Stellar now has support on both Ledger Nano S and Ledger Blue devices.

The previous version of the Stellar app only supported the Nano S and could display the details of a limited number of operations. The new version features the ability to display the details of all possible Stellar operations. This means it is no longer required nor possible to sign an uninformative hash of the transaction. This makes approving a transaction maximally secure. The added operations include: pathPayment, passiveOffer, allowTrust, setOptions, accountMerge, manageData, and inflation.

Several improvements to existing functionality have been made:
- On the Nano S a larger summary for account id's is displayed. The first 12 and last 12 characters instead of the first 6 and last 5. On the Ledger Blue these can be viewed in full.
- Text memo's are no longer summarized but now show in full.
- changeTrust operations now also show the issuer account id.
- More descriptive captions for operations and details
- manageOffer price is now correctly qualified

Another new feature that was added is the ability to check the receiving address on the Ledger screen. When a client wallet displays the address of the Ledger-based account we need a way to make sure this is indeed our account id, as otherwise we might be tricked into having funds sent to an account that is not actually ours. To make sure the receiving address displayed by the wallet is correct, the ability to check it on the Ledger was added.

The Javascript library that allows client applications to communicate with the Ledger app has been contributed to and is now hosted by Ledger itself here. A demo of the library for both browser based and native clients is hosted here.

Set options operation on Ledger Blue:

Ledger Blue approve set options operation

Ledger Blue details screen:

Ledger Blue show details

    dupe

    With txhash gone, is it still possible to use it as signatory to a multi-sig account, or a multi-party tx?

    • dupe replied to this.

        dzham Yes, you just need to provide the full transaction signature base.

            dupe

            Awesome!

            Doing quite a few updates to Stargazer, and Ledger Nano is one of them

                5 days later
                dupe changed the title to Ledger Nano S and Ledger Blue support .

                dupe

                Noticed this "Multi-operation transactions are not supported", so not sure what to do anymore..
                Not upgrading my personal device, since this is one of the things I use it for.
                That also means I'm not adding support to Stargazer until this works.

                    dzham

                    Agreed, multi operation transactions are a high priority.

                      dzham Yes, was a tough decision to make. But for a HW wallet security is number one priority. I was very unhappy with people being able to sign without seeing any details but also couldn't see how to make it work with multi-ops right now.

                      To make multi-ops work is very tough since you have limited memory and you need to send and approve the transaction xdr per operation and simultaneously build up the hash to sign. I'll let someone else take over from here if they want to try it.

                          dupe

                          What if you as a user is able to verify the hash with a 3rd party instead, like stellar laboratory, or something similar?
                          I mean, I can easily have a user setting to sign transactions or hashes, where they have to acknowledge the risk, but not being able to sign multi-op transactions at all is a show stopper, since I'm creating multi-op txs quite heavily.

                          • dupe replied to this.

                              dzham But it's not a solution to leave it up to the client application to play nice and ensure the user is properly informed. The whole idea is that the Ledger is secure independent of what goes on on the host. You can have a malignant application with Ledger support that simply uses the hash signing to avoid detection by the user.

                                dzham One thing that I would be willing to compromise is to introduce an unsafe-mode setting next to browser-mode on the device. Only if users explicitly enable unsafe-mode will they be able to sign hashes.

                                    9 days later

                                    How do I send Lumens from Ledger S to Binance? When I try to sign up with Ledger, a red crossed out circle appears.
                                    Thanks

                                    a month later

                                    Ledger just released version 2.1.0 of the Stellar app that adds the unsafe hash signing option discussed here. Before signing a multi operation transaction you go to the app settings and choose 'enable multi-ops'. The device will then accept requests for signing only the hash of the transaction. Note that this setting is transient (is not stored when the app closes) and you need to set it every time you want to use it.

                                    a year later