Actions

How-to: Ledger Hardware Wallet in Qubes

From Whonix

(Redirected from Ledger)



Hardware-159264640.png

Info Qubes-Whonix ™ testers only!

Ambox warning pn.svg.png The concepts in this chapter are still valid but the applications and corresponding installation instructions may have changed in the meantime.

Introduction[edit]

Ledger wallets [archive] are a special type of commercial bitcoin wallet whereby a user's private keys are stored in a secure hardware device. Other commercial alternatives include Pi Wallet, TREZOR, BWALLET, KeepKey, Opendime, CoolWallet and others.

The major advantages of hardware wallets over software wallets include: [1]

  • Usually private keys are stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext.
  • Resistance to computer viruses that target theft from software wallets.
  • More secure and interactive than paper wallets that require importation to software.
  • Usually software on the device is open source.

The main principle is that cryptographic secrets (private keys) are fully isolated from easy-to-hack computers or smartphones. Ledger wallets use secure chips that are similar to the technology used in chip and PIN payment cards or SIM cards. [2]

Security Factors[edit]

Security Risks[edit]

Ambox warning pn.svg.png Warning: Hardware wallets are not bulletproof. The user must be sure to purchase a good-quality, authentic device manufactured by a trustworthy and technically competent company with a good reputation in security.

Potential risks of hardware wallets include: [3]

  • Compromised production process: Hardware backdoors could be introduced via intentional or unintentional actions that leaves security holes in the final product.
  • Device interdiction: No hardware wallet solution can deal with the threat of government programs that intercept hardware and modify them in transit to introduce backdoors.
  • Imperfect implementation: If bugs are present in the software, firmware or hardware, then attackers may be able to gain unauthorized access to the hardware wallet.
  • Insecure Random Number Generator (RNG): Security is reliant upon true randomness being generated by the source of entropy for the RNG, since it generates the wallet's private keys. This is hard to verify, and attackers may be able to recreate wallet keys if the RNG is insecure. [4]
  • Malware swapping recipient Bitcoin addresses: Malware on a PC could potentially trick the user into sending Bitcoin to the wrong address. Multi-factor confirmation of a recipient's Bitcoin address mitigates this risk.

Despite these risks, hardware wallets are considered a higher security solution than software wallets, since the latter must make private keys available in plain text in the computer's memory when transactions are signed -- any compromise by Bitcoin-targeting malware would enable theft of Bitcoins. [5]

Seed Backup Security[edit]

It is definitively safer to have at least two ledger hardware wallets. During initial setup the ledger does not verify all words of the seed; it only verifies two words of the 24-word seed. This means if one word is mistyped, it will be difficult later on to regain access to personal coins. On the other hand, two ledgers using the same seed should generate the same addresses, which proves the seed was correctly backed up.

Seed testing applications are available like BOLOS Seed Utility App [archive]. [6] [7] It is probably safer to avoid these tools since they are maintained by a third party and this adds complexity to the procedure.

Another alternative is to:

  1. note some generated addresses
  2. reset the ledger
  3. re-setup with the seed and see if it still uses the same addresses

Wallet Testing Security[edit]

Before storing any significant funds in a wallet, it is recommended to first test sending a small amount there and then trying to send it back. The reason is software bugs could potentially lead to the presentation of an address where the user does not own the corresponding private key.

The threat of losing funds due to software bugs is not just hypothetical. For instance, this user [archive] [8] utilizing MyEtherWallet.com lost over one thousand dollars due to a historical bug in the Ethereum Javascript implementation.

Threat Model[edit]

See Hardware Wallet Security.

Installation[edit]

Info A USB port is required if using the Nano S, Nano or HW1 ledger hardware wallets.


This comes with some technical challenges, although it is easier to use in combination with Qubes. First learn how to pass a USB device to an AppVM and attempt that procedure in order to iron out any eventual Qubes USBVM issues.

Qubes USB Proxy Installation[edit]

This step is mandatory for Qubes users.

Install Qubes USB Proxy. [9]

Install qubes-usb-proxy.

1. Update the package lists.

sudo apt-get update

2. Upgrade the system.

sudo apt-get dist-upgrade

3. Install the qubes-usb-proxy package.

sudo apt-get install qubes-usb-proxy

The procedure of installing qubes-usb-proxy is complete.

Chromium Installation[edit]

Chromium is required to run the Chrome applications ledger bitcoin and ledger ethereum. No additional software installation or account creation is needed.

In Qubes TemplateVM.

Open a terminal (konsole).

Install Chromium.

Install chromium.

1. Update the package lists.

sudo apt-get update

2. Upgrade the system.

sudo apt-get dist-upgrade

3. Install the chromium package.

sudo apt-get install chromium

The procedure of installing chromium is complete.

