search

airgap-it / airgap-vault

The AirGap Vault is installed on a spare smartphone that has no connection to any network, thus it is air gapped. This app handles the private key.
MIT License
396 stars 110 forks source link

BIP39 Passphrase Active Secrets #44

Closed trymeouteh closed 10 months ago

trymeouteh commented 3 years ago

Please add a setting when you create or import an active secret were you can add a BIP39 Passphrase. This way you can separate your wallets by the BIP39 passphrase.

Currently you can add a BIP39 passphrase when you Add Account (Creating a new wallet) and this allows you to have multiple bitcoin wallets under one active secret by changing the BIP39 Passphrase for each bitcoin wallet. I am not against this method but would personally also like to see the BIP39 option to be applied to the active secret like this so you can have multiple bitcoin wallets but they are under different active secrets.

Active Secret 1
crumble walnut blush tone cousin never taste silk disease border remind picnic

Active Secret 2
crumble walnut blush tone cousin never taste silk disease border remind picnic mypassphrase1

Active Secret 3
crumble walnut blush tone cousin never taste silk disease border remind picnic mypassphrase2

Active Secret 4
manage woman gym hammer park solar guard prevent toilet arctic pig feed

Active Secret 5
manage woman gym hammer park solar guard prevent toilet arctic pig feed mypassphrase1

Active Secret 6
manage woman gym hammer park solar guard prevent toilet arctic pig feed mypassphrase2
AndreasGassmann commented 3 years ago

While I like the idea of having a more "persistent" BIP39 representation (eg. as a separate "secret"), I would be against storing the BIP39 passphrase on the device.

We could achieve this by adding a new secret with a new master fingerprint, but referencing an existing mnemonic. If that mnemonic is read from storage for signing purposes, but the master fingerprint doesn't match, we know that a BIP39 passphrase has to be provided.

So the flow for tx signing would basically stay the same, but the account creation would be different because the BIP39 passphrase would be entered on the secret level beforehand, not during the "Add account" step.

This method also has the advantage that it is less error prone because if there is a typo, we can fail (because the master fingerprint doesn't match anymore).

We'll take this feature into consideration for a future release.

Giszmo commented 2 years ago

I am confused about the "passphrase" when creating an active secret(?). When dealing with mnemonics, reading "passphrase" makes me assume this is a BIP39 passphrase. Is it not?

AndreasGassmann commented 2 years ago

The "passphrase" during the secret setup is a password used to encrypt the secret on the device. It is not related to the BIP39 passphrase.

The renaming of "password" to "passphrase" in the context of secret generation was a regression. We now changed all usages of "passphrase" outside of the context of "BIP39 passphrases" to "encryption password".

We have an FAQ entry that describes the differences between some of the words we use: https://support.airgap.it/FAQ#what-is-the-difference-between-a-secret-seed-phrase-recovery-key-and-password

The word "Secret" was chosen instead of "Mnemonic" because:

  1. Originally the idea was that not only mnemonics can be stored in the Vault, but also other keys like SSH or GPG keys. This is currently not our focus, but still something we might do.
  2. The word "Mnemonic" can be confusing for new users.

We have had discussions if we should change the name "Secret" to "Recovery Phrase" or "Seed Phrase" instead, but we weren't convinced enough to make the change. If you have any input, please let us know.