C-lightning connection QRcode

[openoms]

Related to https://github.com/rootzoll/raspiblitz/issues/2295#issuecomment-896263449 and https://twitter.com/openoms/status/1425363809967935491

Will provide connection details to a testnet node here, feel free to contact me if it is offline:

The node:

   "id": "02ad573e0318e45e3de419f789f076f71bcce230df13cde0a4c9adcdf3a1d9cd8f",
   "alias": "HOPPINGSPATULA",

Spark

Spark connection screen from Zeus v0.5.2: (no option to scan a QR):

Spark / Sparko connection details generated with:

config.scripts/cln-plugin.sparko.sh connect testnet

Host (port 443 (HTTPS)):
djx2snizyu24ew4mjghfuqvl2fa347aylanyhmiubxwfcjc3ur6aouid.onion
Access Key:
04cjUzZ2XckjxD3phCBg

QRcode format for Spark:

URL?access-key=accessKey

which would be:

https://djx2snizyu24ew4mjghfuqvl2fa347aylanyhmiubxwfcjc3ur6aouid.onion?access-key=04cjUzZ2XckjxD3phCBg

C-lightningREST

C-lightningREST connection screen:

Connection details generated with:

config.scripts/cln.rest.sh connect testnet

Host:
fmhghawsj5gpibj2pz52cb7t7fdqm3uuluqjh3ggpoj6kjmcmlhftwid.onion
Rest Port:
443
Macaroon (HEX):
02010b632d6c696768746e696e6702375475652041756720313020323032312031393a35313a353620474d542b303130302028427269746973682053756d6d65722054696d6529000006205bc7ce00e1d7842eb56d048ff8c1c9ae228d549d45f1de5fd531df1c726b503f

A simple example QR with all the info:

fmhghawsj5gpibj2pz52cb7t7fdqm3uuluqjh3ggpoj6kjmcmlhftwid.onion:443?02010b632d6c696768746e696e6702375475652041756720313020323032312031393a35313a353620474d542b303130302028427269746973682053756d6d65722054696d6529000006205bc7ce00e1d7842eb56d048ff8c1c9ae228d549d45f1de5fd531df1c726b503f

QRcode format

There are many standards: https://www.lightningnode.info/technicals/lightning.connect

Since Tor is built in both Zeus and RaspiBlitz will only use that to connect, but LAN is also available for testing.

To minimize the QRcode size I propose the following minimal format:

host.onion:port?access-key_or_HEX_macaroon?optional_ssl_cert

• all flags are dropped
• is the https:// prefix necessary when the port is specified anyway?
• also the :port can be optional if it is the default for HTTPS (443)
• as the Tor address is unique and unguessable verification of the (self-signed) SSL certificate is unnecessary, but it could be an option to show it after the macaroon?

[openoms]

From the discussion on https://twitter.com/openoms/status/1425363809967935491 it seems that a prefix for the host would be desired.

Question if we should identify the access-key / macaroon as well like in Spark wallet: https://URL?access-key=accessKey

The updated format with the host prefix and without the acces-key prefix is:

https://host.onion:optional_port?access-key_or_HEX_macaroon?optional_ssl_cert

the edited strings:

Spark for Zeus

https://djx2snizyu24ew4mjghfuqvl2fa347aylanyhmiubxwfcjc3ur6aouid.onion?04cjUzZ2XckjxD3phCBg

C-lightningREST

https://fmhghawsj5gpibj2pz52cb7t7fdqm3uuluqjh3ggpoj6kjmcmlhftwid.onion?02010b632d6c696768746e696e6702375475652041756720313020323032312031393a35313a353620474d542b303130302028427269746973682053756d6d65722054696d6529000006205bc7ce00e1d7842eb56d048ff8c1c9ae228d549d45f1de5fd531df1c726b503f

[Fonta1n3]

Hey guys,

My only feedback is that https seems pointless for Tor v3 endpoints. You can always add v3 authorized_clients for really secure auth. https://community.torproject.org/onion-services/advanced/https/ explains why https is redundant.

Fully Noded uses this format for quick connect QR codes. For c-lightning you can install a plugin like this. Its simple and works well. Would be great if more wallets supported it! If interested you can check out the simple guide here.

[openoms]

thanks for sharing. I am afraid the BTC standup URL format is entirely different from what LND and other CLN connect implementations use.

There is no username and instead of a password there is an access token. The host is clearnet by default (routed to a .onion) and always SSL encrypted with a self-signed certificate.

The Tor Auth is a great feature and would be really nice to see to be implemented in Zeus. Would worth a dedicated issue / feature request.

[openoms]

@kaloudis we would like to settle on a format to offer in the RaspiBlitz. Can we coordinate in a way that we could work together using a QRcode which might be used in Zeus later?

The alternative is offering some explanation to the user and make them paste the strings manually.

After all it would possibly make sense to stick to the Spark wallet format:

https://URL?access-key=ACCESS_KEY

Question is if we should use a similar format for C-lightningREST with a macaroon= flag?

Like: https://URL?macaroon=HEX_MACAROON

In both the URL should be interchangeable with

• URL:PORT
• TOR_ADDRESS.onion
• TOR_ADDRESS.onion:PORT

The optional communication of the SSL cert can be left for now as planning to .onion services for now.

What do you think?

[kaloudis]

This is workable for me. No flag for implementation - maybe called api, or interface?

[openoms]

No flag for implementation - maybe called api, or interface?

not sure what you mean, can you clarify where would you use those to specify the implementation?

There is access-key= or macaroon= to differentiate the type of data.

[kaloudis]

that would be OK, but macaroon is also used by LND

[openoms]

yes, that's C-lightningREST follows the LND macaroon model. Do you think it is necessary to be able to tell from the string which type of backend it belongs to?

BTW there is already a Scan lndconnect config option with C-lightningREST, but it does not work. Exists or goes to a white screen after scanning.

Since the data contained when connecting C-lightningREST is the same as with lnd might as well use the lndconnect format (with the optional certificate entry):

lndconnect://<host>:<port>?[cert=<base64url DER certificate>&]macaroon=<base64url macaroon>

[Bosch-0]

Bringing this back to life, would be great to see an easy way to connect to Lightning nodes used widely =)

[Bosch-0]

Opened up an issue on LDK / Eclair repos also relating to this - would be awesome is Zeus could just open your camera and scan and it would know how to read all the QR codes.

LDK Eclair

[openoms]

@kaloudis @Bosch-0 please update here if now there is a format expected to connect c-lightningREST and / or Spark Wallet /Sparko with only one QRcode.

[openoms]

There is progress for C-lightningREST: https://twitter.com/402PaymentReq/status/1549050970310471680

c-lightning-rest://http://your_hidden_service.onion:your_port?&macaroon=your_macaroon_file_in_HEX&protocol=http

It seems that the http:// part is redundant

[kaloudis]

format for CLNRest https://github.com/ZeusLN/zeus/pull/2294