Electrum Installation[edit]

This step is optional and only necessary if you intend to use Electrum.

Electrum is installed by default in Whonix-Workstation ™, but several dependencies are required for a hardware wallet. [10] [11]

Install libudev-dev libusb-1.0-0-dev python3-btchip.

1. Update the package lists.

sudo apt-get update

2. Upgrade the system.

sudo apt-get dist-upgrade

3. Install the libudev-dev libusb-1.0-0-dev python3-btchip package.

sudo apt-get install libudev-dev libusb-1.0-0-dev python3-btchip

The procedure of installing libudev-dev libusb-1.0-0-dev python3-btchip is complete.

[12]

udev Rules[edit]

1. Open a terminal in Qubes TemplateVM.

Open a terminal (konsole). [13]

sudo adduser user plugdev

Open file /etc/udev/rules.d/20-hw1.rules in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security [archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /etc/udev/rules.d/20-hw1.rules

2. Add the following settings. [14]

SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1b7c", MODE="0660", OWNER="user", GROUP="plugdev"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="2b7c", MODE="0660", OWNER="user", GROUP="plugdev"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="3b7c", MODE="0660", OWNER="user", GROUP="plugdev"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="4b7c", MODE="0660", OWNER="user", GROUP="plugdev"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1807", MODE="0660", OWNER="user", GROUP="plugdev"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1808", MODE="0660", OWNER="user", GROUP="plugdev"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000", MODE="0660", OWNER="user", GROUP="plugdev"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001", MODE="0660", OWNER="user", GROUP="plugdev"

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", OWNER="user", GROUP="plugdev", ATTRS{idVendor}=="2c97"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", OWNER="user", GROUP="plugdev", ATTRS{idVendor}=="2581"

Save.

3. Shut down Qubes TemplateVM.

4. Start the VM which is supposed to interact with the ledger hardware wallet, which we will call ledger VM.

Ledger Application Installation[edit]

Graphical User Interface[edit]

For graphical user interface instructions, which are easier but less secure, click on expand on the right.

Command Line[edit]

For command line instructions, which have worse usability but are more secure, click on expand on the right.

Security

These instructions are more secure, because --host-rules="MAP * 127.0.0.1, EXCLUDE *.google.com, EXCLUDE *.googleusercontent.com, EXCLUDE *.gstatic.com" is used; only connections to Google (the Chrome Web Store) are allowed. Any (accidental) connections to other destinations which could be harmful for privacy or security are prevented.


Ledger Manager

Run.

chromium --host-rules="MAP * 127.0.0.1, EXCLUDE *.google.com, EXCLUDE *.googleusercontent.com, EXCLUDE *.gstatic.com" https://chrome.google.com/webstore/detail/ledger-manager/beimhnaefocolcplfimocfiaiefpkgbf


Ledger Wallet Bitcoin

Run.

chromium --host-rules="MAP * 127.0.0.1, EXCLUDE *.google.com, EXCLUDE *.googleusercontent.com, EXCLUDE *.gstatic.com" https://chrome.google.com/webstore/detail/ledger-wallet-bitcoin/kkdpmhnladdopljabkgpacgpliggeeaf


Ledger Wallet Ethereum

Run.

chromium --host-rules="MAP * 127.0.0.1, EXCLUDE *.google.com, EXCLUDE *.googleusercontent.com, EXCLUDE *.gstatic.com" https://chrome.google.com/webstore/detail/ledger-wallet-ethereum/hmlhkialjkaldndjnlcdfdphcgeadkkm


Ledger Wallet Ripple

Open a terminal.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Workstation ™ AppVM (commonly named anon-whonix)Xfce Terminal

If you are using a graphical Whonix with XFCE, run.

Start MenuXfce Terminal

Run.

curl --tlsv1.2 --proto =https --location --remote-name https://apps.ledgerwallet.com/ripple/download/linux_deb_64.deb

Usage[edit]

Info Qubes will not detect ledger before the PIN has been entered. This is probably because ledger does not announce itself before that.

  1. Physically connect the ledger hardware wallet to a USB port.
  2. Enter the PIN.
  3. Start the ledger VM.

Ledger Applications[edit]

Graphical User Interface[edit]

For graphical user interface instructions, which are easier but less secure, click on expand on the right.

Ledger Manger / Ledger Wallet Bitcoin / Ledger Wallet Ethereum

  1. Start Chromium.
  2. Click applications.
  3. Choose a ledger application and start it.

You can also refer to the instructions on the ledger hardware wallet homepage [archive].


Ledger Wallet Ripple

Undocumented. Please refer to command line instructions below or the instructions on the ledger hardware wallet homepage [archive].

Command Line[edit]

For command line instructions, which have worse usability but are more secure, click on expand on the right.

