search

vacuumlabs / cardano-hw-cli

Cardano CLI tool for hardware wallets
72 stars 24 forks source link

Unable to export governance keys using cardano-hw-cli and Ledger on Macbook #181

Open gregbgithub opened 2 months ago

gregbgithub commented 2 months ago

2.85.1 ledger live 7.1.3 cardano app

Cardano HW CLI Tool version 1.16.0-rc.1 Commit hash: e7225d91e0ddc6152ad973ba803d6c016cb14d7e

cardano-hw-cli address key-gen --path 1852H/1815H/0H/0/0 --path 1852H/1815H/0H/2/0 --path 1852H/1815H/0H/3/0 --path 1852H/1815H/0H/4/0 --path 1852H/1815H/0H/5/0 --path 1854H/1815H/0H/0/0 --path 1854H/1815H/0H/2/0 --path 1854H/1815H/0H/3/0 --verification-key-file /opt/cardano/cnode/priv/wallet/led/payment.vkey --verification-key-file /opt/cardano/cnode/priv/wallet/led/stake.vkey --verification-key-file /opt/cardano/cnode/priv/wallet/led/drep.vkey --verification-key-file /opt/cardano/cnode/priv/wallet/led/cc-cold.vkey --verification-key-file /opt/cardano/cnode/priv/wallet/led/cc-hot.hwsfile --verification-key-file /opt/cardano/cnode/priv/wallet/led/ms_payment.vkey --verification-key-file /opt/cardano/cnode/priv/wallet/led/ms_stake.vkey --verification-key-file /opt/cardano/cnode/priv/wallet/led/ms_drep.vkey --hw-signing-file /opt/cardano/cnode/priv/wallet/led/payment.hwsfile --hw-signing-file /opt/cardano/cnode/priv/wallet/led/stake.hwsfile --hw-signing-file /opt/cardano/cnode/priv/wallet/led/drep.hwsfile --hw-signing-file /opt/cardano/cnode/priv/wallet/led/cc-cold.hwsfile --hw-signing-file /opt/cardano/cnode/priv/wallet/led/cc-hot.hwsfile --hw-signing-file /opt/cardano/cnode/priv/wallet/led/ms_payment.hwsfile --hw-signing-file /opt/cardano/cnode/priv/wallet/led/ms_stake.hwsfile --hw-signing-file /opt/cardano/cnode/priv/wallet/led/ms_drep.hwsfile

received:

Details: DeviceStatusError: Action rejected by Ledger's security policy

Assistance would be appreciated

Scitz0 commented 2 months ago

I have gotten confirmation that 1854 path is blocked by ledger security policy for governance keys, ie role 3-5. It was suggested to use 1852 path even for multisig/script.

I have talked with some folks and CIP-1854 will get an update to include these additional governance roles. Was just missed to added. Though Ledger security policy update will most likely take some time, if at all added.

For now I will just use 1852H/1815H/0H/3/0 also for scripts.