Ledger Bitcoin App 2.1.1 sign psbt does not contribute a signature

[GambolingPangolin]

Using HWI 2.2.1 with Ledger Bitcoin App 2.1.1 to sign a P2SH-P2WSH multisig output does not work. There is no error, but the PSBT comes back from the call without the expected signature. Furthermore, on the device the signing workflow is not triggered.

[bigspider]

Are you able to check if the produced PSBT have both the witness-utxo and the non-witness-utxo fields?

For nested segwit transactions (P2SH-P2WPKH or P2SH-P2WSH), it's a known issue that the app returns fails to sign if either of witness-utxo and non-witness-utxo is missing (unlike other segwit transactions where a warning is shown if the non-witness-utxo is missing); the next release of the Ledger bitcoin app will fix this − but the warning can't be removed as signing is indeed less secure for those transactions without non-witness-utxo.

[GambolingPangolin]

Yes, the PSBT does have both fields set. It is not privacy sensitive, so I have attached the file here.

example.psbt.txt

[bigspider]

The psbt is missing the global xpubs, which the app relies on to identify the internal keys.
Hopefully adding those will allow signing successfully.

[GambolingPangolin]

Would you clarify? My understanding is that the bip32_derivs field on each input maps master key fingerprints to derivation paths on a per-key basis. This mapping is configured in the PSBT, and so in principle there is enough data to identify the desired key. To compute the master fingerprint, I use the root xpub m. While this has worked with past versions, the notion of master fingerprint is a little ambiguous in the literature, so perhaps that changed?

[bigspider]

I'm referring to the PSBT_GLOBAL_XPUB fields in the global map, per BIP-174; HWI uses them to reconstruct the exact multisig policy, and the app can't sign without that knowledge, because the multisig has to registered on the device first.

(It might have worked with versions of the Ledger bitcoin app before 2.1.0, but that wasn't very secure; from version 2.1.0, the multisig policy registration is compulsory − but HWI should be able to handle it)

[GambolingPangolin]

Thanks for the advice! I'll give that a try.

[Sjors]

I'm encountering something similar with a (native segwit) P2WSH multisig. Using the latest HWI master and the Ledger Bitcoin App 2.1.1. It seems that Bitcoin Core is not setting the global_xpubs field when you call walletprocesspsbt. cc @achow101

Having the device show a clear error message would be helpful here. As would more details in the --debug log.

[Sjors]

A workaround is to use Specter Desktop.

[KayBeSee]

because the multisig has to registered on the device first.

How does one go about registering the multisig on the device? I'm not seeing the register command in the docs. Can this be done via HWI?

cc @bigspider

[bigspider]

because the multisig has to registered on the device first.

How does one go about registering the multisig on the device? I'm not seeing the register command in the docs. Can this be done via HWI?

cc @bigspider

HWI doesn't currently have a specific API for that, as registration returns an hmac that is the responsibility of the caller to store. Therefore, at this time it registers the policy every time you show an address / spend from a multisig − which is redundant but at least it works.

I made a PoC of full integration some time back that also includes miniscript support.