Bitcoin Forum
November 18, 2024, 10:56:49 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
Author Topic: AirGap wallet- Self custody made simple and secure - Protect your crypto offline  (Read 2644 times)
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
June 05, 2021, 12:00:22 PM
Last edit: August 24, 2022, 07:56:05 AM by Pearson12
Merited by hugeblack (4), ABCbits (2), Welsh (1), SFR10 (1)
 #1



AirGap is an open-source audited software wallet that turns your old phone into a hardware wallet. it achieves this by using two apps, called AirGap vault and AirGap wallet.

AirGap Vault: AirGap Vault is a blockchain agnostic crypto vault that turns your mobile phone into a cold wallet.

AirGap Vault does not connect to any network, irrespective of the device used. This system built into the app makes it more secure than an ordinary crypto wallet.

Transactions can be signed seamlessly without the use of cables, thanks to verifiable QR codes. This opens up multiple possibilities for interacting with other solutions and also wallets.

The AirGap Vault is currently used alongside other companion apps like AirGap Wallet, MetaMask, Sparrow Wallet, BlueWallet, Specter, and any other QR code-based wallets. These companion apps serve as watch-only wallets that allow users to view portfolios and initiate transactions while the Vault signs transactions and protect your private keys offline.
.

AirGap Wallet: The AirGap Wallet is a watch-only wallet used alongside the AirGap Vault. This separation helps to provide optimum security while handling your funds.

The AirGap Wallet initiates transactions, connects to a network to fetch data from the blockchain, and displays this information within the app as a portfolio overview. The Vault, however, does not connect to any network, irrespective of the device used. The Vault signs transactions and protects your private key securely offline.

About AirGap features
  • Store your private key totally offline with maximum security
  • MetaMask Support
  • Offline Address Overviewl
  • Secure input Keyboard
  • Coin Flip & Dice Roll
  • Offline Key Generation
  • BIP39 Passphrase
  • Shamir Shares
  • Open Source
  • BIP85 Child Entropy
  • No KYC requirement to be able to convert coin within the application
  • Many more...

COIN SUPPORTED
  • All EVM-chain when paired with MetaMask
  • Bitcoin(BTC)
  • Ethereum(ETH) & ERC20
  • Aeternity(AE)
  • Groestlcoin(GRS)
  • Tezos(XTZ) & FA1.2/2
  • Cosmos(ATM)
  • Polkadot(DOT)
  • Kusama(KSM)
  • Moonriver(MOVR)
  • Shiden(SDN)
  • Astar(ASTR)

dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7590



View Profile WWW
June 05, 2021, 12:12:27 PM
 #2

AirGap is an open-source audited software wallet that turns your old phone into a hardware wallet. it achieves this by using two apps, called AirGap vault and AirGap wallet.

I have my old smartphone with Android os version 4.4.2 and I can't turn it into ''hardware wallet'' because i can't install and test this app.

Not really sure what version Airgap is supporting but if they are only supporting new android versions than this story of using old phones is not really true.
I can even read on their google store that even Android 5.1 and Android 8 are not supported, and some user with Android 6 is also having issues.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
June 05, 2021, 07:37:08 PM
Last edit: June 05, 2021, 07:50:48 PM by Pearson12
 #3

AirGap Vault and AirGap Wallet require at least Android 5.0. Make sure that the WebView is updated to the latest version.
khaled0111
Legendary
*
Online Online

Activity: 2716
Merit: 3060


Top Crypto Casino


View Profile WWW
June 05, 2021, 10:14:50 PM
 #4

dkbit98 raised a good point. Anyone who is going to use AirGap wallet is likely going to use an old mobile with an old Android version especially the mobile for the AirGap Vault. And since it is going to be an arirgapped device it would be better if you makeAirGap Vault compatible with old versions than asking the user to upgrade his device which require an Internet connection.
Also, in this guide on how to create a wallet: https://medium.com/airgap-it/airgap-the-step-by-step-guide-bff36d50a4ed it sais you have yo "Use your fingerprint to store the secret in the secure enclave of the mobile device"! is this mandatory? If yes then what about devices that are not equipped with fingerprint sensors?

Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
June 05, 2021, 11:06:11 PM
Last edit: June 06, 2021, 09:49:32 AM by Pearson12
 #5

dkbit98 raised a good point. Anyone who is going to use AirGap wallet is likely going to use an old mobile with an old Android version especially the mobile for the AirGap Vault. And since it is going to be an arirgapped device it would be better if you makeAirGap Vault compatible with old versions than asking the user to upgrade his device which require an Internet connection.
Also, in this guide on how to create a wallet: https://medium.com/airgap-it/airgap-the-step-by-step-guide-bff36d50a4ed it sais you have yo "Use your fingerprint to store the secret in the secure enclave of the mobile device"! is this mandatory? If yes then what about devices that are not equipped with fingerprint sensors?

