search

aido / app-seed-tool

A Ledger application that provides some useful seed management utilities
Apache License 2.0
49 stars 3 forks source link

Make SSKR generation flow less confusing #30

Open clouedoc opened 8 months ago

clouedoc commented 8 months ago

Describe the bug

When opening the app, I'm presented with two choices:

My intent is to generate SSKR shards to backup my secret key.

I needed to read the README.md to understand that after entering my BIP39 key, I will be able to generate SSKR shards.

Expected behavior

I would like to see a menu item called "Generate SSKR recovery shards". I would like to not have to type my BIP39 seed (after all, it's supposed to already be inside the device)

aido commented 8 months ago

Hi again @clouedoc

I would like to not have to type my BIP39 seed (after all, it's supposed to already be inside the device)

Unfortunately this is how the app has to work. Even though a seed is stored on a device, due to the security of the Ledger devices apps have no way of accessing the seed directly. This is actually a good thing.

To work around this security feature the app has to make a user prove that they know the seed. It uses a little trick to make sure that the user supplied seed can derive the same master key as the onboarded seed. If the derived master keys match then the user supplied seed is correct. Ledger's own "Recovery Check" app uses the exact same technique. This is also why the app uses the SSKR standard and cannot use SLIP-39 for share generation. SSKR can do a BIP39 <-> SSKR roundtrip whereas SLIP-39 cannot ... very important

The flow diagram here attempts to explain that a user must first supply the correct BIP39 phrase before they will be offered the option of generating the SSKR shares:

https://github.com/aido/app-seed-tool?tab=readme-ov-file#ledger-nano-application-menus

aido commented 8 months ago

Also, when app-seed-tool is released for installation via Ledger Live there will be a blog post written explaining the origins and purpose of the app.

This Ledger blog post has been written but not published yet and it will contain some details on how to use the app too.

clouedoc commented 8 months ago

I see, I understand better the technological constraints behind this decision.

From what's left to salvage in terms of ergonomic, I believe that it would be better to have a menu named "generate SSKR shares" that asks for the seed, rather than having a menu named "Check BIP39 seed".

I was confused before reading the diagram, I thought the SSKR Shares generation feature was just missing because I messed up something when building. It took me a minute before thinking about reading the README.md again.

(btw, it was a nice idea to include the diagram, because I'm not sure I would have taken the time to type my BIP39 seed)

aido commented 8 months ago

I may add a menu item as you suggest that links back to the same flow as the "Check BIP39 Phase" menu. That may make things less confusing. I am limited to how many menus I can add to Ledger S devices due to the capacity of that device.