector edition

Hahaha. You should! It's a great solution
I am glueing it back together with superglue, so it should be fine after this "operation". Well, the drivers worked and my computer did recognize the HW.1 so I am going to do some more testing and write up a review (including pictures + my stupidity) as soon as I am done.

[btchip]

thanks ! If you're testing on Windows, you'll probably miss the seed the first time it's typed as Windows takes some time to associate the second driver. In this case, just unplug / plug back twice (that's the kind of details that'll be mentioned on the start page)

[Mitchell]

Just a quick question, how do I setup the HW.1 wallet? With the KryptoKit Bitcoin Wallet (Unofficial HW1 BUILD)? I'm assuming it is, but I prefer to be sure.

[HostFat]

You should give a try to greenaddress.it

[btchip]

It's better to do it with GreenAddress or Electrum as this one is going deprecated. GreenAddress (from the Chrome application) should be easier.

[Mitchell]

You should give a try to greenaddress.it

I am using GreenAddress.it right now (Chrome), but it says that my dongle isn't setup yet, which is why I asked. I want to have everything straight for my review, so that it's fair (and informative as well)

[btchip]

Yes, it will set it up. When you create your account you'll have the option to generate the seed on the dongle.

[Mitchell]

Ah, I see. So, generate a new wallet and let the dongle generate the seed itself. Got it.

EDIT: Sorry for all these questions. Never used hardware wallets in my life.

[btchip]

Don't apologize and keep the questions going, it's good to know what can be improved 

[Mitchell]

BitcoinInformation's review of the HW.1

Packaging

The cards arrived in a plain letter, which I like and dislike at the same moment. I love simplicity, but on the other hand, having some kind of casing or box would have been awesome as well. This might be safer, since mail isn't handled that carefully (nor carefull at all at some points).

The cards themself
The cards look amazing if you ask me. It feels like someone spend a lot of time designing them and it paid off in my opinion. These look like something you could buy in a store, bring home and get started with (and I would love to see something like this).

I snapped one of the cards out of its "casing" and it felt nice and sturdy, even though it's tiny. After that I broke off the clip part and put the HW.1 inside my USB port. It wasn't recognized by Windows and it kept falling out. I asked btchip about this and he told me that the clip should be folded. At that moment I realized that I made a mistake, but some superglue, luckily, fixed it.

Using the HW.1
Setting up the HW.1 is quite easy, once you get that you need to create a new wallet and use the HW.1 to generate the seed (which will be stored on the HW.1 as well). I first tried to use the KryptoKit that was made for the HW.1, but I was told that this was outdated and not recommended, so I switched to GreenAddress.it (which is the recommended software at this moment).

I first installed the necarrasy driver from the website, after which I downloaded the GreenAddress.it extension for Chrome and selected that I wanted to create a new wallet. I plugged in the HW.1 wallet and it was quickly recognized by Windows and an extra option appeared on the GreenAddress.it wallet creation menu.

I set up a wallet and was able to login with the HW.1 wallet, so that worked perfectly. The next step is testing it with my Android phone (which happened to have OTG). I installed the GreenAddress.it for Android and plugged in my HW.1. It was instantly recognized by Android (4.2.2) and asked me if I wanted to open the GreenAddress.it app. This time I didn't want to create a new wallet, but simply login. It asked me for the Pin Code I set during the Wallet Creation and was then asked if I wanted to logout my computer, because you can only have one session at a time. I accepted that and was logged in successfully.

Conclusion

It's a fun thing to have with a lot of potential. The setup is a bit hard, but the btchip team is working on a startup page, so it should be more clear in the future. I think it's a very handy device for those Bitcoiners that can spend a little.

NOTE: I'm not a professional reviewer and I never will be. Keep that in mind.

[btchip]

thanks, I'll pin that to the first post

[Mitchell]

thanks, I'll pin that to the first post

No problem! I hope you like it. Oh, by the way, I left you your first positive trust feedback

[btchip]

yes it's great   thanks for the trust feedback, I'm not really trusting this feature of the forum given its great history but I guess it can't be harmful

fun story about the packaging, as you probably guessed we're trying to ship at the lowest possible cost, which is 20 grams. Everything was made to reach that ... and we ended up at 21 grams. Which means more soul for the product, but also more failure  

[Mitchell]

yes it's great  thanks for the trust feedback, I'm not really trusting this feature of the forum given its great history but I guess it can't be harmful

It's always good to have if you ask me.

fun story about the packaging, as you probably guessed we're trying to ship at the lowest possible cost, which is 20 grams. Everything was made to reach that ... and we ended up at 21 grams. Which means more soul for the product, but also more failure 

I did guess that yes and damn, that must have sucked when you found out it was just 1 gram to heavy. Not sure what you could do to decrease the weight even more, I would even recommend to increase the weight by adding some stuffing to it. Mail is not always handled like it should. But well, that is my personal opinion

[btchip]

I think that unless we find an awesome deal with DHL, UPS, Fedex and the like (which is somewhat unlikely) we'll stick with national post, which means that from my previous experience it's best to stick to the smallest possible package to maximize the chances of quick delivery (or delivery at all - although I'm eagerly waiting for the initial US delivery reports regarding our next decisions) - also it's quite hard to damage the cards, if you're stuck by lightning they'll probably outlive you 

[Mitchell]

I think that unless we find an awesome deal with DHL, UPS, Fedex and the like (which is somewhat unlikely) we'll stick with national post, which means that from my previous experience it's best to stick to the smallest possible package to maximize the chances of quick delivery (or delivery at all - although I'm eagerly waiting for the initial US delivery reports regarding our next decisions) - also it's quite hard to damage the cards, if you're stuck by lightning they'll probably outlive you 

Well, you make a legitimate point there. Shipping can be really expensive and the cards survived the trip to here, so it should be all good. Anyway, do as you think is best and keep it up. You are doing a great job!

[bitllionaire]

great review bitcoininformation!

it would be great that the hw1 had its own enviroment like trezor with mytrezor

[btchip]

it would be great that the hw1 had its own enviroment like trezor with mytrezor

that's not planned - as it, not in a production environment, rather as an integration test. It's good enough to get additional third party wallets support, in my opinion.

[HostFat]

Will you ever make an NFC version?

[dillpicklechips]

Will you ever make an NFC version?

If not, there is always Helioscard too.

[btchip]

Will you ever make an NFC version?

it's very likely. We already have picked a vendor that can do USB + NFC in one single package (our trademark  ), and might even have a test form factor. Let's see how popular this can be and how it works (NFC might also not prove to be reliable enough, power stability wise)

If not, there is always Helioscard too.

that might be right when they have a specification, an HD Wallet, deterministic signatures and proof that the card understands what it's signing, at least to be able to use some hard limits such as maximum amount / maximum fees / maximum change if not using a second factor to display the full transaction information (which is totally doable with NFC only if you check the 'open source' link in my signature).

sorry, I have huge respect for Trezor and what they built from the ground up only with community roots, but I'm going to go back to my old trolling self on Helioscard as we obviously come from the same world  

[gabridome]

If you guys are interested I also hve made a personal review of the product here.

[btchip]

yes, already in first post, thanks

[Muhammed Zakir]

It is telling that order is expired even after sending BTC. Can you tell me why it is showing like that? Is it because of the confirmation? Will it be okay after it get some confirmations? Order reference : 06e84be6-4dfc-454f-8f8f-6be1f368f521 . TX : 0fa9d42f3704b22796cd7c494d0dfa4de236f401de5b9fbc1cb26049ba0e2013. Thanks!

  ~~MZ~~

[mmeijeri]

The firmware update for the 64 bit Windows drivers doesn't work, the zip file appears to be an HTML page saved under the wrong name. I also noticed that the FAQ is out of date, it says that the firmware cannot be updated.

[btchip]

It is telling that order is expired even after sending BTC. Can you tell me why it is showing like that? Is it because of the confirmation? Will it be okay after it get some confirmations? Order reference : 06e84be6-4dfc-454f-8f8f-6be1f368f521 . TX : 0fa9d42f3704b22796cd7c494d0dfa4de236f401de5b9fbc1cb26049ba0e2013. Thanks!

  ~~MZ~~

yes, that transaction seems weird. Was it "pushed" by blockchain.info ? It seems that's the only reference seeing it.

The firmware update for the 64 bit Windows drivers doesn't work, the zip file appears to be an HTML page saved under the wrong name. I also noticed that the FAQ is out of date, it says that the firmware cannot be updated.

the driver part should be fixed, thanks

[mmeijeri]

the driver part should be fixed, thanks

Thanks! I've installed the new driver, but I'm not sure how to upgrade the firmware with it.

[btchip]

This topic exclusive   https://firmwareupdate.hardwarewallet.com - let me know how it goes.

If you have an old firmware, you'll probably need to retry a few times before it works.

[Mitchell]

This topic exclusive  https://firmwareupdate.hardwarewallet.com - let me know how it goes.

If you have an old firmware, you'll probably need to retry a few times before it works.

Firmware update 1.4.10 successful

So, it worked, for me at least, but I could have the latest firmware already, no idea (and I didn't check before updating). What did firmware update include by the way?

[btchip]

Nothing if you received a fresh card - it's a way to update previously distributed test cards (after the San Jose 2013 conference - I still don't have a clean way to update those) to the latest firmware.

[mmeijeri]

This topic exclusive   https://firmwareupdate.hardwarewallet.com - let me know how it goes.

If you have an old firmware, you'll probably need to retry a few times before it works.

It works!!! I had to try it a couple of times, and reset my PC a couple of times, but it did work eventually. I also had to install the modified KryptoKit first in order to be able to block the device by entering an incorrect PIN three times in a row.

[zefir]

@btchip: do you intend to use this thread also for support, or prefer to be bothered at your dedicated support email address?

I'll start here, since it might be interesting for others - will delete if you prefer it done over other channels.

Received my 2 HW.1 wallets and started playing with them using your btchip-c-api. As a first use case I want to test the recovery of the wallet (e.g. after entering wrong pin 3 times), but fail with interpreting the generated seed. The setup step for a wallet initiated by command

Code:

./btchip_setup "WALLET" "RFC6979" "" "" "31323334" "" "QWERTY" "" "" ""

returns as second factor a 129 digit key, which seems to be a 64 byte hex string followed by a capital X.

Obviously this is not the seed parameter that is expected by the btchip_setup command to restore a wallet.

Not sure if the c-api is kept up-to-date or there is some additional information for developers available (beside the API documentation).


Thanks for feedback.

[btchip]

No problem, you can use this thread, especially for information that's useful for everybody.

The second factor is indeed the 64 bytes seed that you can provide in the setup command.

The documentation might not be up to date regarding the final X, I'll have a look - this was added recently

[SikoSoft]

Sadly, I have not been able to get my BTChip to work.

The setup says everything went fine and that it's ready to use, but when I restart the GreenAddress and try to log in via hardware wallet, it always rejects my pin code. I first tried with a 32 digit number, then a 4 digit; no luck with either. I've reset it various times but no matter what I do, I just cannot log in with it.

I feel caught in a endless cycle of resetting it by pulling it out 3 times, setting it up again and hoping it works. So far no luck.

Anyone else have this issue?

[SikoSoft]

Thought I'd post an update to clarify that I resolved the issue I was having.

I was under the impression when it said the setup was complete... that it was... well, complete. I didn't realize that I had to also continue farther in the process by ticking a box and clicking a button to continue once the hardware was setup. If you abort at the point of only configuring the chip it *will not work*, you need to finish the whole process. This was my goof.

However, I did seem to run into a different snag. In Green Address there is another icon (not pictured in the screen shots posted here) which allows you to use a hardware seed instead of the string of words. The process for configuring the hardware goes smooth, but then it tells you to unplug the chip (so you can backup the seed on another device). At this point, when you put the chip back in and click the button to continue, the process will hang on the logging-you-in part, where it says something about 2FA but just remains frozen saying it is logging you in. I was able to reproduce this each and every time I tried. I suspect there is a problem during this process after it needs you to remove the chip (this is when I suspect the process breaks, when the chip is inserted back in, the app presumably is back to the phase where the hardware is configured but the process wasn't finished so the login fails). It seems to be a catch 22 here.

Has anyone managed to use the hardware seed with success in Green Address?

[mmeijeri]

Has anyone managed to use the hardware seed with success in Green Address?

I did manage to write my existing seed to a freshly blocked and upgraded dongle, but I haven't tried starting with a dongle that already had a seed on it.

[btchip]

works for me 

after you ask for the seed generation you'll end up with this screen



you can then click the "confirm" box then continue

(note that if you read the seed on the same computer, you need to disconnect / connect again the dongle after reading the seed)

Are you going through the same steps ?

[SikoSoft]

Thanks for the response!

I have absolutely no clue what is going on to be honest. I downloaded Fraps so I could record a video of the whole process for you and received inconsistent behavior during my recording. It didn't work the first time, whereas on the second time it did work (I suspected it was because I removed the chip prior to closing the popup that tells you to insert it in another device prior to removing this time around). So I tried once again thinking the problem was that you need to remove the chip prior to closing the popup; this time I left the chip in before closing the popup expecting it not to work.

But it did work. >_<

In any event it is working for me. I'll keep playing around with it and if the same behavior pops up again, I'll post a video showing the whole process.

Thanks again for the help!

[SikoSoft]

And now I am unable to log in.

This is a bummer because I sent myself 0.1 BTC and when I closed the wallet and reopen it, I cannot log in.

I get "Dongle is not setup"

I'm starting to get disappointed here because it's feeling like 0.1 BTC just vanished into thin air.

Is there a way I can recover my private key from the seed? I did save this.

[SikoSoft]

Yup, the frigging thing is... god damn.

0.1BTC up in smoke because the stupid thing is now acting like it isn't set up. I was in the wallet. I was looking at the transaction that came in. I closed the program, reopened it and now the chip is not set up.

I can even attempt the first steps of setting up the chip and it says it is an empty chip.

Can someone please tell me there is a way to use these seeds to recover my key? I haven't seen anything on this which makes me wonder if it's useless altogether.

[btchip]

If you kept the seed backup, yes, it can be recovered. I don't understand how you're reaching that state though (other than by typing invalid PINs in a row).

Are you confortable with Python ?

Here's how you can restore the seed to a dongle with Python after installing https://github.com/btchip/btchip-python and replacing YOUR_SEED by your hexadecimal seed backup, with PIN 1234

Code:

from btchip.btchip import *
from btchip.btchipUtils import *

SEED = bytearray("YOUR_SEED".decode('hex'))

dongle = getDongle(True)
app = btchip(dongle)
app.setup(btchip.OPERATION_MODE_WALLET, btchip.FEATURE_RFC6979|btchip.FEATURE_NO_2FA_P2SH, 0x00, 0x05, "1234", None, btchip.QWERTY_KEYMAP, SEED)

Use the same dongle and if it doesn't work please provide the commands log

also, GreenAddress will add a mechanism to log on with the raw seed and restore the seed to a dongle, so you can directly do it from the web interface.

bottom line, if you keep your seed, your money is never lost.

[SikoSoft]

You are giving me some hope here, as I did in fact save the seed it spit out into my text editor.

I will give this approach a test once I setup python on this machine.

I wasn't clear if you meant I should use the pin as 1234 or if I should replace that with the pin I created as well.

Also, I thought the seed was hexadecimal, however the last character is an X. >_<

The whole string except the last character is hex; is this normal?

[btchip]

Yes, you can skip the X - it just marks the end of the seed, making sure you got everything (I'll update the documentation regarding that)

Then you can use any PIN you want - the PIN protects access to the dongle and is not related to the seed in any way

[vitruvio]

Hi I got some problems trying to login with BTChip option, in Chrome app, sometimes I get an unknown error and no % in access button and sometimes I get " an error force to close your session" or so , and access button reach 100%.





Regards

[btchip]

I'll pass it to GreenAddress to investigate. Did you create the seed on the device or externally ? Should not have any consequence though.

[vitruvio]

I'll pass it to GreenAddress to investigate. Did you create the seed on the device or externally ? Should not have any consequence though.

The seed was created with chrome app and then stored on the device (I have seed and ecncrypted seed) , so I can login without the device and when I try to login with the device I have the problem.

After that I've created a new wallet only hardware wallet seed and now I can login with this new wallet and the old one. So I think the problem was the seed stored that way or the app have problems having same wallet in both systems.

[kdrop22]

Can someone explain to me how this improves the security of GreenAddress. As I am new to BTChip and GreenAddress.

Process to use GreenAddress/BTChip
a) The GreenAddress seed is generated on the live machine.
b) I store a backup of the seed and notedown PIN
c) A copy of the seed is written to the BTChip
d) BTChip is able to sign transactions
e) However, the GreenAddress login can easily be done using the PIN. (without the need for a seed or BTChip). So, I assume the Green address seed is being stored somewhere on my PC.
f) Even if you were to use the BTChip for login. The mnemonic can be easily accessed from the Green address GUI, once the login is accomplished. If it can be accessed using the GUI, I assume the malware can access it as well.

[vitruvio]

This is one way if you use the mnemonic passphrase offered by the app and then you write it to the btchip, with the button "Write to a hardware wallet"



But you can click in the arrows button at the bottom-right of the mnemonic passphrase (then you can see "Click to use hardware wallet seed instead", see picture above ) and then the seed will only be stored in the btchip. You have to configure your Btchip or empty it if was previously used, (be carefull if already have another seed in this btchip you will lose all)



Then you can login with the btchip, if you lose the btchip you will lose all of course, for me it's easier to lose the btchip with my car keys than to lose a seed phase written in a paper and stored properly.

Nobody explain it but I think this works that way, if I'm wrong please correct me show me a user manual and then I won't have to suppose how.
 
Regards  

[btchip]

Can someone explain to me how this improves the security of GreenAddress. As I am new to BTChip and GreenAddress.

Process to use GreenAddress/BTChip
a) The GreenAddress seed is generated on the live machine.
b) I store a backup of the seed and notedown PIN
c) A copy of the seed is written to the BTChip
d) BTChip is able to sign transactions
e) However, the GreenAddress login can easily be done using the PIN. (without the need for a seed or BTChip). So, I assume the Green address seed is being stored somewhere on my PC.
f) Even if you were to use the BTChip for login. The mnemonic can be easily accessed from the Green address GUI, once the login is accomplished. If it can be accessed using the GUI, I assume the malware can access it as well.

e) the PIN is disabled if you create the account when using the card - and you can delete the PIN if you decide to onboard an existing account into the card, which solves the problem.

f) that part might be a bit confusing - you see the mnemonic on wallet creation, because it's not disabled right away, but you won't see it if you log in using BTChip after that.

Then you can login with the btchip, if you lose the btchip you will lose all of course, for me it's easier to lose the btchip with my car keys than to lose a seed phase written in a paper and stored properly.

I'm not sure I get what you mean here - that might be because I don't drive, but you keep a seed backup in any case (whether the seed is generated by the GreenAddress client during setup, or generated by the dongle), that you can use if you lose the card - the point is that you never have to type the seed or the PIN into a potentially vulnerable computer again to log in or move funds.

Nobody explain it but I think this works that way, if I'm wrong please correct me show me a user manual and then I won't have to suppose how.

the user manual is a bit lagging behind, we'll update the FAQ with specific BTChip security details soon

[kdrop22]

Thanks vitruvio and btchip.

[btchip]

A nice GreenAddress setup tutorial : https://bitcointalk.org/index.php?topic=787418

[Muhammed Zakir]

It is telling that order is expired even after sending BTC. Can you tell me why it is showing like that? Is it because of the confirmation? Will it be okay after it get some confirmations? Order reference : 06e84be6-4dfc-454f-8f8f-6be1f368f521 . TX : 0fa9d42f3704b22796cd7c494d0dfa4de236f401de5b9fbc1cb26049ba0e2013. Thanks!

  ~~MZ~~

yes, that transaction seems weird. Was it "pushed" by blockchain.info ? It seems that's the only reference seeing it.

Nope. Sorry, I was off for some days. I checked it just now.

Summary:
Size   438 (bytes)
Received Time   2014-09-15 17:50:20
Included In Blocks   320943 (2014-09-16 09:33:48 +943 minutes)
Confirmations   939 Confirmations

P.S. I saw your PM. Thanks. I hope I will get it. You really are doing a good job.

  ~~MZ~~

[Muhammed Zakir]

When I checked the order, it is saying 'Product shipped without tracking' , so does that it is shipped? So when was it shipped? I just want to know, so that I can calculate ETA. Thanks!

  ~~MZ~~

[btchip]

sure, it shipped last wednesday 17

[wosch76]

when is expected to come out an app out of chrome working with btchip?
i think electrum is expected soon

It's done already, just not released yet, but it works if you get it from github.

Do you know the date when this final version of electrum will be released?

[btchip]

I only know that it'll happen shortly. Talking about weeks now, I won't say 2 for obvious reasons 

[ruins]

Kick ass! Read half of your post and had to comment 

(goes back reading...)

same here, a bit complicated.
(goes back reading...)

[btchip]

Kick ass! Read half of your post and had to comment 

(goes back reading...)

same here, a bit complicated.
(goes back reading...)

good luck, don't forget that everything past the first part of the first post is a bit outdated. Also, videos are coming really soon now

[webbrowser]

I've received my btchip too!

Yeah, a bit complicated.  Need more reading.

[btchip]

I've received my btchip too!

Yeah, a bit complicated.  Need more reading.

we have new videos that might be helpful re GreenAddress setup @ https://hardwarewallet.com/software.html

[JorgeStolfi]

[ Reposting some comments from the Trezor thread, somewhat edited ]

1.) [ The BTCchip]  has no screen but offers a "hardened mode" which requires you to plug it into another computer (or the same one). It will emulate a keyboard and tell you the transaction info and a one-time PIN which you'll have to enter after re-plugging again into the main computer with the wallet. It's way less elegant than trezor in this regard, but this protects against malware sneaking in attackers address.

If you plug it into the same computer, which is compromised, the malware could intercept the keyboard signals coming from the device and replace the transaction details shown to the user, while retaining the PIN.  Or is there a protection against that?

How could there even be a protection against that ? It just raises the malware complexity from an application malware to a full OS compromise.

If you are using someone else's computer, it may easily have a hacked OS.  Ditto if the malware was installed in your computer by someone hacking into it with root access. 

The Trezor seems to protect against that risk, since the transaction details are displayed on the Trezor's screen and confirmed there.

(Neither device will protect against the user copying or scanning the wrong payment address from merchant's homepage that was hacked --- at the server, by IP/URL spoofing, or by a compromised browser.  For that, the user must be careful to get the address from a secure source that cannot be easily hacked.)

Hardware wallets are supposed to be most useful when one is traveling and must use a computer provided by the local shop, hotel, guide, cybercafe, etc..  In those scenarios, there is the possiility that the PC has malicious hardware as well as malicious software, that the devce will be stolen after the use, and that there are hidden cameras watching over the user's shoulder.   One should make sure that they are safe in that scenario.

Then just use the next computer sitting nearby to view the second factor. Works well in a cybercafe and a hotel.

I am not clear yet on how BTCchip works, but if one computer in such a place is compromised, there is a high chance that all of them are.  Especially if (a) the computer was compromised specifically to steal bitcoins from BTCchips (which is the assumption), or (b) the hacker may be an employee of the place.

2.) The device requires the user to enter a PIN. If entered wrongly 3 times, device will delete wallet info.

I understand that it is a fixed PIN that must be entered in "non-hardened mode", or before starting the "hardened mode" procedure; correct?  In that case, if malware on the computer captures that PIN, and the device is stolen some time later, would that captured PIN enable the thief to use the device?

yes, the PIN is not an anti malware protection, it's an anti theft protection.

If a chip-enabled credit/debit card gets stolen, the owner should worry that the PIN was captured visually (by a camera or person looking over his shoulder) or by a physically hacked CC reader at some store.

If a BTCchip gets stolen, the owner should worry that the PIN may have been captured visually as he typed it on the computer's keyboard, OR by a keylogger in the computer.   The latter is much more likely to occur than a hacked CC reader.

If a Trezor gets stolen, the owner should worry only if there is a chance that the PIN scramble matrix was captured visually from the Trezor screen.  Malware alone cannot capture the Trezor PIN.

General comment:

Stealing bitcoins by hacking may become a big issue, if it is not already.  Hardware wallets like Trezor and BTCchip surely improve the security, but substantial risk will remain.  Malicious hackers will be strongly motivated to use all their ingenuity to overcome the device's protections. 

Bitcoin theft seems more tempting than credit/debit card theft, for several reasons.  For one thing, bitcoin transactions are instantaneous (even though confirmation may take 10 minutes on average) and final.  Even if the victim uses Trezor or BTCchip, if the device is stolen after the thief got the PIN, the coins will probably be gone before the user gets the chance to move them, and they cannot be recovered (unless the thief is caught and convinced to return them).   In comparison, when someone's credit/debit card is stolen, the owner can call the company to cancel it, and there is a good chance that it will be canceled before the thief has a chance to get value out of the card.  Moreover, the bitcoin network provides no anti-theft barriers: no one will call the victim to confirm a transaction that moves a million BTC from his account to someone else's account. 

Even if if the probability of success of some hacking attack mode is 0.1% or less, the per-target cost of such an attack is small, thousands of computers can be hacked automatically, and the payoff from one successful attemp may be quite substantial.  See that Australian guy who was recently hacked out of 750 BTC, almost 300'000 USD. Note that the malware may be programmed to act only if the wallet has a large enough sum. 

I do not expect that the manufacturers of hardware wallets will go out of their way to warn users of these remaining risks.   The bitcoin media and the community should do that.  However, manufacturers should put clear disclaimers in their warranties and ads, so that they are not blamed if bitcoins are stolen from clients.

[btchip]

[ Reposting some comments from the Trezor thread, somewhat edited ]

thanks !

If you are using someone else's computer, it may easily have a hacked OS.  Ditto if the malware was installed in your computer by someone hacking into it with root access.  

The Trezor seems to protect against that risk, since the transaction details are displayed on the Trezor's screen and confirmed there.

similar thing here with the keyboard second factor

(Neither device will protect against the user copying or scanning the wrong payment address from merchant's homepage that was hacked --- at the server, by IP/URL spoofing, or by a compromised browser.  For that, the user must be careful to get the address from a secure source that cannot be easily hacked.)

End (server)-to-end (device) BIP 70 will protect against that in the future, providing the trusted CA list is sane - not going to be implementing it in the current device though.

I am not clear yet on how BTCchip works, but if one computer in such a place is compromised, there is a high chance that all of them are.  Especially if (a) the computer was compromised specifically to steal bitcoins from BTCchips (which is the assumption), or (b) the hacker may be an employee of the place.

Computers would have to be all infected and act together in order to exploit both the main client and the client displaying the second factor - highly unlikely in my opinion.

If a chip-enabled credit/debit card gets stolen, the owner should worry that the PIN was captured visually (by a camera or person looking over his shoulder) or by a physically hacked CC reader at some store.

If a BTCchip gets stolen, the owner should worry that the PIN may have been captured visually as he typed it on the computer's keyboard, OR by a keylogger in the computer.   The latter is much more likely to occur than a hacked CC reader.

If a Trezor gets stolen, the owner should worry only if there is a chance that the PIN scramble matrix was captured visually from the Trezor screen.  Malware alone cannot capture the Trezor PIN.

A thief getting access to both the chip and the PIN is not a realistic threat in my opinion as well.

General comment:

Stealing bitcoins by hacking may become a big issue, if it is not already.  Hardware wallets like Trezor and BTCchip surely improve the security, but substantial risk will remain.  Malicious hackers will be strongly motivated to use all their ingenuity to overcome the device's protections.  

sure, security is about balancing risks / convenience / protection / cost, as always.

Bitcoin theft seems more tempting than credit/debit card theft, for several reasons.  For one thing, bitcoin transactions are instantaneous (even though confirmation may take 10 minutes on average) and final.  Even if the victim uses Trezor or BTCchip, if the device is stolen after the thief got the PIN, the coins will probably be gone before the user gets the chance to move them, and they cannot be recovered (unless the thief is caught and convinced to return them).   In comparison, when someone's credit/debit card is stolen, the owner can call the company to cancel it, and there is a good chance that it will be canceled before the thief has a chance to get value out of the card.  Moreover, the bitcoin network provides no anti-theft barriers: no one will call the victim to confirm a transaction that moves a million BTC from his account to someone else's account.  

Even if if the probability of success of some hacking attack mode is 0.1% or less, the per-target cost of such an attack is small, thousands of computers can be hacked automatically, and the payoff from one successful attemp may be quite substantial.  See that Australian guy who was recently hacked out of 750 BTC, almost 300'000 USD. Note that the malware may be programmed to act only if the wallet has a large enough sum.  

I have a different opinion about that - credit/debit card theft today comes mostly from exploitation of different security levels (copy the magnetic track of a chip card, clone it and use it in a country not using chip cards), or identity theft (order a real fake card from stolen credentials). Recovering from such thefts which cannot be identified easily before they happen takes quite a long time (talking about months here).

With Bitcoin everyone plays on the same security level (which is already a nice improvement), and you can already have a second factor confirmation in multisignature wallets (GreenAddress is a good example - confirming each transaction using SMS to a feature phone is quite nice, even without a hardware wallet)

I do not expect that the manufacturers of hardware wallets will go out of their way to warn users of these remaining risks.

I believe that the threat matrix should be clearly provided so that people can know what they're buying

The bitcoin media and the community should do that.

I'd actually feel better if an independent security audit group was formed to specifically do that. That would keep the signal to noise ratio higher.

However, manufacturers should put clear disclaimers in their warranties and ads, so that they are not blamed if bitcoins are stolen from clients.

No warranty claim can be placed for an amount greater than the price paid in Euros for the product –
the Buyer acknowledges that while the best care has been applied to design a product suitable to
store crypto currency assets securely, no warranty is made by the Seller that the product is free from
software or hardware defects that could cause a loss of a part or the full assets stored on the
products. The Buyer is advised to keep a safe backup of each asset stored in the product.

good enough ?

[Muhammed Zakir]

Still hasn't received my BTCChip. Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Best Of Luck!

  ~~MZ~~

[btchip]

Still hasn't received my BTCChip. Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Best Of Luck!

  ~~MZ~~

yeah, I'm afraid it looks like I'm beta testing the post office delivery to non European / US countries. I'll resend it tomorrow using a different service, sorry for the delay.

[Muhammed Zakir]

Still hasn't received my BTCChip. Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Best Of Luck!

  ~~MZ~~

yeah, I'm afraid it looks like I'm beta testing the post office delivery to non European / US countries. I'll resend it tomorrow using a different service, sorry for the delay.

So haven't you sent it? According to earlier post you said, it was shipped, so if you ship again and somehow both arrives, then won't you lose some money? Should I need to pay again if both arrives?

  ~~MZ~~

[btchip]

yes I already shipped it. Of course you'll only pay once, I won't charge you for supporting my trial & error scheme

[btchip]

Firmware version 1.4.11 is now available, with quite impressive speed optimizations - upgrade now @ https://firmwareupdate.hardwarewallet.com

[AussieHash]

Are we supposed to have received email confirmation for a completed order ? I made payment 7 days ago, and never received email confirmation. I made payment with electrum immediately, before the countdown timer expired. The browser screen never updated to say payment confirmed.

I don't have a screenshot of that browser window, I don't have a transaction ID and you use some strange BitID without the manual login option so I cannot BitID login from my address to check the order.

[btchip]

Are we supposed to have received email confirmation for a completed order ?

No

I made payment 7 days ago, and never received email confirmation. I made payment with electrum immediately, before the countdown timer expired. The browser screen never updated to say payment confirmed.

This happens sometimes. The best thing to do is to let me know immediately - but no order is lost.

I don't have a screenshot of that browser window, I don't have a transaction ID and you use some strange BitID without the manual login option so I cannot BitID login from my address to check the order.

That wouldn't help if you didn't register it anyway, so you can PM me your payment address,  and I can tell you your order reference.

[AussieHash]

Thanks for the quick reply to my PM, I see it has been posted.

Edit : Order arrived safely today, thank you very much  
Edit 2 : works perfectly with greenaddress and with Trezor 2.0beta (requiring a wipe when switching from one to the other)
Edit 3 : using /python-trezor/mnemonic_check.py to generate a 24 word mnemonic, then loading it on Trezor (./cmdtr.py load_device) and btchip (electrum 2.0 beta).  Both devices generate the same HD address tree.
Edit 4 : Make sure you are running Chrome 38 or above for Greenaddress.

[jackbox]

Can I use HW1 on multiple computers and devices using the same wallet balances, etc? Or can it only be used on one computer or device at a time?

[btchip]

Can I use HW1 on multiple computers and devices using the same wallet balances, etc?

yes. It only holds the private keys and the associated balances are synchronized by the host computer.

[Tafelpoot]

Is the following correct?
- you can write a seed towards the btchip
- you cannot read a seed from the btchip.
- signing the tx is done on the chip.

Thanks in advance

[btchip]

Is the following correct?
- you can write a seed towards the btchip
- you cannot read a seed from the btchip.
- signing the tx is done on the chip.

Thanks in advance

yes exactly

[jackbox]

When I put the key into a USB port on my Windows 8.1 machine I hear the computer beep but I cannot find the device in device manager and it is not on the list for the hardware ejector. Is it listed somewhere and possible to eject? Or is it just okay to remove it without being able to stop it first?

[Muhammed Zakir]

When I put the key into a USB port on my Windows 8.1 machine I hear the computer beep but I cannot find the device in device manager and it is not on the list for the hardware ejector. Is it listed somewhere and possible to eject? Or is it just okay to remove it without being able to stop it first?

There is no need of drivers in Win8 but you might want to try installing win drivers. Just try it or wait for btchip to come.

   ~~MZ~~

[jackbox]

When I put the key into a USB port on my Windows 8.1 machine I hear the computer beep but I cannot find the device in device manager and it is not on the list for the hardware ejector. Is it listed somewhere and possible to eject? Or is it just okay to remove it without being able to stop it first?

There is no need of drivers in Win8 but you might want to try installing win drivers. Just try it or wait for btchip to come.

   ~~MZ~~

What do you mean "wait for btchip to come?" I already have the chips. I want to know if safe to unplug from usb without ejecting it first. I cannot find a way to eject it like you can for a usb drive or other usb devices. Cannot find it in device mgr either but it works with green wallet.

[btchip]

yes, it is safe to unplug it when you feel like it. This is only a problem for mass storage sticks because the system might have some write cache.

[jackbox]

I have a question about setup with Green Address wallet. I went through procedure to setup my BTCHIP HW1. It generated a mnemonic and I told it to write it to the card. All seemed to work okay but after that setting up the HW1 it showed me another mnemonic and told me to keep that one also. I was puzzled why I had two and which one was good so I save both. Then when it told me to confirm the mnemonic by entering five words, the five words that worked were from the first mnemonic written to the HW1. But if I use Green Address wallet without the HW1 and use the second mnemonic and password I entered I get the same wallet addresses. Is this normal behavior or did I do something wrong. I find it strange that two very different mnemonic can result in the exact same wallet.

[troy112]

One chip holds only 1 address seed or it can hold more than 1??

[Muhammed Zakir]

What do you mean "wait for btchip to come?" I already have the chips. I want to know if safe to unplug from usb without ejecting it first. I cannot find a way to eject it like you can for a usb drive or other usb devices. Cannot find it in device mgr either but it works with green wallet.

I mean user 'btchip'.

One chip holds only 1 address seed or it can hold more than 1??

I think it can only hold 1 mnemonic. You will need to wipe to get a new mnemonic.

   ~~MZ~~

[btchip]

I have a question about setup with Green Address wallet. I went through procedure to setup my BTCHIP HW1. It generated a mnemonic and I told it to write it to the card.

This part looks allright

All seemed to work okay but after that setting up the HW1 it showed me another mnemonic and told me to keep that one also. I was puzzled why I had two and which one was good so I save both. Then when it told me to confirm the mnemonic by entering five words, the five words that worked were from the first mnemonic written to the HW1.

This is the weird part, I don't understand where this second mnemonic is coming from. It looks like you restarted the setup part at some point.

But if I use Green Address wallet without the HW1 and use the second mnemonic and password I entered I get the same wallet addresses. Is this normal behavior or did I do something wrong. I find it strange that two very different mnemonic can result in the exact same wallet.

Yes, it should not happen. My guess is that you're still using a password associated to the first mnemonic (which is also written to the chip) so the second mnemonic is never used. That doesn't explain what is is though - maybe you can retrace everything you did.

One chip holds only 1 address seed or it can hold more than 1??

only a single seed

I think it can only hold 1 mnemonic. You will need to wipe to get a new mnemonic.

   ~~MZ~~

correct

[jackbox]

I have a question about setup with Green Address wallet. I went through procedure to setup my BTCHIP HW1. It generated a mnemonic and I told it to write it to the card.

This part looks allright

All seemed to work okay but after that setting up the HW1 it showed me another mnemonic and told me to keep that one also. I was puzzled why I had two and which one was good so I save both. Then when it told me to confirm the mnemonic by entering five words, the five words that worked were from the first mnemonic written to the HW1.

This is the weird part, I don't understand where this second mnemonic is coming from. It looks like you restarted the setup part at some point.

But if I use Green Address wallet without the HW1 and use the second mnemonic and password I entered I get the same wallet addresses. Is this normal behavior or did I do something wrong. I find it strange that two very different mnemonic can result in the exact same wallet.

Yes, it should not happen. My guess is that you're still using a password associated to the first mnemonic (which is also written to the chip) so the second mnemonic is never used. That doesn't explain what is is though - maybe you can retrace everything you did.

One chip holds only 1 address seed or it can hold more than 1??

only a single seed

I think it can only hold 1 mnemonic. You will need to wipe to get a new mnemonic.

   ~~MZ~~

correct

No. Because if I use the second mnemonic without the HW1 it tells me to enter password for encrypted mnemonic and opens same wallet. HW1 with pin opens same wallet. I just did wallet setup step by step and after saving first mnemonic to card showed me a second one. Not a second wallet. They open the same wallet.

[btchip]

ok - think I got it now.

The chip stores your unencrypted mnemonic - it doesn't need to encrypt it as everything related to private keys is processed internally.

If you encrypt your mnemonic, you'll end up with a different mnemonic, which decodes to the same seed as the first mnemonic after you provide the password.

so the chip, the unencrypted mnemonic, and the encrypted mnemonic + associated password are generating the same wallet.

[jackbox]

ok - think I got it now.

The chip stores your unencrypted mnemonic - it doesn't need to encrypt it as everything related to private keys is processed internally.

If you encrypt your mnemonic, you'll end up with a different mnemonic, which decodes to the same seed as the first mnemonic after you provide the password.

so the chip, the unencrypted mnemonic, and the encrypted mnemonic + associated password are generating the same wallet.

Yea, that is what I am pretty sure it is doing; but never heard of this happening with anyone else. It didn't ask me if I wanted another mnemonic to encrypt the original with a password, it just did it and showed me a second mnemonic. Was very confusing because then it asked me to confirm the mnemonic with five words and the second one was wrong, had to use the first one. Good thing I backed up both of them. 

[Muhammed Zakir]

Need help installing cython-hidapi.

CMD output - Windows7.

Code:

C:\Users\usrname\Downloads\Compressed\cython-hidapi-master>python setup.py install

running install
running build
running build_ext
skipping 'hid.c' Cython extension (up-to-date)
building 'hid' extension
error: Unable to find vcvarsall.bat

C:\Users\usrname\Downloads\Compressed\cython-hidapi-master>

   ~~MZ~~

[btchip]

It looks like Visual Studio is missing - maybe a free version can work

[Muhammed Zakir]

It looks like Visual Studio is missing - maybe a free version can work

   ~~MZ~~

[btchip]

ok, so a system path issue maybe - vcvarsall.bat should be located in your path when building

[jackbox]

I was using my btchip HW1 with Green Address both Chrome and Android. All of the sudden the Android one refused to accept it and told me to upgrade the firmware. The Chrome one did not say that but did not seem to be functioning properly. After a very long and frustrating time I finally got the device reset, updated and restored seed. Need better instructions on this process for people. I just goT them within two weeks. Why do they come with old firmware? Can't they be updated before being mailed?

[btchip]

I was using my btchip HW1 with Green Address both Chrome and Android. All of the sudden the Android one refused to accept it and told me to upgrade the firmware. The Chrome one did not say that but did not seem to be functioning properly.

I'm not that sure about the "all of a sudden" part as there have been no updates in the applications recently.

I'd need more details to understand the process flow and how/when this occurred

After a very long and frustrating time I finally got the device reset, updated and restored seed. Need better instructions on this process for people. I just goT them within two weeks. Why do they come with old firmware? Can't they be updated before being mailed?

I'd need more details about the issues you had when updating the firmware to improve it.

Cards are usually shipped with the latest firmware, but there have been a lot of updates recently. They're not forced on the users though, so I don't really understand the problem.

[jackbox]

I was using my btchip HW1 with Green Address both Chrome and Android. All of the sudden the Android one refused to accept it and told me to upgrade the firmware. The Chrome one did not say that but did not seem to be functioning properly.

I'm not that sure about the "all of a sudden" part as there have been no updates in the applications recently.

I'd need more details to understand the process flow and how/when this occurred

After a very long and frustrating time I finally got the device reset, updated and restored seed. Need better instructions on this process for people. I just goT them within two weeks. Why do they come with old firmware? Can't they be updated before being mailed?

I'd need more details about the issues you had when updating the firmware to improve it.

Cards are usually shipped with the latest firmware, but there have been a lot of updates recently. They're not forced on the users though, so I don't really understand the problem.

I used it yesterday with no problem. Today the Android app said I had to update to at least version 1.4.8 and would refuse to even let me input PIN number. Also to reset must be done on Chrome only, not app. And I hate to enter incorrect pin, remove card, insert card, incorrect pin again, remove card and incorrect pin again. That song and dance is not explained anywhere. Also, after installing the two required chrome extensions, the first time updater said could not read my version number. I had to remove it and start over and then it worked. Also, why does updating it require it to be removed and inserted so many times?

[btchip]

I used it yesterday with no problem. Today the Android app said I had to update to at least version 1.4.8 and would refuse to even let me input PIN number.

This is the part I don't get. If it happens again please let me know and I'll give you some tools to investigate before you update.

Also to reset must be done on Chrome only, not app.

It should also work from the Android app once it's updated. For the time being it only works with older versions

And I hate to enter incorrect pin, remove card, insert card, incorrect pin again, remove card and incorrect pin again. That song and dance is not explained anywhere.

I'll mention it in bolder later in the firmware update page, but this is a security measure against malware trying to DoS the card by sending wrong PINs in a row. It could be made easier by sending the wrong PINs for you.

Also, after installing the two required chrome extensions, the first time updater said could not read my version number.

Might happen right after the chrome extensions are installed if you don't reload the page, or if another process is open and tries to access the dongle.

I had to remove it and start over and then it worked. Also, why does updating it require it to be removed and inserted so many times?

the dongle cycles through 3 different operating systems during the update, it tries to reboot automatically between each steps but there could be race conditions in this process and the updater errs on the side of caution if the dongle doesn't answer fast enough.

[jackbox]

I used it yesterday with no problem. Today the Android app said I had to update to at least version 1.4.8 and would refuse to even let me input PIN number.

This is the part I don't get. If it happens again please let me know and I'll give you some tools to investigate before you update.

Okay, will do.

Also to reset must be done on Chrome only, not app.

Yes, after the update it works once again on both Android and Chrome apps.

BTW, did you get my PM yesterday?

[btchip]

Okay, will do.

Thanks. I'll publish a self test page soon.

Yes, after the update it works once again on both Android and Chrome apps.

BTW, did you get my PM yesterday?

yes, happy to see that postal service is behaving  

[AussieHash]

FYI - last day of 2 for the price of 1 HW.1 pricing
https://twitter.com/BTChip/status/535213303690436608

[nomnomnom]

Hello,

I have a hw.1 and use it with electrum, it works fine overall,
but now I have an address where I can't send anything from.

It is this one: 1Jmv13FgTW1xeGGvATt2EP142efBq473bA
The coins on this address came from a greenaddress wallet (address starts with 3)
I've seen something about p2sh todo in the btchip plugin, not sure if relevant
because  I am not really a programmer, but maybe that could be the problem?
If this is a btchip limitation it would suck, or is it an electrum bug?

