Comments (9)
Thanks for getting in touch about this. I've got a lot on at the moment so I'm not sure when I'd be able to get around to it.
In order to get this more attention, could you provide more background information on the messages you're interested in and some more detailed use cases for the API? For example, method signatures that you'd like to use and so on.
from multibit-hardware.
Basically I will do SSH authentication with Trezor's ECDSA. In simple way, it works like this. SSH Server knows user's public key. Server sends some random challenge data to client, client (in our case Trezor) signs incoming data bytes with digital signature (in our case with ECDSA) and sends signature back to SSH Server. Server validates incoming data with public key and if it matches user is authenticated.
For SSH usecase I would rather use SignIdentity than simple SignMessage since its much more suitable for users - notably you can hide challenge data and display custom message. Details here:
https://doc.satoshilabs.com/slips/slip-0013.html
In practise my agent app will utilize two operations currently missing in MB Java API:
- SignIdentity() uses IdentityType's values to compute a BIP32 derivation path for a specific key-pair
- GetPublicKey() uses user-specified address_n as its BIP32 derivation path, computes the corresponding key-pair and returns only the public key part.
ecdsa_curve_name parameter should be set to "nist256p1" for SSH auth rather than "secp256k1" - which is used in btc.
One trick remaining to implement is converting IdentityType to BIP32 path. But I can do that in my app, it does not need to be part of MB Java API. Anyway it has been implemented in Python by Roman Zeyde already: https://github.com/romanz/trezor-agent/blob/master/trezor_agent/trezor/client.py#L107
If ever finished, my Windows tray app would allow using Putty, WinSCP or other (e.g. Git) Pageant compatible SSH clients with Trezor :-)
Thank You, Martin Lizner
from multibit-hardware.
Looks like the Trezor guys have removed the slip-0013 link for some reason (paging @prusnak) so I've had to plough on with some guesswork. Take a look at the sign_identity
branch and the TrezorV1SignIdentityExample
to get a first look at it.
from multibit-hardware.
It was moved to https://github.com/satoshilabs/slips/blob/master/slip-0013.md
from multibit-hardware.
Thanks, @romanz. I think the Trezor Connect documentation needs to be updated (see https://github.com/trezor/connect/blob/gh-pages/README.md).
from multibit-hardware.
Thanks a lot Gary! Could I also ask for PublicKey example? Im aware of requestPublicKey(int account, KeyChain.KeyPurpose keyPurpose, int index) but not sure whether its same.
message GetPublicKey {
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
optional string ecdsa_curve_name = 2; // ECDSA curve name to use
optional bool show_display = 3; // optionally show on display before sending the result
}
message PublicKey {
required HDNodeType node = 1; // BIP32 public node
optional string xpub = 2; // serialized form of public node
}
from multibit-hardware.
I suspect there is a trouble in TrezorMessageUtils.addressN(URI, int) or elsewhere. Given the same URI, index and ecdsa_name the PublicKey.HDNodeType.public_key and SignedIdentity.public_key should be equal. Which is not :-(
from multibit-hardware.
I've fixed the inconsistency between the PublicKey
and SignedIdentity
messages. It was due to a couple of bugs in the addressN structure generation as expected.
Ready for review and close.
from multibit-hardware.
Works like a charm! Thanks again Gary.
from multibit-hardware.
Related Issues (20)
- Improve shutdown process when no Trezor is attached HOT 2
- Simplify staging repository configuration HOT 2
- Support Trezor 1.3.3 (breaking change) HOT 6
- Support for P2SH is missing HOT 2
- Add support for MultiBit Commons HOT 2
- Add support for Ping HOT 2
- Add support for Bitcoinj 0.13.2 Alice 0.1.3 HOT 1
- Getting `Device not attached` error HOT 4
- Trezor API - Add support for Encrypt/Decrypt Message
- Trezor API - Add support for seed phrase recovery
- org.multibit.hd.hardware.core.domain.Identity - obstructing validation HOT 6
- Trezor API - Add support for passphrase HOT 2
- Trezor API - Identity URI bug HOT 1
- Trezor API - Multisession Operation HOT 1
- Trezor API - USB attach takes long time HOT 15
- Include a proper license header in source files
- TREZOR 1.4.0 fails on Windows HOT 3
- Trezor Examples only work intermittenly
- For more security spongycastle -> bouncycastle
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from multibit-hardware.