Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add displayxpub command #384

Open
benma opened this issue Sep 1, 2020 · 6 comments
Open

add displayxpub command #384

benma opened this issue Sep 1, 2020 · 6 comments

Comments

@benma
Copy link
Contributor

benma commented Sep 1, 2020

Such a command would invoke verification of an xpub at a keypath on the device.

This is an important feature, as setting up a multisig without comparing the cosigners xpubs on one device with the xpub shown on the other devices can be very dangerous.

I believe most commonly users verify the xpubs on the device (if they are shown at all and the user actually checks them) against xpubs shown on the host computer, which is useless, as the host computer can lie about them.

It is also critical to verify your backup of the xpubs against the xpub shown on the device. Again, creating the backup by copying the xpubs shown on the host computer can lead to loss of funds or ransom attacks.

As a bonus, since Electrum shows the cosigner xpubs in any of these formats:

xpub, ypub, zpub, tpub, vpub, upub, Ypub, Zpub, Upub, Vpub

the command could accept a --format arg to hint which format the device should show. This enables you to transmit the correct xpub safely to your cosigner who uses Electrum (even if you don't use Electrum yourself; otherwise you'd have to trust your or their computer to covert correctly to the desired format, let alone the UX problems of that).

Alternative api: getpxub could get a --display arg to show it on the display.

If you agree, I'll be happy to make a PR adding this feature.

@instagibbs
Copy link
Collaborator

I think this is a missing piece of infrasture for multisig setups.

Which devices currently support this?

@prusnak
Copy link
Collaborator

prusnak commented Feb 3, 2021

trezor_1 and trezor_t do

@benma
Copy link
Contributor Author

benma commented Feb 3, 2021

BitBox02 supports it too.

@prusnak that is awesome, can you show me how to do it? I was looking for it everywhere but couldn't find it when I wrote this post.

I tried:

trezorctl btc get-public-node -n "m/48'/0'/0'/2'" --show-display

But that seems to show the pubkey only (03...), not the xpub (xpub...). How to do it?

@prusnak
Copy link
Collaborator

prusnak commented Feb 3, 2021

trezorctl btc get-public-node -n "m/48'/0'/0'/2'" --show-display

This is correct. I changed the behaviour in the upcoming 2.3.5 and 1.9.4 firmwares to show xpub instead of the public key on the display. These will be released next week, but you can try them out now from here: https://github.com/trezor/webwallet-data/tree/master/firmware

If you send GetPublicNode.ignore_xpub_magic=true the device will show and return always xpub prefix. If you keep don't set (default=false), specialized prefixes will be used (ypub, etc).

This all works only for single-sig. If you want to use multisig, you use GetAddress call with multisig field set.

@instagibbs
Copy link
Collaborator

Can you give an example of what the new firmware will display wrt multisg addresses?

Ideally I'd be able to know "how" the multisig address was constructed, or "register" ones I expect.

@prusnak
Copy link
Collaborator

prusnak commented Feb 4, 2021

@instagibbs it will show the multisig address and then you can cycle through the involved xpubs in the address (while Trezor is showing whether it's yours = coming from trezor, or from a cosigner)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants