More precise instructions about hs-airdrop HOT 7 CLOSED

thanks for sharing with us - the instructions are confusing, for example I have multiple ed25519 keys and gpg keys as well, how can I identify which one is appropriate?I'm also concerned about having to hand my private keys to a large blob of javascript..

from hs-airdrop.

How to run pseudo-airgapped hs-airdrop using Docker

DISCLAIMER: THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

First, create this Dockerfile in an empty directory:

FROM node

RUN git clone https://github.com/handshake-org/hs-airdrop.git /hs-airdrop
WORKDIR /hs-airdrop
RUN yarn
RUN mkdir -p /root/.hs-tree-data/nonces
RUN curl -Lo /root/.hs-tree-data/tree.bin https://github.com/handshake-org/hs-tree-data/raw/master/tree.bin
RUN curl -Lo /root/.hs-tree-data/faucet.bin https://github.com/handshake-org/hs-tree-data/raw/master/faucet.bin
RUN curl -Lo /root/.hs-tree-data/proof.json https://github.com/handshake-org/hs-tree-data/raw/master/proof.json
RUN curl -Lo /root/.hs-tree-data/nonces/172.bin https://github.com/handshake-org/hs-tree-data/raw/master/nonces/172.bin

In that directory, run the following commands:

mkdir keys
cp ~/.ssh/id_rsa ~/.ssh/id_rsa.pub keys
# Change the password on your SSH key
ssh-keygen -p -f keys/id_rsa

docker build -t hs-airdrop .

docker run --rm -it --network none --name no-net --volume=$(pwd)/keys:/ssh hs-airdrop bash

You'll now be running a non-networked container. This is not as secure as it could be if you properly air-gapped, but it's better than nothing. Inside the container you can check there's no network connectivity:

ping 8.8.8.8

Should give an error - so you know there's no internet. Now run the airdrop command:

./bin/hs-airdrop /ssh/id_rsa <YOUR_WALLET_ADDRESS> 0.010

(0.010 is the mining fee recommended by namebase.io)

You'll probably get an error about not being able to fetch the nonce; this is likely because bucket 172 above is incorrect for you. Exit the docker bash shell, edit the Dockerfile above to contain the correct bucket number (in BOTH PLACES on that final line), then run again:

docker build -t hs-airdrop .

docker run --rm -it --network none --name no-net --volume=$(pwd)/keys:/ssh hs-airdrop bash

Issue the ./bin/hs-airdrop command again and hopefully this time it will work.

from hs-airdrop.

The value argument specifically is tripping me up. My Handshake dashboard says 5000, but the Github repo seems to say 4,662.598321. Unsure which to use (or an entirely different number).

from hs-airdrop.

Could you describe the cryptography in a bit more detail? Is it just a blinding factor that I should XOR into my normal (ed25519) secret key?

A full specification will be written eventually, but the short answer is no: it's non-trivial to derive ed25519 keys using anything but bcrypto since it violates the ed25519 specification in order to work (it's tricky to do HD-style derivation with ed25519 since your private key isn't a scalar -- it's the seed for a scalar). You'll need very low-level access to an ed25519 implementation if you want to duplicate the arithmetic/signing.

The cryptography itself is the same as in bitcoin HD derivation: (private-key + scalar) % order and (public-key + (scalar * base-point)).

The ed25519 derivation isn't finalized yet. Because the signing violates the specification so severely, we probably need some more auditing of the scheme before it's deployed.

Note that you can optionally forgo the privacy aspect of the airdrop to do a standard ed25519 signing with the --bare flag if it's really necessary.

And what should we use for the [addr] and [value] arguments?

You shouldn't need a value argument if you're redeeming the airdrop (the [value] option is only necessary for people who signed up using the web faucet).

The address should be a handshake address that you control.

thanks for sharing with us - the instructions are confusing, for example I have multiple ed25519 keys and gpg keys as well, how can I identify which one is appropriate?

Only your master key will be included in the tree (no subkeys). To see whether you're in the tree, you can pass your key fingerprint (short ID, long ID, etc) to the [id] option. Note that you'll need a raw export of your secret key ring in standard PGP packets in order for the airdrop tool to be able to read it. It won't be able to read GnuPG's new database format.

I'm also concerned about having to hand my private keys to a large blob of javascript..

Totally understandable. I expect a lot of people to do this air gapped. We'll get some signed tarball releases up here which don't require NPM at all to install.

from hs-airdrop.

I alleviated my concerns about handing out my private key in a few ways

• Duplicated the key file and stripped the password from it so hs-airdrop didn't need that information
• Rather than airgap my machine, I just separated the both npm install and the app itself from my filesystem using docker to install. Not a specific handshake docker image, just the latest nodejs, i.e. docker run --rm -it --volume=$(pwd):/code node bash) after cloning. I copied my private key into the cloned folder mapped to docker and the instructions all worked fine.
• After I'd done the proof I generated a new SSH key for github. I liked the suggestion to replace my github key on the why-private-key page, it probably is long overdue.

There's a small window where something could've happened with my credentials but I already exercise a lot of caution e.g. specific keys for public services rather than using my default key everywhere.

from hs-airdrop.

@benjie thanks for writing this out. This material might be more useful as its own issue where people can find it, or even as a "guide" on https://hsd-dev.org, you can make a PR to that repo here: https://github.com/handshake-org/handshake-org.github.io

from hs-airdrop.

👍 Filed handshake-org/handshake-org.github.io#61

from hs-airdrop.