Closed jleni closed 5 years ago
Fixed in PR https://github.com/tendermint/ledger-validator-app/pull/10 and merged in #121
Does this mean that as long as the Ledger was upgraded to 1.5.5 everything is fine and the derivation didn't change?
Yes, this issue would not be applicable in that case. Only if you are using 1.4.2 and did compile from source.
To confirm, you can always run the python script offline and check the keys:
I explained a bit more here: https://github.com/tendermint/tendermint/issues/3320#issuecomment-471567939
The validator app generates different keys when compiled with different SDKs. The reason is that when upgrading the SDK / Firmware, the behavior of
os_perso_derive_node_bip32
changes.os_perso_derive_node_bip32_seed_key
(only exists in 1.5.5)
os_perso_derive_node_bip32
os_perso_derive_node_bip32_seed_key
os_perso_derive_node_bip32
The new derivation approach used by ledger has also been made available as a python script: https://github.com/LedgerHQ/orakolo/blob/master/src/python/orakolo/HDEd25519.py
In order to avoid any inconvenience, this issue recommends upgrading to
os_perso_derive_node_bip32_seed_key
making the app incompatible with 1.4.2 and requiring SDK >= 1.5.5Note: This should not affect the Tendermint app in the Ledger Live, but may affect people compiling directly from source code