I added a "print tx" at the point where it fails and the transaction looks ok to me,
I can load it with electrum and look at it, but it is obv unsigned

Selecting send from other addresses works fine so it is no big deal,
but if this is a bug it would be good if it could be fixed

Code:

  File "/home/user/electrum-git/electrum/gui/qt/util.py", line 37, in run
    self.result = self.run_task()
  File "/home/user/electrum-git/electrum/gui/qt/main_window.py", line 1156, in sign_thread
    self.wallet.sign_transaction(tx, password)
  File "/home/user/electrum-git/electrum/plugins/btchipwallet.py", line 330, in sign_transaction
    raise BaseException(tx.error)
BaseException: byte must be in range(0, 256)

[btchip]

There shouldn't be an issue to use those funds, so I'm afraid the answer lies probably in the middle with a BTChip Python bug dealing with long input scripts (around here) . I'll test that, might take a few days due to long trips.

[AussieHash]

[LOBSTER]

I'll order one. It's a good offer today...hope shipping is fast

[btchip]

I'll order one. It's a good offer today...hope shipping is fast

shipping is fast, but manufacturing is done on demand (this is one of my new tests  ) so it'll ship end of next week, as stated on the website.

[nomnomnom]

There shouldn't be an issue to use those funds, so I'm afraid the answer lies probably in the middle with a BTChip Python bug dealing with long input scripts (around here) . I'll test that, might take a few days due to long trips.

Ok sounds good. No hurry, take your time 

[artbatista]

I placed a couple of orders on your store. Am I supposed to get a confirmation email after I pay?

Art

[artbatista]

I placed a couple of orders on your store. Am I supposed to get a confirmation email after I pay?

Art

Transaction ID #1:

https://blockchain.info/tx/f560a2c5650e26006b60da56f32eb0afaafda530c73733234e20d1b316b87182


Transaction ID #2:

https://blockchain.info/tx/f4da0d52088512120b53bc96d8837c6cc5e0d8c008bca366634e738943c77546

These are from address:

1ArtBatXAdUxmWupydCQBFcvD3TkeJhwgC


Let me know if you need a signed message to confirm.

Cheers

Art

[btchip]

Hi

It's ok, you don't get an email confirmation.

TX #2 is ok and confirmed.

TX #1 is apparently not going to me

[artbatista]

Hi

It's ok, you don't get an email confirmation.

TX #2 is ok and confirmed.

TX #1 is apparently not going to me

You are right, #1 is not yours, I made a mistake, but now that I know I won't get an email confirm, I won't bother you with the second order tx I.D.

Have a good weekend, I'll wait patiently for my orders.

Cheers

Art

[xgtele]

Ordered 2014 Black Friday promo 

[btchip]

Ordered 2014 Black Friday promo 

Thanks. It's available till Monday end of day PST 

[btchip]

There shouldn't be an issue to use those funds, so I'm afraid the answer lies probably in the middle with a BTChip Python bug dealing with long input scripts (around here) . I'll test that, might take a few days due to long trips.

Ok sounds good. No hurry, take your time  

This should have been addressed in my latest updates. Can you pull btchip-python and retest ?

[Muhammed Zakir]

Not working...





Output of cmd :

Code:

Traceback (most recent call last):
  File "C:\Program Files\Electrum-2.0\gui\qt\installwizard.py", line 393, in run
    wallet.create_main_account(password)
  File "C:\Program Files\Electrum-2.0\plugins\btchipwallet.py", line 217, in create_main_account
    self.create_account('Main account', None) #name, empty password
  File "C:\Program Files\Electrum-2.0\lib\wallet.py", line 1413, in create_account
    account_id, xpub, addr = self.get_next_account(password)
  File "C:\Program Files\Electrum-2.0\lib\wallet.py", line 1397, in get_next_account
    xpub, xprv = self.derive_xkeys(self.root_name, derivation, password)
  File "C:\Program Files\Electrum-2.0\plugins\btchipwallet.py", line 221, in derive_xkeys
    xpub = self.get_public_key(derivation)
  File "C:\Program Files\Electrum-2.0\plugins\btchipwallet.py", line 230, in get_public_key
    self.get_client() # prompt for the PIN before displaying the dialog if necessary
  File "C:\Program Files\Electrum-2.0\plugins\btchipwallet.py", line 204, in get_client
    raise Exception("Could not connect to your BTChip dongle. Please verify access permissions, PIN, or unplug the dongle and plug it again")
Exception: Could not connect to your BTChip dongle. Please verify access permissions, PIN, or unplug the dongle and plug it again

   ~~MZ~~

[btchip]

did the previous version work ?

(just rechecked, it works fine on Linux, unsurprisingly)

[AussieHash]

@btchip is there a way to generate the xpub key for a specific path using any of the command line APIs ? In particular I am trying to manually sign "Coinkite" with "0'/0/0" to test their multisig, but I need the xpub key for that path. Thanks.

[btchip]

@btchip is there a way to generate the xpub key for a specific path using any of the command line APIs ? In particular I am trying to manually sign "Coinkite" with "0'/0/0" to test their multisig, but I need the xpub key for that path. Thanks.

yes, we and BitMEX recently added this in better Coinkite cosigning integration scripts - have a look at https://github.com/BitMEX/btchip-signing-tools and  https://github.com/BitMEX/btchip-signing-tools/blob/master/utils/getKey.py for what you need

[Muhammed Zakir]

did the previous version work ?

(just rechecked, it works fine on Linux, unsurprisingly)

I didn't do anything. I  couldn't install the firmware which I downloaded from hardwarewallet website, so I chose windows to download and install automatically and it did. I already installed BTChip and electrum. But when I am trying to open, it isn't coming.

P.S. I haven't installed linux on my system yet, probably, I will install on Saturday or Sunday. Anything I can do before that to work with Win7?

AND, thanks for 2 for 1 offer!

   ~~MZ~~

[btchip]

I'd need to retest on Windows at some point, there are a lot of reasons why accessing the dongle from Python could fail.

[nomnomnom]

There shouldn't be an issue to use those funds, so I'm afraid the answer lies probably in the middle with a BTChip Python bug dealing with long input scripts (around here) . I'll test that, might take a few days due to long trips.

Ok sounds good. No hurry, take your time  

This should have been addressed in my latest updates. Can you pull btchip-python and retest ?

Sorry have just seen your post now, can confirm, seems to work fine! Thank you very much

[Muhammed Zakir]

I'd need to retest on Windows at some point, there are a lot of reasons why accessing the dongle from Python could fail.

I am in no hurry. Take your time.

Is there any way to import an address? Any developer options to do it?

P.S. I tried BTChip with Greenaddress wallet but there is no option to send BTC to many address at a time.

   ~~MZ~~

[btchip]

I'd need to retest on Windows at some point, there are a lot of reasons why accessing the dongle from Python could fail.

I am in no hurry. Take your time.

Is there any way to import an address? Any developer options to do it?

you can import an arbitrary key in developer mode, but then you have to do everything in developer mode (i.e. you are actually signing arbitrary data, without checking anything about the transaction)

P.S. I tried BTChip with Greenaddress wallet but there is no option to send BTC to many address at a time.

   ~~MZ~~

I don't think there's support for that - also the dongle only supports verifying one payment output (+ one change output) when using the internal second factor (this is not an issue for GreenAddress considering its very specific use case)

(edit : there's no support for it in the app, but it's supported in the API or through a BIP 70 request)

[Muhammed Zakir]

you can import an arbitrary key in developer mode, but then you have to do everything in developer mode (i.e. you are actually signing arbitrary data, without checking anything about the transaction)

Sorry for asking a dump question : Which wallet should I use to do this? Or should I have to use BTChip-python/C/java - I am not used to this but I can give it a try? Any documentation?

I don't think there's support for that - also the dongle only supports verifying one payment output (+ one change output) when using the internal second factor (this is not an issue for GreenAddress considering its very specific use case)

Why can't it verify the outputs/inputs one by one? Will it be supported in future?

   ~~MZ~~

[btchip]

you can import an arbitrary key in developer mode, but then you have to do everything in developer mode (i.e. you are actually signing arbitrary data, without checking anything about the transaction)

Sorry for asking a dump question : Which wallet should I use to do this? Or should I have to use BTChip-python/C/java - I am not used to this but I can give it a try? Any documentation?

You're basically on your own with that - the C API @ https://github.com/LedgerHQ/btchip-c-api is the most documented one with all developer mode functions implemented (btchip_importPrivateKey, btchip_deriveBip32Key, btchip_getPublicKey, btchip_signImmediate). All those functions are well described in the API documentation @ https://ledgerhq.github.io/btchip-doc/bitcoin-technical.html#_developer_mode_apdus

I don't think there's support for that - also the dongle only supports verifying one payment output (+ one change output) when using the internal second factor (this is not an issue for GreenAddress considering its very specific use case)

Why can't it verify the outputs/inputs one by one? Will it be supported in future?

   ~~MZ~~

it doesn't verify outputs (not important for inputs as they're cumulated) one by one because then you'd have to remove / insert the dongle for each output, which is kind of annoying. It's not a technical limitation, more a design limitation. I plan to add this in a future firmware version, maybe not for this product though.

[Muhammed Zakir]

You're basically on your own with that - the C API @ https://github.com/LedgerHQ/btchip-c-api is the most documented one with all developer mode functions implemented (btchip_importPrivateKey, btchip_deriveBip32Key, btchip_getPublicKey, btchip_signImmediate). All those functions are well described in the API documentation @ https://ledgerhq.github.io/btchip-doc/bitcoin-technical.html#_developer_mode_apdus

Thanks! I used it. I could create a wallet in normal mode to test but now I want to change it to Developer mode and I am getting some errors. How can I wipe the dongle? I entered 3 invalid pins in a row but I didn't see anything about 'wipe'. What is developer key?

P.S. I think 'wipe pin' can be used to create a new seed and what is the pin? Is wipe pin and user pin same but in different places when typing? I think btchip_setOperationMode can be used to change the mode, so this will suffice my need. I found this on the guide:

The dongle must be physically reset following this command if switching to a different mode than the current mode.

How to reset the dongle physically?

Additional description of setup parameters : When enabled, RFC 6979 deterministic signatures will be used for all operations in wallet, relaxed wallet and server modes.
RFC 6979 deterministic signatures are always available in developer mode.

Note : Using deterministic signatures will make the signing process slower and could possibly create a larger
side channel attack surface due to the way private keys are handled during the computation of the
random value. We suggest to only enable this mode if you don’t trust the chip hardware Random
Number Generator or are sure of understanding the risks.

Can you explain please?

it doesn't verify outputs (not important for inputs as they're cumulated) one by one because then you'd have to remove / insert the dongle for each output, which is kind of annoying. It's not a technical limitation, more a design limitation. I plan to add this in a future firmware version, maybe not for this product though.

Hmm... Noob : Can I create a TX from online wallet and then sign the raw TX using BTChip?

   ~~MZ~~

[btchip]

Thanks! I used it. I could create a wallet in normal mode to test but now I want to change it to Developer mode and I am getting some errors. How can I wipe the dongle? I entered 3 invalid pins in a row but I didn't see anything about 'wipe'. What is developer key?

Entering 3 invalid PINs in a row will wipe it (i.e. reset the seed and you start with a fresh dongle). The developer key is the Triple DES key used to encrypt private keys that go out of the dongle in developer mode.

P.S. I think 'wipe pin' can be used to create a new seed and what is the pin? Is wipe pin and user pin same but in different places when typing? I think btchip_setOperationMode can be used to change the mode, so this will suffice my need. I found this on the guide:

You can ignore the wipe PIN as it'll be changed soon - for the time being, when entered, it changes the seed to a random value permanently.

in order to use the developer mode, you need to setup the dongle with this mode authorized (i.e. WALLET+DEVELOPER if using the C API if you want to use both). Then you can switch modes with btchip_setOperationMode

The dongle must be physically reset following this command if switching to a different mode than the current mode.

How to reset the dongle physically?

That's the entering-3-wrong-PINs-thing

Additional description of setup parameters : When enabled, RFC 6979 deterministic signatures will be used for all operations in wallet, relaxed wallet and server modes.
RFC 6979 deterministic signatures are always available in developer mode.

Note : Using deterministic signatures will make the signing process slower and could possibly create a larger
side channel attack surface due to the way private keys are handled during the computation of the
random value. We suggest to only enable this mode if you don’t trust the chip hardware Random
Number Generator or are sure of understanding the risks.

Can you explain please?

RFC6979 uses an ECC private key as a message component passed to a HMAC, which is not something you usually do - it'll break the "balanced" algorithms, trying to mask the values of private keys as they go from flash to RAM to the cryptoprocessor on a smartcard. So it might open more subtle attacks, but it's too popular to be ignored in Bitcoin space, so it's always used

it doesn't verify outputs (not important for inputs as they're cumulated) one by one because then you'd have to remove / insert the dongle for each output, which is kind of annoying. It's not a technical limitation, more a design limitation. I plan to add this in a future firmware version, maybe not for this product though.

Hmm... Noob : Can I create a TX from online wallet and then sign the raw TX using BTChip?

   ~~MZ~~

Depending how the wallet is implemented, you can. This is what's done with Coinkite co-signing solution for example (sample over there https://github.com/BitMEX/btchip-signing-tools)

[viking02]

how is this compared to trezor?


how fast does it ship to east coast usa?


is it very easy for someone that is not computer savy?

[btchip]

how is this compared to trezor?

it's cheaper, based on a smartcard, but doesn't have a screen or buttons. Functionally speaking it does the same thing differently.

how fast does it ship to east coast usa?

between one and two weeks

is it very easy for someone that is not computer savy?

it's reasonably easy (especially with GreenAddress) but for the easiest experience we offer the Ledger Wallet, based on the same technology with significantly more polish.

[viking02]

whats the usd cost for ledger hw1 vs ledgerwallet?

[Muhammed Zakir]

Please help me! BTChip is working with electrum now and I imported 2 private keys. After that, I tried to sign messages but I am getting errors. Any solution?




   ~~MZ~~

[btchip]

whats the usd cost for ledger hw1 vs ledgerwallet?

around half of it

Please help me! BTChip is working with electrum now and I imported 2 private keys. After that, I tried to sign messages but I am getting errors. Any solution?

   ~~MZ~~

that's weird, it shouldn't be using the chip to sign that as the keys are not in it. It should deny key imports for this wallet.

[Muhammed Zakir]

Kryptokit not working! Know why? You can concentrate on electrum now, reply when you are free.

Image : http://gyazo.com/4f65e857958bd7c55add1d8d06cbb4cd

   ~~MZ~~

[btchip]

Kryptokit not working! Know why? You can concentrate on electrum now, reply when you are free.

Image : http://gyazo.com/4f65e857958bd7c55add1d8d06cbb4cd

   ~~MZ~~

still working here, what's your OS and Chrome version ?

[Muhammed Zakir]

still working here, what's your OS and Chrome version ?

