Software password for hardware wallets (encrypt with user provided password) #5561
Comments
|
you can already create a watching-only wallet that has the same public key as your hardware wallet, and password-protect it. We cannot add a software password to a wallet file tied to a hardware wallet, unless we ask the user to enter that password everytime they want to open the wallet, even if the hardware wallet is plugged. I do not think that would be a good user experience. |
ecdsa
changed the title
|
Thanks for your help. For what is it worth, that it the user experience I desire. I rarely connect my hardware wallet and so the extra burden is mimimal, and it provides a boost in security. So now it seems like my choices are:
|
SomberNight
added
enhancement ✨
hw-generic
|
I ran into the same problem when setting up Electrum with a Coldcard in air gap mode and trying to encrypt the wallet. As far as I understand it is possible to use a watch-only wallet to create transactions on one computer and sign them with an offline wallet on another cold computer: I was trying to use the same setup with the Coldcard. Unfortunately, it is not possible to save PSBTs from a watch-only wallet. Would allowing watch-only wallets to save and load PSBTs be a possible solution to allow the same setup with a hardware wallet? Or are there technical restrictions that I am not aware of? |
|
@gdfy IIRC the workflow Coldcard suggests for airgapped usage is to create the Electrum wallet file on their device and transfer it via sdcard to your PC, then open the wallet file using Electrum. You might be right that the file created on the Coldcard device is unencrypted (by default it certainly is); is this (part of) your issue?
This should already work on master since #5721 |
|
@SomberNight Thank you for your reply.
I started with the same setup as described in the original issue. After importing the skeleton wallet file created on the Coldcard I tried to encrypt the wallet file. Which does not work without connecting the Coldcard via USB as discussed above. After that I tried to create a new watch-only wallet based solely on the xpub. When I create a new transaction in the watch-only wallet the button "Save PSBT" is not available in the user interface (Electrum Version 3.3.8).
If I understand you correctly the information the watch-only wallet has at its disposal might not be enough to create a PSBT the Coldcard could sign. So this seems to be no valid solution even if there was a way to save the PSBT. Given this situation I would like to ask if the "Software password for hardware wallets" idea discussed in the original issue is something you would consider for a future release. There is one more minor issue: Since the wallet created based on the skeleton wallet file expects a connected device a dialog is shown whenever the wallet is opened. Furthermore a symbol for the missing hardware device is displayed in the status bar at the bottom of the window. It would be great if there was I way to tell Electrum (e.g. a flag in the skeleton wallet file or a setting in Electrum) that this wallet is used in air gap mode and there is no need to remind the user about the missing connection.
|
Ahh ok, got it now. :/ |
SomberNight
added
the
topic-walletstorage 💾
SomberNight
changed the title
|
I frequently use my hardware wallet everyday, when I receive funds I am with third persons who scan the QR code and I dont want connect and unlock my device front him for show the QR. At the same time is important my wallet master public key is encrypted, so that other softwares of my computer or in case unauthorized physical access can't open it and see historic transaction and descriptions. I do transactions with my device using electrum, for me create a unique file wallet using master public key (encrypt with password user provided) instead of hardware wallet type wallet is not my solution. Also create 2 wallets is not practical, I have writted descriptions on all transactions I receive and send, these descriptions, contacts and addresses saved are important for me be accesible when I check my public transactions on electrum and when I send transactions too (I send the transactions selecting what inputs I want spend with his description). I think best solution is encrypt with user provided password. |
I currently use Electrum as a front-end for my hardware wallet. Normally my hardware is locked up safe at home, which prevents me from sending my currency when I am out and about, but I can still monitor my wallet contents and even receive currency while on the road. That is great; just what I want.
However, when using Electrum in this way the wallet is not encrypted. Anybody that gained access to my machine could open the wallet and see how much currency I owned. That seems bad. One of the cardinal rules of bitcoin is 'never tell anybody how much you have'.
I looked into encrypting the wallet, but for hardware wallets it seems that after encrypting the wallet I would only be able to open it if I had the hardware wallet in my possession. That breaks the use-model.
I would like to request that you add the option of having a password that encrypts the whole account, but in such a way that the account could be decrypted and viewed without requiring access to the hardware wallet itself. Actually, it would be nice to have the option of having a password on any watching wallets (perhaps that is already possible, but I could not find evidence of that in a quick check of the documentation).
-Ken
The text was updated successfully, but these errors were encountered: