@dupe This is great.

As the primary developer behind lupoex.com, I would say that we would love to integrate ledger Nano S. The only thing we really need is the ability to sign a transaction similar to this:

https://www.stellar.org/developers/js-stellar-base/reference/building-transactions.html

As part of your javascript library, I would suggest implementing a function sign(transaction) that takes a transaction of type https://stellar.github.io/js-stellar-sdk/Transaction.html and returns the signed transaction.

Hi! What you are describing is exactly my intention. I am basing the library on Ledger's node js api [1]. The name is a little bit misleading because the library can also be used in supported browsers.

The calls will be asynchronous calls that you can pass a callback function. Leaving out some details it basically comes down to:

var stlr = ledger.stlr();
var transaction = buildTransaction();
stlr.signTransaction(transaction, function(signedTransaction) {
sendTransaction(signedTransaction);
});

  1. https://github.com/LedgerHQ/ledger-node-js-api/

Please take the transaction hash as a parameter instead of the transaction, so you can support networks without using the global Network object-hack.

And please return the signature, so it works with multi-sig transactions.

  • dupe replied to this.

    Signing arbitrary messages would also be nice, not sure if Ledger supports that.

    (I'm hashing the messages twice so you can't phish people into signing TXs)

    • dupe replied to this.

      dzham For security reasons I'm afraid it is not possible to take the hash as input for signing a transaction. Remember the purpose of these devices is to be 100% tamperproof. That means the user must be certain of what it is they are signing. So the device needs the actual signature base of the transaction that contains all the transaction details. This way it can show the details on the device for approval. The signature base is also the thing that is then hashed and signed resulting in the signature. If you could just send a hash and receive back the signature it would be easy for malicious code on the client to send a hash that corresponds to a different transaction than the on presented to the user on the client.

          This is great, let me know if you need a tester!

          • dupe replied to this.

            dupe

            I know how signing works, I'm just telling you what I would need in terms of API, to easily integrate with what I have already. I display the tx for all transactions the user ever does, in the wallet (Stargazer)

            • dupe replied to this.

                dzham And I'm not suggesting you will write malicious code, but a computer can get infected or other wallet applications might ship with malicious code. For a hardware wallet, displaying the transaction on the client (stargazer in this case) is not enough, because a completely different transaction hash can easily be sent to the device for confirmation.This is why devices like this have a display. You can verify that what you are actually signing is what you intended when you entered the details on you computer (and it's really important that you do!).

                But I'm interested in the problem you see with sending the transaction and why you want to send the hash instead. You mentioned something about "networks without using the global Network object-hack". I'm not familiar with this problem. Can you expand on that?

                    zcc Thanks a lot! I will post a link with instructions once the code is far enough along. Are you a developer? It will be necessary to set up a development environment to compile and load the app onto the device and then to build the javascript library. My plan is also to ship a small browser-based demo with the javascript library so you don't have to edit and run scripts to test the app.

                    • zcc replied to this.

                        dupe transaction + network hash would work

                        The problem is that the StellarSDK signing code (The tx-hash calculation) isn't reentrant. Not sure if that ever is an issue is js/node though, but having to specify the network globally is certainly a code-smell IMHO, especially if you support multiple networks.

                        The problem with transactions, that you might not have thought about, is that a transaction can contain up to 100 operations. Operations might have different source accounts. How are you going to display that on the tiny display of a Ledger Nano in a meaningful way? I'm having enough issues with this myself, and I'm a lot less constrained. (https://github.com/johansten/stargazer/blob/master/app/core/services/humanizer.js)

                        ?

                        • dupe replied to this.

                            dzham The problem with transactions, that you might not have thought about, is that a transaction can contain up to 100 operations.

                            You may want to read my initial post again.

                              @dupe oh, you will only be supporting payment operations in a transaction? If so, I don't think we will be able to make use of it at lupoex.

                              • dupe replied to this.

                                istrau2 Was my post really that unclear? If I read it back it clearly states that I want to support all the advanced use cases in the long term.

                                The initial goal is to support a single payment, in any asset. I think that is the most important use case for a hardware wallet and the one that the large majority of people are most interested in. After the initial release I want to add functionality incrementally. Eventually I would like to support the whole set of possible transactions if that proves viable. Perhaps it will be very easy to support all these things and they can implemented quite soon but I think it's a good process to release in stages and try to support the most important features first. Hope this clears things up.

                                    dupe Yes, I am a developer and was planning on adding Stellar support to the Nano, but you beat me to it ?

                                        I like what your doing. Keep up the good work! Hopefully i will be using it one day soon

                                        dupe

                                        I'll follow your progress, and when it works for arbitrary tx's I will integrate.

                                          dupe, Just thought of something..

                                          You could filter away all ops that have a source account that isn't signed for by the on-device key. That would make it work for a lot more scenarios than just a regular payment, while still keeping it simple in the UI.

                                          Quick update.

                                          I've finished what I intended to do for the first iteration: showing and approving a simple payment transaction.

                                          If you have a Nano S and are willing to go through the process of setting up a development environment, you can install the app and run the tests if you want. I've written up some basic instructions in the project README [1]. Feedback is more than welcome.

                                          I've modelled the transaction approval behaviour on the Ledger Nano S Ethereum app. When a transaction is sent to the device there is a loop that shows the payment details on the screen automatically. Unfortunately the recipient address somehow is incorrectly encoded. (Yeah, pretty bad. The code works when you run the tests but not on the device. Possibly something to do with type conversion).

                                          If you do decide to install the app, the companion javascript api contains scripts with which to test it. Instructions again in the README for that project [2].

                                          I'm going to have a little breather before I continue on to the next iteration. During the next iteration I will focus on
                                          - fix the nasty encoding bug
                                          - Adding tests
                                          - Key pair validation
                                          - Supporting a wider set of transactions
                                          - Creating rudimentary demo wallet to show and test the functionality

                                          1. https://github.com/lenondupe/ledger-app-stellar
                                          2. https://github.com/lenondupe/stellar-ledger-api

                                          Cheers