I'm on Windows 7 using Chrome latest version. I will check whether it is working with Chrome Canary.

   ~~MZ~~

[btchip]

Did you try to remove it and reinstall it ? It looks like a filesystem corruption.

[ddepker]

There is an option for using security keys when trying to log in to Google.

https://support.google.com/accounts/answer/6103523?hl=en

Is it possible to use the HW.1 key to secure my Google account while also using it to secure my Bitcoin wallet?

[Muhammed Zakir]

For your information :

FYI it'll be possible to use the Ledger Wallet interface with HW.1 and the next firmware release with some additional setup. It'll also be possible to buy our next hardware wallets with a discount if you own a HW.1 or a Ledger Wallet.

   ~~MZ~~

[Voltarius]

Seems like a good project, keep it up and I hope these smart cards can get made!

[btchip]

There is an option for using security keys when trying to log in to Google.

https://support.google.com/accounts/answer/6103523?hl=en

Is it possible to use the HW.1 key to secure my Google account while also using it to secure my Bitcoin wallet?

no, it's unfortunately not possible. The U2F implementation is done on a different firmware version requiring attestation keys that are installed at factory personalization time

Seems like a good project, keep it up and I hope these smart cards can get made!

well the cards are made and actually quite popular at TNABC

[owlcatz]

There is an option for using security keys when trying to log in to Google.

https://support.google.com/accounts/answer/6103523?hl=en

Is it possible to use the HW.1 key to secure my Google account while also using it to secure my Bitcoin wallet?

no, it's unfortunately not possible. The U2F implementation is done on a different firmware version requiring attestation keys that are installed at factory personalization time

Seems like a good project, keep it up and I hope these smart cards can get made!

well the cards are made and actually quite popular at TNABC

I got one yesterday in the mail. can't get any computer to even recognize it. how do i tell if it's dead or something? spent like 2 hours with it, waste of time so far...

Edit - two windows 7 64-bit - even tried old drivers etc. nothing seems to work ... Windows device manager sees nothing at all, no matter what usb port i try. 1 Dell laptop and 1 ASUS home built desktop.

ps i tried on linux mint as well, but i didn't get very far at all before giving up there too.  (Older laptop).

thanks for any help.

[btchip]

the card is supposed to appear as a usb device on 2581:2b7c on your system (using windows control panel / lsusb on Linux)

if it doesn't, check that you folded it properly

if it still doesn't work, contact support to get another one sent

[owlcatz]

the card is supposed to appear as a usb device on 2581:2b7c on your system (using windows control panel / lsusb on Linux)

if it doesn't, check that you folded it properly

if it still doesn't work, contact support to get another one sent

ok, thanks. i guess mine must be dead - I accidentally broke it off on the "clip" before reading the full instructions, but it's stuck back on there just fine so i'm not sure if that is the issue, i wouldn't think so, it fits fairly snug etc.

i'll have a super-geek i work with give a try tomorrow before contacting support, maybe i'm missing something simple.

Thanks again, i appreciate the quick response.

[jackbox]

In Windows Device Manager it will show up as an HID (Human Interface Device). The computer sees it as a keyboard. It will not show up under the USB tab.

[btchip]

the card is supposed to appear as a usb device on 2581:2b7c on your system (using windows control panel / lsusb on Linux)

if it doesn't, check that you folded it properly

if it still doesn't work, contact support to get another one sent

ok, thanks. i guess mine must be dead - I accidentally broke it off on the "clip" before reading the full instructions, but it's stuck back on there just fine so i'm not sure if that is the issue, i wouldn't think so, it fits fairly snug etc.

i'll have a super-geek i work with give a try tomorrow before contacting support, maybe i'm missing something simple.

Thanks again, i appreciate the quick response.

yes, might just be slightly off - try to nudge it a bit up in the USB port maybe.

[GenTarkin]

Are these things still being shipped? I put an order through on hardwarewallet.com and it never accepted my payment =( ... I sent the BTC and it confirmed and I confirmed the addresses were the same. I never received an email or anything. I emailed hardwarewallet bout it ...
Anyone got ideas?

[jackbox]

Are these things still being shipped? I put an order through on hardwarewallet.com and it never accepted my payment =( ... I sent the BTC and it confirmed and I confirmed the addresses were the same. I never received an email or anything. I emailed hardwarewallet bout it ...
Anyone got ideas?

How long ago did you buy? When I bought mine there is no confirmation or contact after paying. They just mail it out and you receive it by regular airmail or registered airmail depending on the country you live in.

[AussieHash]

Are these things still being shipped? I put an order through on hardwarewallet.com and it never accepted my payment =( ... I sent the BTC and it confirmed and I confirmed the addresses were the same. I never received an email or anything. I emailed hardwarewallet bout it ...
Anyone got ideas?

If everything goes through correctly, the payment page transforms in to a PDF confirmation receipt.

One of my orders failed to progress normally, so I emailed support and they sorted it out.

You could potentially also login to you payment history if the wallet you paid through supports BitID (probably only mycelium on android)

[mistercoin]

It would be awesome if there was a piece of software that anyone could use to turn a normal USB drive into a hardware wallet. But until then, this will do very nice to secure me

[WBF1]

Can I use greenbits on android to do all that is needed in wallet mode with the hw-1? I mean from initialization through usage? Or do I need to use a computer for some steps?

Also, does hw-1 use it's own rng? Or does it use that of the host? Or some combination? Is it possible to add your own salt?

Also is the 2fa via usb keyboard emulation required for every transaction or is that optional?

Is hw-1 basically the same as ledger with a different form factor? Or are there usability differences?

(sorry if these are answered elsewhere in this thread... I read back several pages and didn't see anything conclusive).

[btchip]

Can I use greenbits on android to do all that is needed in wallet mode with the hw-1? I mean from initialization through usage? Or do I need to use a computer for some steps?

You'll need to use a computer for initialization.

Also, does hw-1 use it's own rng? Or does it use that of the host? Or some combination? Is it possible to add your own salt?

It uses its own RNG, or a seed provided by the user. After that, the RNG is not used if using deterministic signatures. It's not possible to add your own salt.

Also is the 2fa via usb keyboard emulation required for every transaction or is that optional?

It is required for every transaction - with the latest Ledger Wallet firmware, you can replace it by a security card lookup or a mobile second factor though.

Is hw-1 basically the same as ledger with a different form factor? Or are there usability differences?

It's the same chip in a different form factor - with the latest firmware, both are exactly similar features wise.

[WBF1]

Thanks very much for the reply. One more question: is it possible to export xpub from the device so you can generate receiving addresses without having the device plugged in? What I mean is using it with mycelium or BTCRecieve for watch only but also for generating receiving addresses.

[btchip]

Thanks very much for the reply. One more question: is it possible to export xpub from the device so you can generate receiving addresses without having the device plugged in? What I mean is using it with mycelium or BTCRecieve for watch only but also for generating receiving addresses.

yes, it's possible. It's not widely used so far, but you can find some examples in https://github.com/BitMEX/btchip-signing-tools for example.

Integration into Mycelium is also ongoing

[WBF1]

Sounds great. Being able to easily load up xpub into mycelium, the ledger companion app, or btcrecieve (which the trezor folks have rebranded into the "my trezor lite" app) would make it much easier to receive funds to new addresses in the hd wallet without needing the device connected. Definitely something I would think most users would be interested in, especially if btchip-based devices are being used for cold storage and kept in a safe, not readily accessible place.

[Muhammed Zakir]

yes, it's possible. It's not widely used so far, but you can find some examples in https://github.com/BitMEX/btchip-signing-tools for example.

Error. Obviously because of the slow internet.

Code:

Processing dependencies for btchip-signer==0.1
Searching for python-dateutil
Reading https://pypi.python.org/simple/python-dateutil/
error: The read operation timed out

Can anybody list the dependencies so that I can install them one by one? If the dependencies are pre-installed, it will be skipped when running the setup right?

P.S. What can we do with signTxArmory?

[WBF1]

Does hw1/ledger/greenaddress work on chromium instead of chrome? Wasn't sure if this is a btchip question or a greenaddress question...

[btchip]

Can anybody list the dependencies so that I can install them one by one? If the dependencies are pre-installed, it will be skipped when running the setup right?

If nobody is at it before I do, I'll have a look in the coming weeks. The Python implementation has some annoying low level bugs (related to the HID support) that need to be addressed.

P.S. What can we do with signTxArmory?

Initially perform multi signature with Armory lockboxes, but we run into an issue regarding compressed keys support in P2SH scripts when this was done (circa October 2014) which prevented us from moving forward. I don't know what's the status nowadays.

Does hw1/ledger/greenaddress work on chromium instead of chrome? Wasn't sure if this is a btchip question or a greenaddress question...

yes, everything should work fine on Chromium. The USB connectivity extensions are present in both versions.

[WBF1]

@btchip I got an hw1 in the mail. Tried everything and can't get it to work. You prefer troubleshooting here or by email or irc? (or are you even the right person to contact?)

[btchip]

@btchip I got an hw1 in the mail. Tried everything and can't get it to work. You prefer troubleshooting here or by email or irc? (or are you even the right person to contact?)

yes, email would be preferred (support@ledgerwallet.com)

[Muhammed Zakir]

@btchip I got an hw1 in the mail. Tried everything and can't get it to work. You prefer troubleshooting here or by email or irc? (or are you even the right person to contact?)

Hi! I maybe able to help you. Can you give more details please?

• Which wallet are you trying to use with HW. 1?
• Which OS?

I suggest you to use Electrum 2.0 or Multibit beta wallet or GreenAddress. You may also use BTChip API.

[LOBSTER]

When it's possible to order the cards? I prefer it more than the USB stick.

[jackbox]

When it's possible to order the cards? I prefer it more than the USB stick.

The cards have always been available but they are still a USB device.

https://buy.hardwarewallet.com/hw1shop/

[btchip]

I suggest you to use Electrum 2.0 or Multibit beta wallet or GreenAddress. You may also use BTChip API.

Multibit is not integrated yet. We did Mycelium first.

[Muhammed Zakir]

When it's possible to order the cards? I prefer it more than the USB stick.

The cards have always been available but they are still a USB device.

https://buy.hardwarewallet.com/hw1shop/

He is maybe talking about Ledger Blue?

https://medium.com/@Ledger/ledger-introduces-a-secure-portable-and-developer-friendly-hardware-wallet-protected-by-stm-s-tech-13c25b113723

I suggest you to use Electrum 2.0 or Multibit beta wallet or GreenAddress. You may also use BTChip API.

Multibit is not integrated yet. We did Mycelium first.

Thanks for the heads up. ETA?

[btchip]

He is maybe talking about Ledger Blue?

https://medium.com/@Ledger/ledger-introduces-a-secure-portable-and-developer-friendly-hardware-wallet-protected-by-stm-s-tech-13c25b113723

Oh. A bit too early then

Thanks for the heads up. ETA?

I'd say a few weeks. Everything is more or less done on my side regarding physical devices, just need to add support for our upcoming TEE application.

[WBF1]

@btchip I got an hw1 in the mail. Tried everything and can't get it to work. You prefer troubleshooting here or by email or irc? (or are you even the right person to contact?)

Hi! I maybe able to help you. Can you give more details please?

• Which wallet are you trying to use with HW. 1?
• Which OS?

I suggest you to use Electrum 2.0 or Multibit beta wallet or GreenAddress. You may also use BTChip API.

I'll still email support, but basically greenaddress chrome app doesn't see my hw1 as being connected to have a seed written to it or to create its own entropy.

I then did a firmware upgrade.

I then tried greenaddress again and it didn't work. Since hw1 and ledger are identical after the latest firmware, I tried myledger. It sees the device then later says it's not supported. Support site/faq says this means it was flashed without a "security card" (which I believe is a ledger-specific thing). I tried reflashing with a security card seed but it didn't help.

All was done initially on Linux with chromium (yes I added the udev rules). I then tried everything in Windows 8 with chrome and got the same result.

[btchip]

Sorry, the update process is a bit flaky right now. Posting here since it can help other users.

If you want to use it with GreenAddress, don't upgrade yet. The latest changes to support the new firmware have not been merged yet. That should happen soon.

If you upgraded without a Security Card and want to use it with Ledger, you'll need to reset it the hard way. To do that, visit https://fupbeta.hardwarewallet.com/old/ledger - perform an update (without the security card), approve the override, then remove the dongle while the progress bar is moving in the longest "Flashing Application" sequence. Then go back to https://fup.hardwarewallet.com and enter a Security Card ID (that you can print yourself) before uploading.

This will get sorted very soon.

[WBF1]

Sorry, the update process is a bit flaky right now. Posting here since it can help other users.

If you want to use it with GreenAddress, don't upgrade yet. The latest changes to support the new firmware have not been merged yet. That should happen soon.

If you upgraded without a Security Card and want to use it with Ledger, you'll need to reset it the hard way. To do that, visit https://fupbeta.hardwarewallet.com/old/ledger - perform an update (without the security card), approve the override, then remove the dongle while the progress bar is moving in the longest "Flashing Application" sequence. Then go back to https://fup.hardwarewallet.com and enter a Security Card ID (that you can print yourself) before uploading.

This will get sorted very soon.

This more or less worked. Thanks.

[btchip]

Glad to hear that. We'll make it easier for the next updates. Also GreenAddress support is moving forward, on time for the beginning of the week.

[WBF1]

Sounds good. On the software side the only app I can use is myLedger. I really hope you guys get an android based client working over OTG cable. So far greenbits hasn't worked and greenaddress hasn't worked and I can't get electrum setup with btchip support.


My main use case is for cold storage so I don't have to keep making paper wallets. Being able to withdraw from that without a computer would still be nice though.

[btchip]

Sounds good. On the software side the only app I can use is myLedger. I really hope you guys get an android based client working over OTG cable. So far greenbits hasn't worked and greenaddress hasn't worked and I can't get electrum setup with btchip support.

Both should work again with the update. But on a different wallet than the Ledger Wallet application of course.

Mycelium support is also coming, that one will be fully compatible with Ledger Wallet (same addresses derived)

[WBF1]

Both should work again with the update. But on a different wallet than the Ledger Wallet application of course.

Do you mean greenaddress and greenbits? And do you mean with the next update of the android and chrome apps or update of HW1 firmware?

[btchip]

GreenAddress and GreenBits yes. Since they are multisig they operate on a different key hierarchy.

I mean the next update of those apps. The firmware is ok.

Actually, GreenAddress update has been pushed on desktop. So if you create/restore a new wallet with it, you should be able to use it on desktop, then to use it with GreenBits (GreenAddress Android is not pushed yet)

[WBF1]

GreenAddress and GreenBits yes. Since they are multisig they operate on a different key hierarchy.

I mean the next update of those apps. The firmware is ok.

Actually, GreenAddress update has been pushed on desktop. So if you create/restore a new wallet with it, you should be able to use it on desktop, then to use it with GreenBits (GreenAddress Android is not pushed yet)

Sorry for so many questions, by do you mean greenaddress in chrome store?

[Muhammed Zakir]

Yes, GreenAddress in Chrome store. Haven't you tried Electrum? It is easy and it works well.

[WBF1]

Yes, GreenAddress in Chrome store. Haven't you tried Electrum? It is easy and it works well.

I was unable to get btchip support working.

[jackbox]

Yes, GreenAddress in Chrome store. Haven't you tried Electrum? It is easy and it works well.

I was unable to get btchip support working.

It works with the older firmware. Apparently the new firmware broke it and Green Address has not updated the app yet to fix what is broken.

[WBF1]

Been playing around with the newest greenaddress this morning and it works (version 0.0.66, downloaded directly from github).

After initializing with greenaddress, the hw1 then works fine in greenbits.

I then tried to log in with myLedger and it worked, but i think it uses a different address path.

Some questions: are the greenaddress and myLedger accounts/ addresses using the same seed? So that if I wiped then restored the seed, I could restore my addresses and balances on both myLedger and green address? And is the security card used with myLedger separate from the seed and not reset when entering PIN 3 times?

[btchip]

It works with the older firmware. Apparently the new firmware broke it and Green Address has not updated the app yet to fix what is broken.

it's ok now, the new GreenAddress version fixes that.

Been playing around with the newest greenaddress this morning and it works (version 0.0.66, downloaded directly from github).

After initializing with greenaddress, the hw1 then works fine in greenbits.

I then tried to log in with myLedger and it worked, but i think it uses a different address path.

Great, good to know everything is fine.

Some questions: are the greenaddress and myLedger accounts/ addresses using the same seed? So that if I wiped then restored the seed, I could restore my addresses and balances on both myLedger and green address? And is the security card used with myLedger separate from the seed and not reset when entering PIN 3 times?

yes to all of that. If you want to change your security card, you either have to reflash the firmware, or to use a user side function which is not properly documented yet - https://ledgerhq.github.io/btchip-doc/bitcoin-technical.html#_set_user_keycard

[WBF1]

Good to know. So it won't matter if I use greenaddress, myLedger, or the chip itself to generate the entropy and seed?

[btchip]

Good to know. So it won't matter if I use greenaddress, myLedger, or the chip itself to generate the entropy and seed?

yes, same thing, even if you use some external API, you just need to make sure to include the feature NO_2FA_P2SH to be compatible with GreenAddress/GreenBits.

[WBF1]

So I've been testing the HW1 with myLedger, greenaddress, and greenbits. So far I'm very happy with it. My only real sore point is not being able to generate receiving address without the device connected and unlocked. There needs to be an easy way to do this. Maybe integrating it into the Ledger 2FA app or at the very least a simple way to export xpub.

[btchip]

At the very least a simple way to export xpub.

you will be able to do that soon with the high level API - https://github.com/LedgerHQ/ledger-wallet-api and we also plan to add it in the Chrome app later

[WBF1]

At the very least a simple way to export xpub.

you will be able to do that soon with the high level API - https://github.com/LedgerHQ/ledger-wallet-api and we also plan to add it in the Chrome app later

Cool. It's not a must have for me personally at this moment, but it will certainly make things easier.

[AussieHash]

Now officially supported with coinkite multisig.
http://www.reddit.com/r/Bitcoin/comments/33qb88/ledger_coinkite_smartcards_with_multisignature/

[btchip]

You can now purchase HW.1 directly from the Ledger Wallet shop

[Mrtimbrady]

Sounds great!

[jdebunt]

A 15 eur device will be far more appealing to new/novice Bitcoin users I'd say

[btchip]

A 15 eur device will be far more appealing to new/novice Bitcoin users I'd say

yes, it has been hiding in plain sight for too long I guess 

[jackbox]

Is there any way to get a security card for an original HW card so that it can be used with the ledger wallet chrome app?

[WBF1]

Is there any way to get a security card for an original HW card so that it can be used with the ledger wallet chrome app?

You should be able to create one in the firmware update process.

[btchip]

Is there any way to get a security card for an original HW card so that it can be used with the ledger wallet chrome app?

You should be able to create one in the firmware update process.

Yes, there's a link to do that at https://fup.hardwarewallet.com/buildKeycard.html

[alexrossi]

I've bought a couple of HW1, both with the old firmware. I've tried to update one to the latest version with success (througt the fup.hardwarewallet.com tool). I've tried to initialize it, but now is stuck after the generation of the seed, in the part when i should unplug it and plug with an open text editor to backup my seed. Basically everytime that i try to plug in this HW1 it's recognized as keyboard, but it does not output the seed, or at least return in the standard mode :/

[btchip]

Can you describe very precisely all steps you followed to end up with that and your system configuration ? (on Ledger support mail preferably). I've been tracking this one down and unable to reproduce it yet.

Thanks

[alexrossi]

Can you describe very precisely all steps you followed to end up with that and your system configuration ? (on Ledger support mail preferably). I've been tracking this one down and unable to reproduce it yet.

Thanks

Successfull firmware update > Setup with the internal seed generator > Backup the seed > Stuck

Can i also ask a good APDU tool to communicate with the btchip? (for low level tweaking)

[btchip]

With which software ? On which OS ?

on https://github.com/LedgerHQ any API should do - the C version being the most documented

[alexrossi]

With which software ? On which OS ?

Electrum + ubuntu 15.04

Now i've a bricked btchip and one that is working flawlessy

But my major concern is this (also posted on github):

I've set my btchip in relaxed wallet mode, and now i should be able to sign transactions with how many outputs i want. But when i try to load a CSV range of address + amounts with the dedicated feature in electrum, the button "Sign" just does not appear.

There is an already aviable tool that allows a complete use of the relaxed/developer mode?

[AussieHash]

Now i've a bricked btchip and one that is working flawlessy

I was able to unbrick a HW-1 with a firmware downgrade

https://fupbeta.hardwarewallet.com

Followed by a firmware upgrade on OSX using ledger chrome wallet

Running the Ledger Chrome Wallet upgrade on Odroid Arm Ubuntu 14.04 fails every time.

Still waiting to hear back from the Ledger Chrome Wallet devs.....
http://www.reddit.com/r/Bitcoin/comments/344sdl/ive_bricked_my_btchip_hw1/#cqvqy58

[btchip]

Now i've a bricked btchip and one that is working flawlessy

I was able to unbrick a HW-1 with a firmware downgrade

won't work here. That's why I'm asking the guy to contact support.

Still waiting to hear back from the Ledger Chrome Wallet devs.....
http://www.reddit.com/r/Bitcoin/comments/344sdl/ive_bricked_my_btchip_hw1/#cqvqy58

I'll re-ping. Sorry, it's a bit difficult to get hold of people in France in May (about 2-3 bank holidays per week all month)

[kalgecin]

Hi can I use the same wallet I use for my other ledger products on this easily?

[Muhammed Zakir]

Hi can I use the same wallet I use for my other ledger products on this easily?

If you backup the seed, you can restore it in any of your HW.1.

[Wotan777]

I tried to install btchip-python under Win 7, 64 bit.

- installed python-2.7.9.amd64.msi
- added to PATH C:\Python27\;C:\Python27\Scripts\
- installed Microsoft Visual C++ VCForPython27.msi
- pip install cython
- pip install hidapi
- downloaded https://github.com/walac/pyusb/archive/pyusb-master.zip
- cd pyusb-master
- python setup.py install
- downloaded https://github.com/LedgerHQ/btchip-python/archive/btchip-python-master.zip
- cd btchip-python-master
- python setup.py install
- cd samples
- python getFirmwareVersion.py
[hang up]

I tried to run pyusb again:
cd pyusb-master\tests
python testall.py
PyUSB ValueError: No backend available

I Googled to this error, and found: http://stackoverflow.com/questions/5152133/pyusb-backend-not-accessible
It said that "You need to install libusb-1.0, libusb-0.1, or openusb as a backend to pyusb."

I downloaded libusb-win32-bin-1.2.6.0
cd libusb-win32-bin-1.2.6.0\bin
inf-wizard.exe

created a driver kit for
Vendor ID        Product ID      Description
0x2581            0x2B7C          Plug-up

Then installed the created driver.

Now pyusb tests run without errors.
Also, btchip-python is operational, gets back the firmware version, but not always:

btchip-python-master\samples>python getFirmwareVersion.py
=> e0c4000000
<= 010001040e014e9000
1.4.14

btchip-python-master\samples>python getFirmwareVersion.py
=> e0c4000000
Traceback (most recent call last):
  File "getFirmwareVersion.py", line 25, in <module>
.
.
    timeout
  File "C:\Python27\lib\site-packages\usb\backend\libusb0.py", line 381, in _che
ck
    raise USBError(errmsg, ret)
usb.core.USBError: [Errno None] libusb0-dll:err [_usb_reap_async] reaping reques
t failed, win error: "A device connected to the system doesn't operate properly"

The next test runs only ONCE conrrectly, then gives an error, then gangs up.
After pwercycle, the same...

\btchip-python-master\tests>python testConnectivity.py
btchip firmware version:
=> e0c4000000
<= 010001040e014e9000
{'compressedKeys': True, 'version': '1.4.14', 'specialVersion': 0}
some random number from the dongle:
=> e0c0000014
<= f673c10e1ce482848366cbc75fe42cd61f41ea3f9000
['0xf6', '0x73', '0xc1', '0xe', '0x1c', '0xe4', '0x82', '0x84', '0x83', '0x66',
'0xcb', '0xc7', '0x5f', '0xe4', '0x2c', '0xd6', '0x1f', '0x41', '0xea', '0x3f']

\btchip-python-master\tests>python testConnectivity.py
btchip firmware version:
=> e0c4000000
Traceback (most recent call last):
  File "testConnectivity.py", line 29, in <module>
    print(app.getFirmwareVersion())
  File "C:\Python27\lib\site-packages\btchip_python-0.1.14-py2.7.egg\btchip\btch
ip.py", line 363, in getFirmwareVersion
    response = self.dongle.exchange(bytearray(apdu))
  File "C:\Python27\lib\site-packages\btchip_python-0.1.14-py2.7.egg\btchip\btch
ipComm.py", line 79, in exchange
    self.device.write(0x02, tmp[offset:offset + 64], 0)
  File "C:\Python27\lib\site-packages\usb\core.py", line 898, in write
    self.__get_timeout(timeout)
  File "C:\Python27\lib\site-packages\usb\backend\libusb0.py", line 499, in intr
_write
    timeout)
  File "C:\Python27\lib\site-packages\usb\backend\libusb0.py", line 552, in __wr
ite
    timeout
  File "C:\Python27\lib\site-packages\usb\backend\libusb0.py", line 381, in _che
ck
    raise USBError(errmsg, ret)
usb.core.USBError: [Errno None] libusb0-dll:err [_usb_reap_async] reaping reques
t failed, win error: Egy rendszerhez csatlakoztatott eszk÷z nem műk÷dik.

btchip-python-master\tests>python testConnectivity.py
btchip firmware version:
=> e0c4000000
[HANG UP]



Please help! How to go on?

[btchip]

Please help! How to go on?

The Python API is broken on Windows, and I didn't have the opportunity to have a look yet.

[Muhammed Zakir]

Please help! How to go on?

The Python API is broken on Windows, and I didn't have the opportunity to have a look yet.

It is working good for me. Was it broken after you made an commit(if any)?

[Wotan777]

@Muhammed Zakir:

It is working good for me. Was it broken after you made an commit(if any)?

In my case under Win7 64 bit btchip-python is unstable, can't be used together with Electrum.

Did you use libusb-win32-bin-1.2.6.0?
Did you compile cython with Microsoft Visual C++ VCForPython27?
Or you used a MinGW environment?

[Muhammed Zakir]

@Muhammed Zakir:

It is working good for me. Was it broken after you made an commit(if any)?

In my case under Win7 64 bit btchip-python is unstable, can't be used together with Electrum.

Did you use libusb-win32-bin-1.2.6.0?
Did you compile cython with Microsoft Visual C++ VCForPython27?
Or you used a MinGW environment?

Yes, I use libusb but don't remember the version and I installed Cython using Python setup.py command and it used Visual C++.

[dasource]

Couple of questions...

1. How much more secure in the mobile app for second factor compared to the security card? (I can see the potential concern with the security card; is the Ledger team confident that the mobile app provides sufficient protection?)
2. I understand the second auth is not available if the nano/hw1 is used for multi-sig .. any plans to support that or is this a design decision?
3. What Key Derivation Paths are used by Ledger Wallet direct and Coinkite? should for example one need to manually pull those keys if said service is down etc.

Keep up the great work

Thanks

[jeannemadrigal2]

I just got a nano, it should come in the mail tomorrow and I am pretty excited about it.

I have a suggestion, I would like to see the support of altcoins, several different types of wallets, etc on the same device.  I know maybe this is a hard thing to do but I am throwing it out there as and idea perhaps for a future product.

[btchip]

Couple of questions...

1. How much more secure in the mobile app for second factor compared to the security card? (I can see the potential concern with the security card; is the Ledger team confident that the mobile app provides sufficient protection?)

the mobile app lets you verify the full transaction (including amount) so it's definitely better than the security card. Regarding its security a malware would have to compromise both the host and the phone simultaneously to trick you into signing something you didn't want to.

2. I understand the second auth is not available if the nano/hw1 is used for multi-sig .. any plans to support that or is this a design decision?

it's a design decision for this product as it'd make things awkward if for example you use your phone and the Ledger Nano for multi signature. On our next products supporting a screen (Trustlet, Blue) we'll be able to consistently verify the transaction.

3. What Key Derivation Paths are used by Ledger Wallet direct and Coinkite? should for example one need to manually pull those keys if said service is down etc.

Ledger Wallet uses standard BIP 44 on account 0 for the time being, Coinkite let you pick your own derivation path on the imported xpub then derives incrementally each key. I think you should be able to retrieve the current index on their signing page.

Keep up the great work

thanks, we'll do exactly that

I just got a nano, it should come in the mail tomorrow and I am pretty excited about it.

I have a suggestion, I would like to see the support of altcoins, several different types of wallets, etc on the same device.  I know maybe this is a hard thing to do but I am throwing it out there as and idea perhaps for a future product.

we plan to make it easier for people to support altcoins in the next firmware for third party wallets, if we get enough code space for that. Some people already worked on it with the current firmware, but it's not deployed yet.

[dasource]

3. What Key Derivation Paths are used by Ledger Wallet direct and Coinkite? should for example one need to manually pull those keys if said service is down etc.

Ledger Wallet uses standard BIP 44 on account 0 for the time being, Coinkite let you pick your own derivation path on the imported xpub then derives incrementally each key. I think you should be able to retrieve the current index on their signing page.

Thanks, in reference to the above; Not specific to Ledger but a general note. I noticed CoinKite starts its default at 1 ... going forward with more implementation and users being able to select which Subkey (at CK) on BIP44 path one could end up with clashes where addresses are being reused (say across multiple wallets using different implementations etc). Any thoughts on that?

[btchip]

Thanks, in reference to the above; Not specific to Ledger but a general note. I noticed CoinKite starts its default at 1 ... going forward with more implementation and users being able to select which Subkey (at CK) on BIP44 path one could end up with clashes where addresses are being reused (say across multiple wallets using different implementations etc). Any thoughts on that?

Sorry, missed your post. Yes, some implementations can reuse key paths. I don't think it's a major problem as that would happen in multisignature use cases with different signers.

Now for the good news, I should have finally fixed Windows support properly and added some updated build instructions on https://github.com/LedgerHQ/btchip-python - also Electrum 2.3.2 binaries should work fine (when they're out)

Electrum 2.3.2 also supports Ledger Security Card validation, allowing you to use it after a regular Ledger Wallet initialization.

[AussieHash]

Are you at liberty to share whether we can expect a HW-2 or Nano-2 with upgraded specs, and perhaps integrated U2F support ?

[btchip]

Integrated U2F is probably not going to happen for the Nano, as that would mean starting a new production run and have people buy the new one. So not very interesting. We're not working on a new Nano, we want to keep this one up to date with as many new features as we can.

We expect to have a Blue design available by the end of the year, beginning of the next, including U2F (and UAF if the specification is stable enough)

In the meantime the public TEE application beta should start in a few weeks (for Samsung Galaxy S6, Note 4 N910C/N910H owners), and probably another surprise during summer.

[nogreedy]

Hello,
That's great you use OpenBazaar to sale Ledger products.
Congrats.
http://bazaarbay.org/contracts/bfd50bcd4e743f243b435a15aa634b1fd45e19c9
https://twitter.com/openbazaar/status/609152199621521408
https://twitter.com/LedgerHQ/status/610355906421870592

[Mitchell]

I tried to update my old HW1 so that I could use the Ledger Wallet application and the firmware update got stuck after the bootloader part where you are ask to remove the device and reconnect it. I can't get passed the reconnet part as my device isn't seen/recognized anymore. The GreenAddress application on my Android phone doesn't recognize it either. Any ideas, hints, tips?

[btchip]

I tried to update my old HW1 so that I could use the Ledger Wallet application and the firmware update got stuck after the bootloader part where you are ask to remove the device and reconnect it. I can't get passed the reconnet part as my device isn't seen/recognized anymore. The GreenAddress application on my Android phone doesn't recognize it either. Any ideas, hints, tips?

The device is in bootloader mode and you'll have to be able to finish flashing it on a computer before being able to use it again on Android.

If you're running Linux, you might want to check that your udev rules have been updated to support the 1807 and 1808 product IDs - http://support.ledgerwallet.com/knowledge_base/topics/ledger-wallet-is-not-recognized-on-linux

If you're running Windows (especially Windows 7), the wrong driver might be installed - http://support.ledgerwallet.com/knowledge_base/topics/ledger-wallet-is-not-recognized-on-windows-7

[Mitchell]

I've installed all the 64 bit drivers and everything worked before doing the update (I wouldn't be able to update without the drivers). I've refreshed the update page multiple times, rebooted my pc, removed and readded the HW1. All to no avail.

[btchip]

I've installed all the 64 bit drivers and everything worked before doing the update (I wouldn't be able to update without the drivers). I've refreshed the update page multiple times, rebooted my pc, removed and readded the HW1. All to no avail.

the device changes completely when in bootloader mode, so it might be necessary to force the driver manually when this happens, or to use Zadig to force it again (the installer didn't really work for bootloader mode either)

[gsupp]

Has anyone used their HW.1 with Electrum 2.4 on Ubuntu? Is there a guide available anywhere?

[tricass]

i have a duo hw1 and have set both up to use the same seed and can pair multiple devices to the wallet. however, it appears transaction authorisations are only push out successfully to the last paired device. is there a way to get this to work for more than one paired device?

[btchip]

Has anyone used their HW.1 with Electrum 2.4 on Ubuntu? Is there a guide available anywhere?

there is a (slightly outdated) guide here : https://www.reddit.com/r/coincode/comments/336f08/ledger_hw1_review_and_guide_for_use_welectrum/

i have a duo hw1 and have set both up to use the same seed and can pair multiple devices to the wallet. however, it appears transaction authorisations are only push out successfully to the last paired device. is there a way to get this to work for more than one paired device?

checking that with the right team and I'll let you know

[tricass]

Has anyone used their HW.1 with Electrum 2.4 on Ubuntu? Is there a guide available anywhere?

there is a (slightly outdated) guide here : https://www.reddit.com/r/coincode/comments/336f08/ledger_hw1_review_and_guide_for_use_welectrum/

i have a duo hw1 and have set both up to use the same seed and can pair multiple devices to the wallet. however, it appears transaction authorisations are only push out successfully to the last paired device. is there a way to get this to work for more than one paired device?

checking that with the right team and I'll let you know

thanks.

also, I came across this article today http://www.wired.com/2015/07/brainflayer-password-cracker-steals-bitcoins-brain/. would our hd wallets and the 24 word secret phrase we use to generate the private key for ledger and hw.1 be affected by this?

[btchip]

also, I came across this article today http://www.wired.com/2015/07/brainflayer-password-cracker-steals-bitcoins-brain/. would our hd wallets and the 24 word secret phrase we use to generate the private key for ledger and hw.1 be affected by this?

that's not a risk, brainwallets are easy to crack because the passphrase is the entropy of the seed, and we are not a very good source of entropy. The mnemonic phrase works the other way round : the words encode the entropy of the seed, which is chosen by a proper random generator.

[tricass]

also, I came across this article today http://www.wired.com/2015/07/brainflayer-password-cracker-steals-bitcoins-brain/. would our hd wallets and the 24 word secret phrase we use to generate the private key for ledger and hw.1 be affected by this?

that's not a risk, brainwallets are easy to crack because the passphrase is the entropy of the seed, and we are not a very good source of entropy. The mnemonic phrase works the other way round : the words encode the entropy of the seed, which is chosen by a proper random generator.

not being across the limitation of brainwallets I found that article illuminating and rather disturbing. thanks for the explanation on the differences. i can rest easy again

[btchip]

The latest Mycelium beta adds support for HW.1 and Ledger Wallet - check the Beta Channel instructions on https://github.com/mycelium-com/wallet to test it

[AussieHash]

The latest Mycelium beta adds support for HW.1 and Ledger Wallet - check the Beta Channel instructions on https://github.com/mycelium-com/wallet to test it

I joined the mycelium beta program and just downloaded the latest release from the play store. This update is new since 12 hours ago, and lists Ledger Nana, HW1 and unplugged support, and coinapult support.

I can confirm the coinapult support is there when I add an account, but I can't see Ledger support anywhere.

The Cold storage option only has Sign with Trezor.

With HW1 + OTG I get to Trezor okay - scanning accounts, and nothing happens from there .....

[btchip]

Make sure you visited the other link after joining the group. It should be in Advanced / Ledger when you scan - also recheck the version number at the bottom of Mycelium app - Android betas are quite horrible to install if you have multiple accounts on your phone as the Play Store will point you to random versions depending which account you're signed on with (which you can't really control)

[AussieHash]

Make sure you visited the other link after joining the group. It should be in Advanced / Ledger when you scan - also recheck the version number at the bottom of Mycelium app - Android betas are quite horrible to install if you have multiple accounts on your phone as the Play Store will point you to random versions depending which account you're signed on with (which you can't really control)

Running version 2.5.0

Under :. Settings
At the very bottom is "Ledger Hardware Wallet", the only tick box there is "Disable TEE support"

Settings > Advanced Settings only has "Use tor-Network"

No Ledger option in :. Cold Storage

Edit : helps if you read the manual !

Just uploaded a new version of the current 2.5.0 Beta, which now includes Ledger support - you can import accounts from Ledger Nano, HW.1 and (the not yet release) Ledger Unplugged (NFC card).

To test the new option, go to the Account-Tab, click the [add] Button and go to the [Advanced] section. Here youll find a new [Ledger] Button. Plug in your Ledger via an OTG-Cable and import an account.

Works ! Is the Mycelium/Ledger GUI limited to 4 digit PINs, or if I have setup a longer one will it allow me to enter >4 digits ?

[btchip]

I'd say it's limited to 4 digits since the Chrome app works with 4 digits, but I can't really remember.

[btchip]

If you get the latest Greenbits or Mycelium beta and a Galaxy S6, S6 Edge, S6 Edge Plus, Note 5, or an Exynos CPU Note 4 (SM-N910C and SM-N910H), you can also test Ledger Trustlet, a virtual hardware wallet you can download for the Trusted Execution Environment of your smartphone - more details on https://www.ledgerwallet.com/beta/trustlet

[japerry]

i have a duo hw1 and have set both up to use the same seed and can pair multiple devices to the wallet. however, it appears transaction authorisations are only push out successfully to the last paired device. is there a way to get this to work for more than one paired device?

Ahh!!! That's why it's not working with my tablet! It was working until I paired my new phone and now it only works with the phone.

[Muhammed Zakir]

Still hasn't received my BTCChip. Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Best Of Luck!

  ~~MZ~~

yeah, I'm afraid it looks like I'm beta testing the post office delivery to non European / US countries. I'll resend it tomorrow using a different service, sorry for the delay.

Remember the one you send for first time? It reached its destination 2-3 months ago but the receiver informed me very recently. What should I do? Sending back is certainly not a good idea. Should I pay you or sell it to someone else and send you the money?

* Edited.

[btchip]

Ahh!!! That's why it's not working with my tablet! It was working until I paired my new phone and now it only works with the phone.

I thought that had been solved, will talk about it with the team

Remember the one you send for first time? It reached its destination 2-3 months ago but the receiver informed me very recently.

it's ok, you can give it to someone needing it

[tricass]

looks like i'm a victim of this malleability i read about here: http://cointelegraph.com/news/115374/the-ongoing-bitcoin-malleability-attack

is there anything i can do to sync my hw1 ledgerwallet to show the correct amount? at the moment I have a transaction that has been duplicated. it was a simple funds movement between accounts on my hw1. one transaction has cleared and the other is unconfirmed. the consequence is one of my wallets reads as balance of 0.5 btc but has a usd balance of -118.38 (because of the duplicate spend) and the other obviously has too much funds in it. but i believe the total funds across all wallets are correct.

[tricass]

looks like i'm a victim of this malleability i read about here: http://cointelegraph.com/news/115374/the-ongoing-bitcoin-malleability-attack

is there anything i can do to sync my hw1 ledgerwallet to show the correct amount? at the moment I have a transaction that has been duplicated. it was a simple funds movement between accounts on my hw1. one transaction has cleared and the other is unconfirmed. the consequence is one of my wallets reads as balance of 0.5 btc but has a usd balance of -118.38 (because of the duplicate spend) and the other obviously has too much funds in it. but i believe the total funds across all wallets are correct.

looks like an uninstall and reinstall of the ledger chrome app did the trick. thanks eric.

[torusJKL]

Is there a way to create more than 1 new address (within the same account)?
For example if I want to ask multiple people to pay later with each having his individual address so that I can track who actually paid.

I have tried with the Ledger Wallet Chrome app and Mycelium but they only give me the next address and as long as no transaction is registered on it I can't get a new one.

[alexrossi]

Is there a way to create more than 1 new address (within the same account)?
For example if I want to ask multiple people to pay later with each having his individual address so that I can track who actually paid.

I have tried with the Ledger Wallet Chrome app and Mycelium but they only give me the next address and as long as no transaction is registered on it I can't get a new one.

You have a BIP32 xpub, so just use a tool like this: https://bitcore.io/playground/#/hdkeys

[btchip]

Is there a way to create more than 1 new address (within the same account)?

you do it on Ledger Wallet Chrome app through the API - https://www.ledgerwallet.com/api/demo.html use "Get Xpub" with the BIP 44 path

(44'/0'/0'/0/x with x being the index, for the first account)

[torusJKL]

Thanks for your replies.

You have a BIP32 xpub, so just use a tool like this: https://bitcore.io/playground/#/hdkeys

This way I can create new pulic keys even without having the ledger wallet with me.
On the other hand if my xpubkey is leaked then all the future public keys for all my accounts could be generated by a third party, right?

you do it on Ledger Wallet Chrome app through the API - https://www.ledgerwallet.com/api/demo.html use "Get Xpub" with the BIP 44 path

(44'/0'/0'/0/x with x being the index, for the first account)

This looks to me as the easiest and safest way to do it for now.

[btchip]

On the other hand if my xpubkey is leaked then all the future public keys for all my accounts could be generated by a third party, right?

No, only one account privacy will be compromised as you have to get an xpub per account (the account index being an hardened BIP32 derivation)

[torusJKL]

When signing a message I'm asked to use a different computer if the current one is compromised.

Let's assume the computer is compromised.
What are the possibilities of a hacker?
Could he change the text and trick me in signing a different message?

Are there other things a hacker could do?


Actually there is no way I can know with certainty if my computer is compromised.
Thus best practice would be to use an air gaped computer to get the 2FA pin, or is this overkill?

[btchip]

Could he change the text and trick me in signing a different message?

yes, that's the idea. Nothing else but that's bad enough.

Actually there is no way I can know with certainty if my computer is compromised.
Thus best practice would be to use an air gaped computer to get the 2FA pin, or is this overkill?

if you're signing something critical, that's the best option. Note that you can use anything that recognizes a HID keyboard - it could be a phone or a smart TV or a Windows PC with no session open for example.

The next firmware version will provide an option to verify the message content on the paired smartphone when signing.

[torusJKL]

if you're signing something critical, that's the best option. Note that you can use anything that recognizes a HID keyboard - it could be a phone or a smart TV or a Windows PC with no session open for example.

Would it make sense to have this functionality in the Ledger Starter distribution?

[btchip]

Would it make sense to have this functionality in the Ledger Starter distribution?

I think it does it by default - you can boot starter, plug the device when it's supposed to write something and it'll just write it where the focus is currently set.

[torusJKL]

A question regarding the upgrade process.
I'm asked to enter the 32 letters of my security card.

As any computer could be compromised I have to assume that this input is intercepted and thus I loose another layer of security.
The pin code and the security card would be known to the attacker.

Is there a better way to upgrade?
Could the Ledger Starter be enhanced with the possibility to upgrade?

[btchip]

Is there a better way to upgrade?
Could the Ledger Starter be enhanced with the possibility to upgrade?

I think it can already do that

[torusJKL]

I think it can already do that

Could you tell me how?
I did not find any menu item to initiate the upgrade.
Thanks.

[torusJKL]

A short list of features I would like to see in the Ledger Starter distro:

- update the Nano/HW.1 OS
- generate the security card (like on https://www.ledgerwallet.com/wallet/keycard)
- reprogram the Nano/HW.1 with a different security card (so that I could change the security card myself every x days)

Would this be possible?