AirGap requires at least Android 5.0(which is still considered old) and the reason we didn't move further back is that there are some security features that are not available on older devices.

your device will ask for a fingerprint if that's the default security setup you have or pin or pattern as the case may be, so a device without a fingerprint sensor will work perfectly fine.

you can look at the more recent guide from 2019 on how to set up here
Pmalek
Legendary
*
Offline Offline

Activity: 2954
Merit: 7563


Playgram - The Telegram Casino


View Profile
June 06, 2021, 08:27:27 AM
Merited by Welsh (2)
 #6

Your site is not as privacy invading as some other sites that claim to be interested in preserving the privacy of its users, but still there are 3 ad trackers and 2 third-party cookies on it.

I have never heard of your brand to be honest. I took a look at the medium article you shared in your latest post and was wondering why does it say that your apps are still in beta and it's not recommended to "handle productive funds with it"?

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
June 06, 2021, 09:45:39 AM
 #7

I took a look at the medium article you shared in your latest post and was wondering why does it say that your apps are still in beta and it's not recommended to "handle productive funds with it"?

That guide was from 2019, at that point, it was at a beta state.
It is a fully fledge production app now and it is recommended to handle productive funds.
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
June 06, 2021, 09:52:45 AM
 #8

Since this wallet is open source, but backed by for-profit company, how do you earn income from this wallet? Only commission from exchange feature?

AirGap is mostly funded by grants from various cryptocurrency foundations.
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7590



View Profile WWW
June 06, 2021, 12:52:09 PM
 #9

AirGap Vault and AirGap Wallet require at least Android 5.0. Make sure that the WebView is updated to the latest version.
I saw complains from people on google store claiming they couldn't even use your wallet with Android 5.1, and even if everything looks nice on paper in reality it is not working for all old smarphones.

What I am interested to know is what system and derivation paths are you using for generating seed words and can they be used to recover funds on other wallets like Electrum, Wasabi or other hardware wallets like Trezor?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
June 06, 2021, 03:43:20 PM
 #10

I saw complains from people on google store claiming they couldn't even use your wallet with Android 5.1, and even if everything looks nice on paper in reality it is not working for all old smarphones.

What I am interested to know is what system and derivation paths are you using for generating seed words and can they be used to recover funds on other wallets like Electrum, Wasabi or other hardware wallets like Trezor?

The majority of the issues we've experienced from our users not being able to set up the app are related to not having an updated webview.

Yes, you should be able to recover your funds with other wallets as long it supports a 24-word seed phrase. (I think electrum uses something different, I'm not sure though).

Also, the code for AirGap is open source, so the default derivation paths are all there. You can also open the Vault and go to the Add Account screen, toggle the Advanced Mode, and you will see the default derivation path for each protocol.

dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7590



View Profile WWW
June 07, 2021, 11:17:03 AM
Merited by Cookdata (1)
 #11

Yes, you should be able to recover your funds with other wallets as long it supports a 24-word seed phrase. (I think electrum uses something different, I'm not sure though).
So please tell us what exactly BIP standard you are using and what are default derivation paths for Bitcoin generated by Airgap wallet?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
June 08, 2021, 06:28:56 AM
 #12

So please tell us what exactly BIP standard you are using and what are default derivation paths for Bitcoin generated by Airgap wallet?

m/44'/0'/0'

If you have more questions can you write to us on telegram or any of our support platforms?
Kakmakr
Legendary
*
Offline Offline

Activity: 3542
Merit: 1965

Leading Crypto Sports Betting & Casino Platform


View Profile
June 19, 2021, 03:07:55 PM
 #13

Can you give a brief explanation how the tx's is being transferred from the Vault to the Wallet? (QR Code) without the source being contaminated or altered using Malware?

Would it not be more secure if the tx's could be encrypted between the source and destination? (To prevent a Man-In-The-Middle attack between the two devices? I have been looking for something like this to sweep coins from a Paper Wallet to a online wallet, but the Private Key must be encrypted at all times.  Wink

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
June 21, 2021, 01:04:59 PM
 #14

Currently, we use our own Serializer to encode the data we transfer in an efficient way. It also supports “splitting up” QR codes into multiple chunks, which allows us to transfer transactions with many inputs or outputs that don’t fit into a single QR code.

On our support page, we have a small page that shows a few examples and contains instructions on how the content of the QR codes can be inspected using 3rd party tools. https://support.airgap.it/coinlib/examples/serializer/v2/introduction

A small note here: We’re working on a bigger refactoring of our apps to support Segwit and PSBTs. Once this is done, there will be an option to encode the data in different formats, for example, bc-ur, to be compatible with other watch-only wallets like Electrum or Sparrow.

So that’s just some background information, let’s get to your questions:

How the tx's is being transferred from the Vault to the Wallet? (QR Code) without the source being contaminated or altered using Malware?

We generally assume that the offline device (Vault) can be trusted. If you don’t trust the offline device, you will have to inspect every QR code going from Vault => Wallet yourself (using 3rd party tools) to make sure no sensitive data is leaked. Sadly, this is not as easy as it sounds. By inspecting the contents of a QR code, you might catch some simple attempts to leak private data (eg. if part of the seed is put into the identifier). But sophisticated attacks, for example abusing the “random number” of an ECDSA signature, can leak data in a way that is practically impossible to detect. (See https://core.ac.uk/download/pdf/301367593.pdf). Because air-gapped and offline wallets get more and more popular, we have started a discussion about exactly this issue, but sadly there were no responses so far. Feel free to participate to show other developers that this is an issue we should be looking into: https://github.com/BlockchainCommons/Airgapped-Wallet-Community/discussions/60

Would it not be more secure if the tx's could be encrypted between the source and destination?

Not necessarily. There are advantages and disadvantages to encrypting the messages that are sent between online and offline devices:
   
Advantages:
   
  • Privacy (nobody can read the contents of your message)
   
Disadvantages:

  • The messages can no longer be inspected by 3rd party tools (at least not with considerable extra work)
  • More complexity overall (an additional key/keypair has to be generated for the communication, and it has to be shared between offline and online device)

While encryption obviously also prevents Man-In-The-Middle attacks (if the right encryption is used), this could also be solved by adding a signature to the data. So the only actual benefit of the encryption is that nobody can read its content.

Because of the additional complexity, the downsides regarding verifiability of the messages and no real security advantages, we decided against implementing encrypted messages for now. The thread of a “Man-In-The-Middle” attack is also relatively low in our case, because the communication happens directly between the 2 devices, it is not sent over the network, for example. But we still have it in our backlog to add as an optional feature for those who want it.

but the Private Key must be encrypted at all times.

While we don’t support your specific use case (we only support BIP39 mnemonics, not private keys), the mnemonics in AirGap Vault are always encrypted, unless they are needed for some action (eg. deriving of the keypair or signing).

Let us know if you have any feedback regarding those points. We’re always happy to have those technical discussions
libert19
Hero Member
*****
Offline Offline

Activity: 2688
Merit: 972


View Profile WWW
July 03, 2021, 02:08:22 AM
 #15

Can user add erc20 and polka based tokens manually (the ones not listed beforehand)?
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
July 03, 2021, 08:38:54 AM
 #16

Can user add erc20 and polka based tokens manually (the ones not listed beforehand)?
Right now that's not possible in AirGap but we will be releasing a new version in few days with WalletConnect functionality, so you can send and receive any ERC20 tokens through something like MEW (connected to AirGap).
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
July 19, 2021, 12:48:12 PM
 #17

AirGap wallet added the BIP 85 functionality a while back. but now has a blog article about it to illustrate the different use cases.

What is BIP85
BIP 85 defines a way how new BIP39 mnemonics can be derived from your mnemonic. Put another way, it aids you in deriving “entropy” from your mnemonics, and the entropy you derive can then be used in other wallets and applications. Therefore, it brings the flexibility of managing multiple mnemonics (multiple wallets) while only having to back up one of your mnemonics. If one or more of the derived entropies are compromised, the parent mnemonic and other derived entropies remain secure.

read more
Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
August 02, 2021, 08:23:23 AM
 #18

Pearson12 (OP)
Member
**
Offline Offline

Activity: 109
Merit: 15


View Profile WWW
August 12, 2021, 03:59:27 PM
 #19

Pmalek
Legendary
*
Offline Offline

Activity: 2954
Merit: 7563


Playgram - The Telegram Casino


View Profile
August 14, 2021, 07:58:56 AM
Merited by Pearson12 (1)
 #20

I think you could have mentioned the giveaway in your last post.

For those who haven't read their last Medium article, they are hosting a giveaway where 20 random people have the chance to win AirGap metal plates for recovery phrases including electronic engraving pens. To participate, you need to create a video or article about AirGap. Check the article for more information.

This is what you can win:



 

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!