Offline methods to setup KeepKeys and configure/introspect accounts

[nuke-web3]

I want a way to be able in an clean OS and 100% offline environment:

1. Setup a new device with old firmware and bootloader
2. Configure the BIP39 passphrase option
3. View accounts on the app interface
4. View accounts on the KeepKey's screen

Is this presently possible?

In essence I would like the ability to use the keepkey to manage many accounts offline and "sneaker net" at least the public keys/accounts to use elsewhere. Ideally I would love to be able to actually use an QR code protocol to also airgap a device that I use with the keepkey from another that would transmit signed transactions similar to https://signer.parity.io/ .

I think at least setup with an outdated bootloader & firmware is possible now, as well as for sure an updated device can be used to generate a new seed & configure to use (or not) a password. But the only way I am able to see the accounts of the keepkey is by luck in the stdout of running the AppImage happens to emit some of these (default) accounts :face_exhaling: - offline has no functional way to interact with the wallet past PIN & password entry:

[nuke-web3]

I see that there is maybe a clunky way to interact with device via the bridge using POSTs to http://localhost:1646/spec/swagger.json defined endpoints from:

https://github.com/keepkey/keepkey-desktop/blob/8311ff251784951b8684f0ccd48b5a78b25e60fe/packages/keepkey-sdk/README.md?plain=1#L29

But I get a API key needed to access the device I cannot quite locate. Really here I think I am going down the wrong path to basically bypassing the app here in favor of direct https://github.com/keepkey/keepkey-sdk requests... I would love an offline GUI but if CLI commands would work now I would be willing to suffer it to get at air-gaped KK management simply of accounts.

[BitHighlander]

let config = {
    apiKey: process.env['SERVICE_KEY'] || 'test-123',
    pairingInfo: {
        name: process.env['SERVICE_NAME'] || 'KeepKey SDK Demo App',
        imageUrl: process.env['SERVICE_IMAGE_URL'] || 'https://github.com/BitHighlander/keepkey-desktop/raw/master/electron/icon.png',
        basePath: spec
    }
};

// init
const sdk = await SDK.KeepKeySdk.create(config);
console.log(config.apiKey);

The API key is returned from the SDK on pairing, as you can see from the logging. Applications are required to save this key locally.

Command-line interfaces (CLIs) also require no internet access. Building an app that can function offline is not far-fetched.

For reference, you can check out this Medium article: Creating a DApp for the KeepKey Desktop.

Alternatively, you can use Electrum for this purpose. They have a more developed flow for online/offline key exporting and sign transaction flows. You can find more information in the Electrum documentation.

Overall, KeepKey is air-gapped, so air-gapping an air-gapped computer may seem a bit silly. However, building a desktop application that only uses the public key (pubkey) might be something worth considering. We are actively exploring ways to ensure KeepKey users can access their funds even if Shapeshift's DNS goes down. Bundling apps within the native desktop client offline is on our roadmap, and an offline-only app could be a good starting point.

[nuke-web3]

Thank you very much for the reply :grin: I own keepkeys and use more networks than Electrum supports.

Overall, KeepKey is air-gapped, so air-gapping an air-gapped computer may seem a bit silly... KeepKey users can [not at this time] access their funds if Shapeshift's DNS goes down.

A product holding air-gaped keys that I must be granted access to via a remote 3rd party (to me and my keys) centralized server for even basic GUI local-only key access seems far more "silly" to me. I can see it's possible in the logs, just so far not supported in any way in this app as it is now.

Did those mentioned explorations to remove the requirement for active DNS find some (even basic) methods to allow offline key reading and account access? (No transactions or anything even if not possible).

I do note that was possible in previous KeepKey official applications, now deprecated. A simple interface without any embedded browser for simple operations was around for sure ~2017-2019 timeframe. I would be quite happy to use that for simple offline access to my keys.

https://shapeshift.com/library/keepkeys-integration-with-myetherwallet for example I would hope works for this purpose for the technically savvy: https://github.com/MyEtherWallet/MyEtherWallet#getting-started it's possible to build and run the wallet offline. But sadly is not supported either: https://github.com/MyEtherWallet/MyEtherWallet/issues/4529