[btchip]

definitely doable, I'll push that and the other question to the team dealing with Starter

[Morveus]

A short list of features I would like to see in the Ledger Starter distro:

- update the Nano/HW.1 OS
- generate the security card (like on https://www.ledgerwallet.com/wallet/keycard)
- reprogram the Nano/HW.1 with a different security card (so that I could change the security card myself every x days)

Would this be possible?

Hi!

The Starter can already be upgraded very simply: by dropping a new rootfs image on the flash drive. When we'll publish a new version, you will be able to download it (+ match the file with our signature) and then overwrite the previous one.

Generating the security card will be very trivial, we'll start working on it asap.

The two other features are doable but will require more work. The Chrome app team has an idea about that which could be very interesting if we can make it work, so stay tuned!

[japerry]

definitely doable, I'll push that and the other question to the team dealing with Starter

Wow!! Very nice! I'll be looking forward to the new starter!

[torusJKL]

definitely doable, I'll push that and the other question to the team dealing with Starter

Thanks for taking my feature requests to the team.

Generating the security card will be very trivial, we'll start working on it asap.

Looking forward using the next release.

The two other features are doable but will require more work. The Chrome app team has an idea about that which could be very interesting if we can make it work, so stay tuned!

Hopefully you can do it.
In the mean time I'll reanimate my old notebook with a CD-ROM and update the ledger with a Live-System. :-)

[torusJKL]

Would it be possible to request a specific address from the Ledger API?
E.g. requesting the address of the path "44'/0'/0'/0/0" and get that specific address back.

I opened an issues describing the details about this on github: https://github.com/LedgerHQ/ledger-wallet-api/issues/2

[AussieHash]

Would it be possible to request a specific address from the Ledger API?
E.g. requesting the address of the path "44'/0'/0'/0/0" and get that specific address back.

https://www.reddit.com/r/Bitcoin/comments/33q6mc/ledger_releases_high_level_developper_api_for_the/

[torusJKL]

https://www.reddit.com/r/Bitcoin/comments/33q6mc/ledger_releases_high_level_developper_api_for_the/

Unfortunately I can't see how that answers my question.
Could you please explain more in detail how I can get a specific address from the API?

[gogxmagog]

I've been using the ledger wallet for a while and am very happy. The low cost is what convinced me at first, and it looks like the bitchip is even cheaper. The one thing I would suggest is some sort of protective casing. I am confident to carry my ledger around in my pocket if need be because it is in a little slip case. If bit chip had something similar it would be perfect

[Bridgewater]

For the Ledger Chrome app to work, what IP addresses/ports do I need to open for basic functionality (sync/spend/confirm on mobile device)

[btchip]

For the Ledger Chrome app to work, what IP addresses/ports do I need to open for basic functionality (sync/spend/confirm on mobile device)

You only need to open port 443 on *.ledgerwallet.com

[japerry]

For the Ledger Chrome app to work, what IP addresses/ports do I need to open for basic functionality (sync/spend/confirm on mobile device)

You only need to open port 443 on *.ledgerwallet.com

I looked at the traffic generated a while back. I thought chain.com was accessed by the app also?

[btchip]

The application had a websocket open to Chain in the past, now we are using our own service.

[Bridgewater]

For the Ledger Chrome app to work, what IP addresses/ports do I need to open for basic functionality (sync/spend/confirm on mobile device)

You only need to open port 443 on *.ledgerwallet.com

Thank you!

I have another question about security:

I tried out Mycellium with Ledger for the first time yesterday. When using Mycellium, even though the Security Card is required to spend, the app is able to display the HW.1's complete list of mnemonics without the Security Card.  Does this mean that someone in possession of just the Ledger Nano/HW.1 and the 4-digit pin can reconstruct the bip32 seed and spend without the security card?

[btchip]

No, the app is probably displaying the mnemonic from your main account - not from the Ledger one. There is no way to recover the mnemonic from the chip, for security reasons obviously 

[japerry]

The application had a websocket open to Chain in the past, now we are using our own service.

Ahh ok. I haven't checked in a while.

[Bridgewater]

No, the app is probably displaying the mnemonic from your main account - not from the Ledger one. There is no way to recover the mnemonic from the chip, for security reasons obviously  

Oh! you're right. The mnemonics were completely different. I guess the Mycellium interface takes a little getting used to.  

Are there plans to have mycellium support the secure screen verification, or a complete Ledger wallet app for Android that does?

[mishax1]

How do I empty a wallet without leaving any dust satoshi ?

[btchip]

Are there plans to have mycellium support the secure screen verification, or a complete Ledger wallet app for Android that does?

It will be possible to do that with specific hardware - if there is a Trusted Execution Environment available with direct access to the UI, we can use that to prompt for a secure confirmation, or with our next wallets, but not with the Nano - otherwise we'd have to use another phone as a second factor.

How do I empty a wallet without leaving any dust satoshi ?

we don't have an option to do that automatically yet, you have to substract the suggested fee value from your total amount.

[tricass]

Have been using a duo hw.1 setup (one as a backup) for well over a year and find it an excellent and inexpensive hw solution especially when used with a smartphone as a second factor for improved convenience when spending. Have started looking into using copay and their multi sig support which also supports ledger hw.1/nano as a co-signer. The question I have is can I continue to use my hw.1 as a dedicated hardware wallet, as well as, have it function as a co-signer for the copay wallet? Or does this require or on security grounds a separate ledger hw?

[btchip]

The question I have is can I continue to use my hw.1 as a dedicated hardware wallet, as well as, have it function as a co-signer for the copay wallet?

Yes, you can do that if it was properly initialized with the "allow multisig without confirmation" flag - it might not be if you were one of our first users. In this case, you'd just need to reset the HW.1 by entering a wrong PIN 3 times, and restore it with the latest Chrome application. But you can test it with Copay first. If it works, you're good to go.

[tricass]

The question I have is can I continue to use my hw.1 as a dedicated hardware wallet, as well as, have it function as a co-signer for the copay wallet?

Yes, you can do that if it was properly initialized with the "allow multisig without confirmation" flag - it might not be if you were one of our first users. In this case, you'd just need to reset the HW.1 by entering a wrong PIN 3 times, and restore it with the latest Chrome application. But you can test it with Copay first. If it works, you're good to go.

I don't recall seeing that option when I originally set it up. Good to know it should work so I'll give both suggestions a go now. Thanks

[mocacinno]

I just bought a HW.1, and i wanted to quickly review the process and ask some extra questions.

Process:

• finding the website and the product: Really easy
• ordering and paying: since i expect BTC to rise pretty soon,so i didn't want to spend any BTC, so i was happy to being offered the option to pay with Paypal
• shipping, handling, packaging: I ordered on the 21st, chose the slow option, was supprised when i found the package in my letterbox on the 25th... WOW  . Also: i was expecting a small letter containing a small piece of plastic, but i received a professionally wrapped big envelop, containing a sealed cardboard box... Shipping and handling was top-notch
• price/quality ratio: the stick itself looks a bit flimsy, but when you hold it, you can actually feal it reasonably durable. I don't think you'll find any HW wallet with such a good price/quality ratio
• initialising my ledger: i used the iso-image i found here https://www.ledgerwallet.com/files/ledger-secure-starter.iso on an usb-stick in order to initialise everything... went perfectly
• setting up my system: on my workpc (windows 7), it went like a breeze, on my homePC (openSuse), i needed to do this: http://support.ledgerwallet.com/knowledge_base/topics/ledger-wallet-is-not-recognized-on-linux

Here are my questions/remarks, maybe some of them were already answered, i didn't do the effort of plowing trough 19 pages of replys... i'm very sorry 
 

• at the moment, the ledger wallet is basically a chrome plugin... Will this always stay like this?
• maybe it's a good idear to put the linux tutorial on how to get the wallet working on a more prominent spot
• will there be an option to sign messages in the near future? I think this would be a great addition, since that way i could get rid of my electrum wallet
• speaking of electrum: would it be possible to get a newbie-friendly version of the installation manual for electrum? I found a tutorial, but it was so long i didn't bother following it
• a new address is being generated for each transaction (perfect), but at the moment, i'm transferring funds to my ledger with very low fees (i don't care if it takes days, even weeks before it's confirmed): i don't see unconfirmed transactions to the newly generated address, while in fact, there is an unconfirmed transaction viewable on blockchain.info (i'm not willing to share the tx because of privacy)... is this a feature or a bug?

[btchip]

Thanks for the review, on to the questions

• at the moment, the ledger wallet is basically a chrome plugin... Will this always stay like this?

On desktop yes, we don't plan to make it a standalone application (or maybe a standalone Electron application at some point, which doesn't change much)

• maybe it's a good idear to put the linux tutorial on how to get the wallet working on a more prominent spot

yes, we'll think about it

• will there be an option to sign messages in the near future? I think this would be a great addition, since that way i could get rid of my electrum wallet

this will be available in the next firmware update, when paired to a smartphone.

• speaking of electrum: would it be possible to get a newbie-friendly version of the installation manual for electrum? I found a tutorial, but it was so long i didn't bother following it

yes, this is long overdue, but we didn't get an opportunity to write it yet.

• a new address is being generated for each transaction (perfect), but at the moment, i'm transferring funds to my ledger with very low fees (i don't care if it takes days, even weeks before it's confirmed): i don't see unconfirmed transactions to the newly generated address, while in fact, there is an unconfirmed transaction viewable on blockchain.info (i'm not willing to share the tx because of privacy)... is this a feature or a bug?

it should be displayed, you can send your logs to support@ledgerwallet.com so the wallet team can have a look if it doesn't appear.

[mocacinno]

it should be displayed, you can send your logs to support@ledgerwallet.com so the wallet team can have a look if it doesn't appear.

It did appear as soon as the transaction was confirmed... As long as the transaction wasn't confirmed, it didn't show up in the wallet's transaction list.
Can you tell me where i can find the standard log directory on windows?

[btchip]

You should get them when clicking on Settings / Tools / Export Logs, but since it appeared, it might just have been a temporary mempool glitch, as we're still tweaking servers a bit.

[mocacinno]

You should get them when clicking on Settings / Tools / Export Logs, but since it appeared, it might just have been a temporary mempool glitch, as we're still tweaking servers a bit.

I'll let you know if it ever happens again 
Great product, even better to see you're active on the forum, and responding to questions your users have: +1

[Bridgewater]

I have an HW.1 that is no longer recognized by the computer. Something must have gone wrong during initialization with Electrum.

I think I had unplugged it as instructed and was trying to display the seed in my text editor on an offline computer, but nothing was ever displayed.  Now it is not recognized in ANY computer. I've tried the chrome app, the ledger starter iso, and https://fup.hardwarewallet.com/ledger/, and none of them are aware that I have plugged the device in.  My other two HW.1 are detected normally.

Is there any way to recover it?  Thanks

[AussieHash]

What firmware version are/were you running on the HW-1

Can you show the USB bus report for the HW-1

Ledger Wallet:
  Product ID

Power cycle your HW-1 and see if the Product ID changes.

[cryptillian]

dont know if this is the official ledger forum but last week i tried to use my verified phone and ledger wallet to send some but it kept hanging on the last phase waiting on verify the phone. rebooted both the phone and pc but it kept the same. had to use the card any tips to fix this?

[tricass]

I usually have to re-pair my phone with the hw wallet when that happens with my hw.1. No longer an issue with my nano s

[cryptillian]

ill try that

[cryptillian]

it didnt work. tried to re-pair it gave an error then removed and installed again on my phone same error. just now rebooted phone and tried to pair phone but it just hangs on"pairing in progress" phone does give the security code lookups tho. any suggestions?

[alexrossi]

Till now, for me, this is hands down the best hardware wallet that offers security at a decent price. Security trade-off exists even with premium devices like trezor that use a proprietary controller, so to me it makes no sense to invest more money than 20 euros for a device that you should trust at least a little.

I'm trying to fix the compatibility issue with the last firmware and electrum (basically electrum btchip-python doesn't support the security card feature, so the device get stuck when signing a transaction). At the moment i need to use the python console to sign transaction and it's really a pain.

[alexrossi]

I've tried many times to setup the dongle via the python API but when i try to sign transactions with electrum I always get stuck. May I ask if the dev has a setup command that works with the standard verification via unplugging and plugging the btchip?

[japerry]

I've been having this problem for several versions now. I can't use Electrum with my HW.1 at all.

[mishax1]

Why can't I sign a simple message with the Ledger ?  I signed the same message using mycelium with no problem..

[webbrowser]

I wanted to buy a Ledger Nano S to replace my HW1, but the only shipping option is UPS express for 179.04 € ! 

What's up with that? Can't remember the shipping cost on my HW1, but it was a lot more reasonable.

[BitcoinNewsMagazine]

I wanted to buy a Ledger Nano S to replace my HW1, but the only shipping option is UPS express for 179.04 € ! 

What's up with that? Can't remember the shipping cost on my HW1, but it was a lot more reasonable.

They may be having a glitch with their shopping cart or your country is one where shipping options are limited. Have you checked prices in Amazon?

[webbrowser]

I wanted to buy a Ledger Nano S to replace my HW1, but the only shipping option is UPS express for 179.04 € ! 

What's up with that? Can't remember the shipping cost on my HW1, but it was a lot more reasonable.

They may be having a glitch with their shopping cart or your country is one where shipping options are limited. Have you checked prices in Amazon?

Yeah, maybe there was a glitch with their shopping cart. Shipping is now down to €50.03, which is still crazy compared to the cost of the ledger itself, but is probably the correct order of magnitude for what UPS actually charges.

The third party resellers on Amazon ask US$154. They probably only get away with this because direct purchases will only ship a month later, and cost so much in shipping.

I wish Ledger offered lower cost shipping services to Asia.

[mishax1]

Is there any way to claim bitcoin gold from ledger nano / hw.1 segwit address ?

[misc2012-de]

Is there any way to claim bitcoin gold from ledger nano / hw.1 segwit address ?

Good question, i got in touch with ledger support, nobody was able to give a precise answer. I would not buy a ledger device again!!!

[mishax1]

Is there any way to claim bitcoin gold from ledger nano / hw.1 segwit address ?

Good question, i got in touch with ledger support, nobody was able to give a precise answer. I would not buy a ledger device again!!!

They keep ignoring me. Well then..   Ordered the new Trezor T.

[AlainC]

Is there any support of java or C/C++ API for recent version : Ledger Nano S ?
I've seen Javascript and chrome embeded version, not well documented, but for C/C++ or java, it is only BTChip obsolete version...

Github have much projects, but documentation is brutal... It seems all i need would be a "Howto" setup the dev env,  a helloworld for the HID transport layer, and a reference documentation for the service (the app managing the secondary passphrase). BTChip java APi was good enought, so i could contact the Nano via WinUSB+usb4java, but even getFirmwareVersion is not compatible...

[madgpt]

In Windows Device Manager it will show up as an HID (Human Interface Device). The computer sees it as a keyboard. It will not show up under the USB tab.

[AlainC]

I'll try to play with the js API, then see if I can understand what is happening...