Air-gapped wallet signing - privacy leak

[Marc-Gee]

Hi, thanks for your work on this collaborative wallet !
A private key privacy issue that I found today when testing it with an airgapped key was very scary however.

Issue:
The signing workflow asked me to show my Key's QR code, for signing, and without realizing, I showed the phone camera my Private Key QR. (Testnet Phew)

Suggestion:
the workflow label should have said "Import PSBT" when the required key was already known/defined as airgapped! additionally, It should not have offered the (1st) option of "Import signature", but rather only "Export Transaction [PSBT]"

Background:
I was trying to sign my 1st Txn via a 2-of 3 collaborative wallet with a remote friend and when it was my turn to sign, the action label said "Sign".
I selected that, and then I chose 'Sign with QR'. I then showed the phone camera my private key QR (Testnet phew)! in my next step! (I didnt realize that I had an internet-connected phone in my hand), when it asked for a signature.

I (and my friend) suggest that I should instead have been prompted with only 'Import the psbt'.
To stay private, an airgapped wallet would then handle the signing of that PSBT internally, inside its airgap.
and then once signed inside there, the PSBT will be uploaded back to Nunchuck.

Thanks again for an otherwise excellent collab multi-sig !

MarcG

[vehicles4real]

Have you lost anything?

[Marc-Gee]

Nope, thankfully we were only testing on Testnet! Marc. From: Daniel Walker ***@***.***> Sent: Saturday, August 19, 2023 11:20 AM To: nunchuk-io/nunchuk-android ***@***.***> Cc: Marc G ***@***.***>; Author ***@***.***> Subject: Re: [nunchuk-io/nunchuk-android] Air-gapped wallet signing - privacy leak (Issue #30) Have you lost anything? - Reply to this email directly, view it on GitHub<#30 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AVYRGJN4ZSG5R52FR4E6DVLXWD7VXANCNFSM6AAAAAA3U5EXEI>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>