-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Air-gapped wallet signing - privacy leak #30
Comments
Have you lost anything? |
Nope, thankfully we were only testing on Testnet!
Marc.
From: Daniel Walker ***@***.***>
Sent: Saturday, August 19, 2023 11:20 AM
To: nunchuk-io/nunchuk-android ***@***.***>
Cc: Marc G ***@***.***>; Author ***@***.***>
Subject: Re: [nunchuk-io/nunchuk-android] Air-gapped wallet signing - privacy leak (Issue #30)
Have you lost anything?
-
Reply to this email directly, view it on GitHub<#30 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AVYRGJN4ZSG5R52FR4E6DVLXWD7VXANCNFSM6AAAAAA3U5EXEI>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, thanks for your work on this collaborative wallet !
A private key privacy issue that I found today when testing it with an airgapped key was very scary however.
Issue:
The signing workflow asked me to show my Key's QR code, for signing, and without realizing, I showed the phone camera my Private Key QR. (Testnet Phew)
Suggestion:
the workflow label should have said "Import PSBT" when the required key was already known/defined as airgapped! additionally, It should not have offered the (1st) option of "Import signature", but rather only "Export Transaction [PSBT]"
Background:
I was trying to sign my 1st Txn via a 2-of 3 collaborative wallet with a remote friend and when it was my turn to sign, the action label said "Sign".
I selected that, and then I chose 'Sign with QR'. I then showed the phone camera my private key QR (Testnet phew)! in my next step! (I didnt realize that I had an internet-connected phone in my hand), when it asked for a signature.
I (and my friend) suggest that I should instead have been prompted with only 'Import the psbt'.
To stay private, an airgapped wallet would then handle the signing of that PSBT internally, inside its airgap.
and then once signed inside there, the PSBT will be uploaded back to Nunchuck.
Thanks again for an otherwise excellent collab multi-sig !
MarcG
The text was updated successfully, but these errors were encountered: