BlockchainCommons / GordianSeedTool-iOS

Cryptographic Seed Manager for iOS
Other
38 stars 9 forks source link

FEATURE REQUEST: Import encrypted seed files for ColdCard, Passport, Etc. #138

Open ChristopherA opened 2 years ago

ChristopherA commented 2 years ago

Currently both ColdCard and Passport backup their seeds to SD cards, and encrypt them using 7zip (corrected).

I think (but don't know) that they are both just storing the seed words as a list.

However, they both have different schemes for how they do the gzip password.

Part one of this issue is to document what these two hardware signers do, what the resulting decrypted text look like, how and rationale for how the password is chosen (and how they suggest the password be stored) and if any other hardware signers backup to gzip files on SD cards or other media as well. We should share these details in the airgapped repo and a new thread in discussions there. Thus the first assignee for this issue to @shannona.

Once we've documented this, we should have a call out to the airgap community for a single standard for how these backups SHOULD be done. (I know that Blockchain Commons would prefer the community ur:crypto-envelope, but that is likely too far down the roadmap as it is new crypto and requires security reviews.)

If two or more companies want to support the same gzip'ed seed method (an existing one or a new one) we should support reading and writing these encrypted seeds from the file system in Gordian Seed Tool as a reference implemention. @shannona should assign this back to me at that point to puzzle when that feature should be added as a milestone issue for delivery.

cc/ @FoundationKen @zachherbert

FoundationKen commented 2 years ago

Hi @ChristopherA! Thanks for raising this issue. Having a common format would be a big benefit for users.

Note that Passport and ColdCard use the 7zip format, which uses AES 256 encryption. This makes 7zip quite resilient to brute force attacks on the encryption password.

Here is an example of the decrypted backup file contents from a Passport. Note that I have modified some of the contents of the file as it came from a working Passport (though for an empty wallet), so don't expect the seed checksum to match, for example.

# Passport backup file! DO NOT CHANGE.

# Private Key Details: Bitcoin
mnemonic = "point bitter illegal earth coral drip fossil village error defense dilemma music delay airport still text ticket whip pattern equal hazard emotion mesh inch"
chain = "BTC"
xfp = "2807AEC9"
xprv = "xprvs921ZrQH143K3JwSzesgtndYmdvgFHGFn62RqVfwZQz711fCwJ4kRMyRfUfNGodsBcJUUzpzG3kFXhfRPS991WABGGDTugLdS3tG9x6pNXq"
xpub = "xpub661MyMwAqRbcFnXR6gQhFvaW6fmAejz79Jx2dt5Z7kX4sozLrUNzyAHuWmNQD2q3coXvExXd71H7mx423KZWG61cbXnR2gkdt9Xrp2sC5ME"
raw_secret = "17a9d0b67108ace1432b7fd02773967c64782c789d5dbf786fd3a14981a7b8248d"

# Firmware Version (informational):
fw_version = "1.0.9"
fw_date = "February 3, 2022"

# User Preferences:
setting.accounts = [{"name": "Primary", "acct_num": 0}, {"name": "1", "acct_num": 1}]
setting.backup_quiz = true
setting.multisig_policy = 2
setting.next_addrs = {"0/7/1": 0, "0/7": 5}
setting.screen_brightness = 100
setting.shutdown_timeout = 0
setting.snake_highscore = 9
setting.terms_ok = 1
setting.units = 1
setting.validated_ok = 1
setting.words = true

# EOF

The encryption password in Passport Founder's Edition consists of 6 bytewords separated by spaces (e.g., "jade belt tied dull able yawn").

We had quite a bit of customer confusion over using bytewords as the backup password. Some were confused that they were not BIP39 words. Others thought that the words were their seed phrase.

For the next firmware release, we're currently planning to switch to a 20 decimal digit backup password (e.g., "1234 5678 1234 5678 1234"), which should remove those points of confusion, but we're open to discuss alternatives.

In both firmware versions though, we generate the password on Passport by hashing some of the unique hardware identifiers with the wallet seed to get a unique password for that device and seed combination. See make_backup_password(): https://github.com/Foundation-Devices/passport-firmware/blob/main/ports/stm32/boards/Passport/modules/export.py#L339

Let me know if there are any other specific questions.

shannona commented 2 years ago

We've got the start of some documentation here: https://github.com/BlockchainCommons/Research/blob/master/Investigation/Formats.md

More extensively documenting this and Coldcard (and other issues) is on my TODO.