Comments (7)
thanks for sharing with us - the instructions are confusing, for example I have multiple ed25519 keys and gpg keys as well, how can I identify which one is appropriate?I'm also concerned about having to hand my private keys to a large blob of javascript..
from hs-airdrop.
How to run pseudo-airgapped hs-airdrop using Docker
DISCLAIMER: THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
First, create this Dockerfile
in an empty directory:
FROM node
RUN git clone https://github.com/handshake-org/hs-airdrop.git /hs-airdrop
WORKDIR /hs-airdrop
RUN yarn
RUN mkdir -p /root/.hs-tree-data/nonces
RUN curl -Lo /root/.hs-tree-data/tree.bin https://github.com/handshake-org/hs-tree-data/raw/master/tree.bin
RUN curl -Lo /root/.hs-tree-data/faucet.bin https://github.com/handshake-org/hs-tree-data/raw/master/faucet.bin
RUN curl -Lo /root/.hs-tree-data/proof.json https://github.com/handshake-org/hs-tree-data/raw/master/proof.json
RUN curl -Lo /root/.hs-tree-data/nonces/172.bin https://github.com/handshake-org/hs-tree-data/raw/master/nonces/172.bin
In that directory, run the following commands:
mkdir keys
cp ~/.ssh/id_rsa ~/.ssh/id_rsa.pub keys
# Change the password on your SSH key
ssh-keygen -p -f keys/id_rsa
docker build -t hs-airdrop .
docker run --rm -it --network none --name no-net --volume=$(pwd)/keys:/ssh hs-airdrop bash
You'll now be running a non-networked container. This is not as secure as it could be if you properly air-gapped, but it's better than nothing. Inside the container you can check there's no network connectivity:
ping 8.8.8.8
Should give an error - so you know there's no internet. Now run the airdrop command:
./bin/hs-airdrop /ssh/id_rsa <YOUR_WALLET_ADDRESS> 0.010
(0.010 is the mining fee recommended by namebase.io)
You'll probably get an error about not being able to fetch the nonce; this is likely because bucket 172 above is incorrect for you. Exit the docker bash shell, edit the Dockerfile above to contain the correct bucket number (in BOTH PLACES on that final line), then run again:
docker build -t hs-airdrop .
docker run --rm -it --network none --name no-net --volume=$(pwd)/keys:/ssh hs-airdrop bash
Issue the ./bin/hs-airdrop
command again and hopefully this time it will work.
from hs-airdrop.
The value
argument specifically is tripping me up. My Handshake dashboard says 5000, but the Github repo seems to say 4,662.598321
. Unsure which to use (or an entirely different number).
from hs-airdrop.
Could you describe the cryptography in a bit more detail? Is it just a blinding factor that I should XOR into my normal (ed25519) secret key?
A full specification will be written eventually, but the short answer is no: it's non-trivial to derive ed25519 keys using anything but bcrypto since it violates the ed25519 specification in order to work (it's tricky to do HD-style derivation with ed25519 since your private key isn't a scalar -- it's the seed for a scalar). You'll need very low-level access to an ed25519 implementation if you want to duplicate the arithmetic/signing.
The cryptography itself is the same as in bitcoin HD derivation: (private-key + scalar) % order
and (public-key + (scalar * base-point))
.
The ed25519 derivation isn't finalized yet. Because the signing violates the specification so severely, we probably need some more auditing of the scheme before it's deployed.
Note that you can optionally forgo the privacy aspect of the airdrop to do a standard ed25519 signing with the --bare
flag if it's really necessary.
And what should we use for the [addr] and [value] arguments?
You shouldn't need a value argument if you're redeeming the airdrop (the [value]
option is only necessary for people who signed up using the web faucet).
The address should be a handshake address that you control.
thanks for sharing with us - the instructions are confusing, for example I have multiple ed25519 keys and gpg keys as well, how can I identify which one is appropriate?
Only your master key will be included in the tree (no subkeys). To see whether you're in the tree, you can pass your key fingerprint (short ID, long ID, etc) to the [id]
option. Note that you'll need a raw export of your secret key ring in standard PGP packets in order for the airdrop tool to be able to read it. It won't be able to read GnuPG's new database format.
I'm also concerned about having to hand my private keys to a large blob of javascript..
Totally understandable. I expect a lot of people to do this air gapped. We'll get some signed tarball releases up here which don't require NPM at all to install.
from hs-airdrop.
I alleviated my concerns about handing out my private key in a few ways
- Duplicated the key file and stripped the password from it so
hs-airdrop
didn't need that information - Rather than airgap my machine, I just separated the both
npm install
and the app itself from my filesystem using docker to install. Not a specific handshake docker image, just the latestnodejs
, i.e.docker run --rm -it --volume=$(pwd):/code node bash
) after cloning. I copied my private key into the cloned folder mapped to docker and the instructions all worked fine. - After I'd done the proof I generated a new SSH key for github. I liked the suggestion to replace my github key on the why-private-key page, it probably is long overdue.
There's a small window where something could've happened with my credentials but I already exercise a lot of caution e.g. specific keys for public services rather than using my default key everywhere.
from hs-airdrop.
@benjie thanks for writing this out. This material might be more useful as its own issue where people can find it, or even as a "guide" on https://hsd-dev.org, you can make a PR to that repo here: https://github.com/handshake-org/handshake-org.github.io
from hs-airdrop.
👍 Filed handshake-org/handshake-org.github.io#61
from hs-airdrop.
Related Issues (20)
- put my key in the airdrop tree, please! HOT 3
- Error that 'bcrypto/lib/pgp' cannot be found when claim airdrop HOT 2
- Error: EISDIR: illegal operation on a directory, read HOT 2
- Airdrop claim transactions randomly fail to be mined HOT 24
- Error: Cannot find module 'bcrypto.node' HOT 9
- Error: PEM parse error (unexpected data). HOT 1
- Job tribs
- go HOT 1
- Found nonce but error broadcasting transaction "bad-goosig-disabled" HOT 5
- Verification failure: txn-already-in-mempool / bad-txns-inputs-missingorspent HOT 3
- Wait, so this only works if you decided you shouldnt ever rotate your github ssh keys? HOT 6
- Unauthorized (bad API key) HOT 1
- NonceError despite correct GitHub SSH key and > 15 followers HOT 3
- Options re. larger RSA moduluses like 8192 bits HOT 1
- After airdrop claim balance still 0 HOT 11
- `(node-rpc) Assertion failed` error when executing `./bin/hsd-cli rpc sendrawairdrop` HOT 3
- Claim airdrop, accidentally erased the .hsw directory, any ways to recover? HOT 4
- Error: Cannot find module 'leveldown.node' HOT 4
- Doesn't work with GPG key HOT 9
- Who can give me some coins? My GitHub account was registered late HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hs-airdrop.