Obsidian Systems - Hardware Wallet Support in CKB-CLI and Additional Ledger Features

Welcome to check this announcement , there are their demo video for Obsidian System’s last grants and what they want to do in the next Grants: including support CKB-CLI including send, receive, import key, NervosDaooperations (DepositDAO and withdrawDAO) on the Ledger Nano S and X.

Addition feature contains List of Multiple Connected Ledger Devices,Ledger support via plugin, agnostic signing support for hardware wallets, multi-sig lock script signing, and LedgerJS maintenance and improvements.

@mike-obsidian does that mean we could use ledger wallet to sign the transaction from Dapp?

This dosent tell me an ETA though, we’ve been waiting for months. Will it be more monthsm or weeks?

Our focus has been on CKB and supporting all the transaction variants and DAO interactions someone can do with it. We’re progressing along at roughly the pace we outlined in our grant so I’d expect us to be code complete in July if things continue at this rate.

If there are specific operations or cases you’d like to know about, feel free to share them and I’ll let you know where support stands!

2 Likes

So once this grant is done I will be able to download the application directly from ledger? I wont need to go through a tutorial to get it to work? Basically, once you are finished anyone would be able to do it?

Once we are code complete we will submit the application to Ledger. They then perform a security review of the app before listing it. The timeline for that process is dependent on their team.

If there is no UI for using the application it will be listed in Developer Mode until a UI is in place. A UI is outside the scope of this proposal.

Any updates?

Cool, but any updates on the ledger app. I’m glad you’re figuring out new fun stuff. The focus is on the app since that is what the original grant was for. I just want to stake my coins… Have you ever held coins that could be making 3.5% a year, but because the wallet you made for them was done offline and you want to keep it like that so there is a 0% chance your private key are exposed, you can’t get this reward. Now imagine there is a team that originally said in 5 weeks we will have a ledger app! YAY!!! You wait, they needed more time, a little frustrated, but what can you do, right? another 5 weeks, then another 4 weeks, now another 2 weeks. Then you ask for an update on the app, what you’ve been waiting for, and you’re given a guide on something that has nothing to do with the LEDGER APPLICATION. Its like you’re trying to do the absolute worst PR with this grant. Focus… I’m not alone with these thoughts. Others are waiting for SECURITY because we DESIRE it. You guys are the gatekeepers to this security and you’ve managed to take your original ETA and double it. This is before you even send it off for approval. The fact that you’re exploring other avenues instead of putting all effort to completing the app is concerning, no matter what gems you find. If I’m hired to wash windows and I start doing landscaping my peers will probably call me an idiot. Even though the landscaping is not counterproductive in itself, I wasn’t hired to do it. It’s like the kid with ADHD who’s hoping from one thing to another, focus, please. Get. The. Application. Sent. For. Approval. Then. You. Can. Tinker. With. Other. BS.

Before you call this “aggressive” and I receive the same comments as before, its not. You guys have taken forever and are doing other things with your time apparently, this is tame.
Remember, there’s a difference between passive aggressive and aggressive.

Have a great day!!!

2 Likes

Hi everyone - here’s an update on this grant’s progress: https://medium.com/@obsidian.systems/nervos-ledger-app-status-update-2-72634aca2c28

2 Likes

We’ve just released v0.3.0 of the Nervos Ledger app! This release has been shared with Ledger for them to review.

This release includes all the Milestone 1 features from our proposal and the additional features we mentioned in our last status update. Here’s a summary:

  • account subcommands: import, extended-address, bip44-addresses
  • wallet subcommands: get-capacity --derived, transfer
  • dao subcommands: deposit, prepare, withdraw
  • Multisig and Timelock Addresses
  • Transactions with multiple outputs
  • Transactions with inputs from different lock-args (signed both with wallet transfer or tx sign-inputs)
  • Message signing: either as binary hex, a string, or pre-hashed data

I’d also like to note:

  • Our fork of CKB-CLI supports communication with multiple Ledger devices. This will be incorporated in our plugin, which is already in progress
  • We are using the latest SDKs from Ledger, which means both devices use the new UI - you will notice a difference from our last video presentation!
  • We’ve written 38 automated tests which can be run against Ledger’s emulator (Speculos) or real hardware

While this app should not be used in production yet, I encourage any interested party to try the app and provide feedback!

5 Likes

Last week we issued new releases which finalize development under this grant! We issued a new version of the Ledger app with some small improvements, the first release of the Ledger Plugin, and we supported all the Ledger app’s functionality in LedgerJS.

  • Ledger App: 833cdf8f2f32379656efee895d86401ab5c74953 (v0.4.0)
  • LedgerJS: 75595a0a603e1feaa654868689d017c804c6d3eb
  • Ledger Plugin: a933d2a4e6596b3028f196406330b747a1177560 (v0.1.0)

If you’d like to try using these yourself we recommend using the ledger-support-plugin branch of our fork of CKB-CLI, git hash 08bf2f52d479f8adff3591009f163b298b379632. This branch is identical to branch of CKB-CLI provided to us for testing (thanks!), except it contains patches two issues:

  1. After installing plugin the default keystore does not work due to missing password #325
  2. Default path for hardware wallets should be “m/44’/309’/0’”

While we do not recommend using this app on mainnet yet, if you’d like to try it on test/dev networks, here’s how to get started:

We will continue to work with Ledger to have this app listed in Ledger Live (Developer Mode is the current target until a UI is in place) and address any issues that come up during their security review.

Thanks very much to Nervos for their support!

6 Likes

Hi Everyone - while we have been waiting for this application to be listed in Ledger Live, we made some additional improvements! Here’s the latest and greatest of each repository we’ve worked on under this grant:

We’ve done our testing against https://github.com/nervosnetwork/ckb-cli/tree/ledger-support

These new releases contain an overhaul to the application’s automated testing infrastructure, some changes in response to the Neuron team so we can best make sure the app is supported well in Neuron, and several bug fixes and miscellaneous clean ups. We’ve also added an entirely new feature - custom script support!

Custom Script Support

Starting with v0.5.0, the app now supports signing transactions with custom scripts! Some backstory - for security purposes, prior version have rejected signing when script data was present. The app couldn’t parse this information and verify the script was not malicious. Since the user’s expectation when signing with a ledger app that they are able to verify the contents of what we are signing so they know they are secure, unknown data would have been considered a vulnerability.

The app now has a configuration to ‘allow contract data.’ By default this is turned off, so the app still rejects transactions with custom script data by default. But if you enable this feature any transaction with custom scripts can be signed and you will see an additional prompt in the device UI which tells you if custom data is present or not.

This feature opens up many new possibilities - most notably signing sUDTs and ACP scripts! In the future, we may identify known scripts which are popular amongst the community in the app.

5 Likes