Ledger application for signing Pocket Network transactions.
Written using Alamgu.
This application is compatible with
- Ledger Nano S, running firmware 2.1.0 and above
- Ledger Nano S+, running firmware 1.1.0
- Ledger Nano X
Note: Compatibility with Ledger Nano X is only possible to check on Speculos emulator, because the Nano X does not support side-loading apps under development.
On Linux, the "udev" rules must be set up to allow your user to communicate with the ledger device. MacOS devices do not need any configuration to communicate with a Ledger device, so if you are using Mac you can ignore this section.
No steps need to be taken in advance.
On NixOS, one can easily do this with by adding the following to configuration.nix:
{
# ...
hardware.ledger.enable = true;
# ...
}
For non-NixOS Linux distros, LedgerHQ provides a script for this purpose, in its own specialized repo. Download this script, read it, customize it, and run it as root:
wget https://raw.githubusercontent.com/LedgerHQ/udev-rules/master/add_udev_rules.sh
chmod +x add_udev_rules.sh
We recommend against running the next command without reviewing the script and modifying it to match your configuration.
sudo ./add_udev_rules.sh
Subsequently, unplug your ledger hardware wallet, and plug it in again for the changes to take effect.
For more details, see Ledger's documentation.
If you don't want to develop the app but just use it, installation should be very simple. The first step is to obtain a release tarball. The second step is to load that app from the tarball.
Additionaly, if you are using Nix, you can skip the tarball entirely and directly build/downoad and load the load.
First, follow our general instructions for getting started with Nix.
Second, please ensure that your device is plugged, unlocked, and on the device home screen.
Finally, run the following command to load the app on your device:
nix --extra-experimental-features nix-command run -f . $DEVICE.loadApp
where DEVICE
is one of
nanos
, for Nano Snanox
, for Nano Xnanosplus
, for Nano S+
The app will be downloaded (if you have our Nix cache enabled) and/or freshly built as needed.
Check the releases page of this app to see if an official build has been uploaded for this release. There is a separate tarball for each device.
First, follow our general instructions for getting started with Nix.
There is a separate tarball for each device. To build one, run:
nix-build -A $DEVICE.tarball
where DEVICE
is one of
nanos
, for Nano Snanox
, for Nano Xnanosplus
, for Nano S+
The last line printed out will be the path of the tarball.
Before installing please ensure that your device is plugged, unlocked, and on the device home screen.
By using Nix, this can be done simply by using the load-app
command, without manually installing the ledgerctl
on your system.
tar xzf /path/to/release.tar.gz
cd pocket-$DEVICE
nix-shell
load-app
/path/to/release.tar.gz
you should replace with the actual path to the tarball.
For example, it might be ~/Downloads/release.tar.gz
if you downloaded a pre-built official release from GitHub, or /nix/store/adsfijadslifjaslif-release.tar.gz
if you built it yourself with Nix.
Without using Nix, the ledgerctl
can be used directly to install the app with the following commands.
For more information on how to install and use that tool see the instructions from LedgerHQ.
tar xzf release.tar.gz
cd pocket-$DEVICE
ledgerctl install -f app.json
The bundled generic-cli
tool can be used to obtaining the public key and do signing.
To use this tool using Nix, from the root level of this repo, run this command to enter a shell with all the tools you'll need:
nix-shell -A $DEVICE.appShell
where DEVICE
is one of
nanos
, for Nano Snanox
, for Nano Xnanosplus
, for Nano S+
Then, one can use generic-cli
like this:
-
Get a public key for a BIP-32 derivation without prompting the user:
$ generic-cli getAddress --use-block "44'/635'/0'/0/0" { "publicKey": "3f903a00b0b9634b61de1fedee53dcd02ef6c94ec63529a20565b17f306ff0a9", "address": "e8ed4e23ebb4d59444fa8fe1a0e3a1171dfe6af2" }
-
Show the address on device for a BIP-32 derivation and obtain the public key:
$ generic-cli getAddress --verify --use-block "44'/635'/0'/0/0" a42e71c004770d1a48956090248a8d7d86ee02726b5aab2a5cd15ca9f57cbd71
-
Sign a transaction:
$ generic-cli sign --use-block "44'/635'/0'/0/0" --json '{"chain_id":"testnet","entropy":"-7780543831205109370","fee":[{"amount":"10000","denom":"upokt"}],"memo":"","msg":{"type":"pos/Send","value":{"amount":"1000000","from_address":"51568b979c4c017735a743e289dd862987143290","to_address":"51568b979c4c017735a743e289dd862987143290"}}}' Signing: <Buffer 7b 22 63 68 61 69 6e 5f 69 64 22 3a 22 74 65 73 74 6e 65 74 22 2c 22 65 6e 74 72 6f 70 79 22 3a 22 2d 37 37 38 30 35 34 33 38 33 31 32 30 35 31 30 39 ... 227 more bytes> 0217976c898df122bf71fe3f29fb9f5d61e6ea26f0fd327c89ea5a754df843e1044a5a6aad50df9ab7fd8a3a1ed78083b2925ab973168ed25c8556b7fcf3e500
The exact output you see will vary, since Ledger devices should not be configured to have the same private key!
the --use-block
argument to generic-cli
is required for the pocket app to select the correct ledger/host protocol.
Producing a transaction to sign, and assembling the resulting ed25519
signature with the transaction to send, are done with the pocket command-line.
See CONTRIBUTING.md.