add displayxpub command

[benma]

Such a command would invoke verification of an xpub at a keypath on the device.

This is an important feature, as setting up a multisig without comparing the cosigners xpubs on one device with the xpub shown on the other devices can be very dangerous.

I believe most commonly users verify the xpubs on the device (if they are shown at all and the user actually checks them) against xpubs shown on the host computer, which is useless, as the host computer can lie about them.

It is also critical to verify your backup of the xpubs against the xpub shown on the device. Again, creating the backup by copying the xpubs shown on the host computer can lead to loss of funds or ransom attacks.

As a bonus, since Electrum shows the cosigner xpubs in any of these formats:

xpub, ypub, zpub, tpub, vpub, upub, Ypub, Zpub, Upub, Vpub

the command could accept a --format arg to hint which format the device should show. This enables you to transmit the correct xpub safely to your cosigner who uses Electrum (even if you don't use Electrum yourself; otherwise you'd have to trust your or their computer to covert correctly to the desired format, let alone the UX problems of that).

Alternative api: getpxub could get a --display arg to show it on the display.

If you agree, I'll be happy to make a PR adding this feature.

[instagibbs]

I think this is a missing piece of infrasture for multisig setups.

Which devices currently support this?

[prusnak]

trezor_1 and trezor_t do

[benma]

BitBox02 supports it too.

@prusnak that is awesome, can you show me how to do it? I was looking for it everywhere but couldn't find it when I wrote this post.

I tried:

trezorctl btc get-public-node -n "m/48'/0'/0'/2'" --show-display

But that seems to show the pubkey only (03...), not the xpub (xpub...). How to do it?

[prusnak]

trezorctl btc get-public-node -n "m/48'/0'/0'/2'" --show-display

This is correct. I changed the behaviour in the upcoming 2.3.5 and 1.9.4 firmwares to show xpub instead of the public key on the display. These will be released next week, but you can try them out now from here: https://github.com/trezor/webwallet-data/tree/master/firmware

If you send GetPublicNode.ignore_xpub_magic=true the device will show and return always xpub prefix. If you keep don't set (default=false), specialized prefixes will be used (ypub, etc).

This all works only for single-sig. If you want to use multisig, you use GetAddress call with multisig field set.

[instagibbs]

Can you give an example of what the new firmware will display wrt multisg addresses?

Ideally I'd be able to know "how" the multisig address was constructed, or "register" ones I expect.

[prusnak]

@instagibbs it will show the multisig address and then you can cycle through the involved xpubs in the address (while Trezor is showing whether it's yours = coming from trezor, or from a cosigner)