Security

These instructions are more secure, because chromium is launched on the command line with switch --app-id=app-id. This results in only starting the ledger application so outgoing connections are limited to a minimum.


Ledger Manager

Run. [15]

chromium --app-id=beimhnaefocolcplfimocfiaiefpkgbf


Ledger Wallet Bitcoin

Run. [15]

chromium --app-id=kkdpmhnladdopljabkgpacgpliggeeaf


Ledger Wallet Ethereum

Run. [15]

chromium --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm


Ledger Wallet Ripple

Run.

sudo dpkg -i linux_deb_64.deb

Electrum[edit]

An Electrum wallet will only show legacy bitcoin addresses and their balances or segwit wallet bitcoin addresses and their balances, not both. It is possible to have multiple Electrum wallets and switch between them.

Electrum will ask for derivation path.

  • The default is m/44'/0'/0' for legacy bitcoin addresses.
  • You should use m/49'/0'/0' for segwit bitcoin addresses.

Troubleshooting[edit]

Qubes R4[edit]

The Qubes R4 USB widget formerly had bugs such as showing the USB device was connected to a VM while qvm-usb -- the command line authority whose judgment should be trusted more -- disagreed or showed the same USB device more than once in the menu. [16]

If similar issues re-emerge, follow these steps.

1. Physically connect the ledger hardware wallet to a USB port.
2. Run the following command to get an overview of USB devices detected by Qubes.

qvm-usb

3. Check the output is similar to the following.

BACKEND:DEVID  DESCRIPTION               USED BY
sys-usb:2-1.1  Logitech_USB_Keyboard     
sys-usb:2-1.2  PixArt_USB_Optical_Mouse  
sys-usb:2-1.4  Ledger_Nano_S_0001        

4. Use the following command to connect the ledger hardware wallet to the preferred VM.

Replace ledger-debian-buster with the actual name of the VM.

qvm-usb attach ledger-debian-buster sys-usb:2-1.4

BIOS[edit]

The USB device might be passed to the ledger VM, but ledger applications may not recognize the ledger hardware wallet. If that occurs, try the following in BIOS settings:

  • disable Legacy USB Support
  • disable XHCI Pre-Boot Mode
  • attempt flipping other USB-related BIOS options

It is unnecessary to reinstall Qubes.

Ledger[edit]

To troubleshoot Ledger problems, try the following:

  • attempt to connect to Ledger Manager first
  • update the firmware of the Ledger hardware wallet by connecting it to a non-Qubes Linux computer (where connections are possibly using Ledger Manager)

See also: Dev/Ledger Hardware Wallet.

Donations[edit]

After setting up a hardware wallet, please consider making a donation to Whonix ™ to keep it running for many years to come.

Donate Bitcoin (BTC) to Whonix ™.

3CQ2BiFyzfXLv3JYhaBBr8hvLrfpdwZ56f

Footnotes[edit]

  1. https://en.bitcoin.it/wiki/Hardware_wallet [archive]
  2. https://ledger.zendesk.com/hc/en-us/articles/115005198485-Hardware-wallets-FAQ [archive]
  3. https://en.bitcoin.it/wiki/Hardware_wallet [archive]
  4. The attacker generates psuedo-randomness that is indistinguishable from true randomness, but is still predictable.
  5. https://ledger.zendesk.com/hc/en-us/articles/115005198485-Hardware-wallets-FAQ [archive]
  6. This repository contains an application for the Ledger Nano S that allows the user to verify the backup of their BIP 39 mnemonic by comparing it to the master seed stored on the device.

  7. https://www.reddit.com/r/ledgerwallet/comments/6ez4qs/ledger_nano_s_seed_utility_app_released/ [archive]
  8. Web citation [archive].
  9. See: Problem with adding USB device to a VM [archive].
  10. https://electrum.readthedocs.io/en/latest/hardware-linux.html [archive]
  11. Broken link: https://ledger.groovehq.com/knowledge_base/topics/how-to-setup-electrum-nano-slash-nano-s [archive]
  12. This is probably outdated: TODO: bug report against https://packages.debian.org/buster/python-btchip [archive] ? python-pip warning: See Avoid Third Party Package Managers!
    python3 -m pip install btchip-python

  13. Further research is required to confirm if this step is still necessary. The issue appears to have been fixed, see: Ledger Nano S not detected on Linux [archive].
  14. Broken link: https://ledger.groovehq.com/knowledge_base/topics/ledger-wallet-is-not-recognized-on-linux [archive]
  15. 15.0 15.1 15.2 Note: using --host-rules="MAP * 127.0.0.1, EXCLUDE 127.0.0.1" will not work.
  16. USB devices shown multiple times in devices popup menu #3266 [archive]


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Join us in testing our new AppArmor profiles [archive] for improved security! (forum discussion [archive])

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.