I've updated my beta web interface for @netuoso Hive app for the Ledger hardware wallet. It now allows you to select the key for up to 10 accounts and will use Hive Keychain to add your selected public key into your account key auths.
Lets learn a little bit more about the Hive blockchain
On the blockchain, your account contains a set of public key roles (owner, active, posting and memo keys). This allows the blockchain to verify when dApps are signing your transactions with your one of your private keys.
For each role, the blockchain allows you to store multiple public keys to use for verification. What this allows are:
- signing transactions with different private keys
- allow another user to do things on your behalf without sharing your own keys
The use case #2 is what happens when you allow PeakD to schedule a post in the future or when you allow Steem Auto to follow a trail for you via HiveSigner. Those two dApps don't have your private keys but they can still do things on your behalf. What happens when you use HiveSigner to give them permission is you are adding their account into a list of authorised users.
With use case #1, it's very similar but instead of granting permission to a user account, you are granting permission to a key. This is very useful in the case of this Ledger project because this means I can extract the Ledger public key and tell the blockchain that I'm granting permission to this key to perform activities on my behalf. Alternatively, I could also replace my existing keys with the Ledger keys but that means that if I loose both my main Ledger device, the backup one and the recovery words, I won't be able to access my account anymore. Adding a key to the list of authorised keys means I can access my account with both my current keys and the one from the device. I can then write down my current keys on a piece of paper that I would keep somewhere safe. If anything happens with my devices I can always retrieve that piece of paper.
The beta web interface
So when you access the web interface, it will ask you to connect your Ledger device and launch the Hive app. You will then be presented with a form that allows you to extract the device public key and perform some basic actions: adding your device public key to your account authorised keys, sending HIVE/HBD to another user.
The Hive Ledger app allows you to generate private and public keys for a lot of accounts. That means you can use it to manage your main and all your alt accounts on Hive. For the beta, I've restricted it to 10 accounts only.
Each account can also have multiple sets of keys. You usually start with set #1 and if you ever need to change keys you would select the next set.
Each set of keys is composed of the Owner Key, the Active Key, the Posting Key and the Memo Key. You can only extract the public keys from the device, the private keys never leave the device which is why it is much safer because you won't share them with anyone or any dApp.
Granting permissions to the keys
Once you have selected your account number, your key set number and your key role, the interface will extract and display its public key and will ask you to confirm it by matching it with the one displayed on your Ledger device. Upon confirmation, it will present you with a button that will allow you to ask the blockchain to add the selected public key into your list of authorised keys for that role. This action will be performed by the Hive @Keychain browser extension.
There can be different strategies for which key to add to your list of authorised keys:
- you could add all of the 4 keys, although the Memo key is not yet fully supported
- you could add just the Owner and Active keys and use your current Posting key or Hive Keychain to perform post, comments and upvotes.
- you could add just the Active key because you only want to use the Ledger to perform financial transactions
- you could add just the Owner key because the owner key can perform all actions that can be done by the other keys including account recovery which is exclusive to the Owner key
Making a transfer using the Ledger device to sign the transaction
Once you have added the Active or Owner key (or both) to your list of authorised keys on the blockchain, you will be able to use your Ledger device to authorise transfer or Hive and HBD assets to another account.
Once you've filled the form and click on
Send, the details of the transfer will show up on your Ledger device and you will need to confirm each of the fields: from, to, amount, currency and memo. Please note that the blockchain only accepts the currency symbols STEEM and SBD but will actually map it to HIVE and HBD this is why the device will show STEEM and SBD for HIVE and HBD respectively. A future hardfork will change this behaviour.
Once you have confirmed and approved on your device, the web interface will receive the crypto signature from the device and will then submit the signed transfer request to the blockchain (Hive Keychain is not used here) and will display its response. Wait for a few minutes and double check that the transaction has been recorded by using a block explorer such as https://hiveblocks.com
- The beta web interface: https://tools.hivean.com/ledger.html
- Instructions for installing the Hive app on a Ledger device: https://hive.blog/hive-139531/@netuoso/hive-application-for-the-ledger-nano-s-x-hardware-wallet
- Using the Ledger Hive apps with Beem the Python library: https://peakd.com/hive-139531/@holger80/update-for-beem-support-for-ledger-nano-sx-has-been-added
My web interface won't be release open source, however, the library I'm working on that allows it to communicate with the Ledger device via Web USB will be release as soon as I can get the code ready.
Vote for my witness
On Hive, Witnesses are playing the important role of providing a performant and safe network for all of us. You have the power to choose 30 trusty witnesses to package transactions and sign the blocks that will go in the Hive blockchain. Vote for me via HiveSigner to support my work for the community.