From c61b60b8fb3465bb4e08cc9280e690b9c0a60e9a Mon Sep 17 00:00:00 2001 From: darosior Date: Tue, 22 Oct 2019 12:40:48 +0200 Subject: [PATCH] README: move hsm_secret encryption infos into a dedicated part And tell about decryption/encryption with hsmtool --- README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2ee9f1ebd..8ee807bb9 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ c-lightning is a lighweight, highly customizable and [standard compliant][std] i * [Configuration File](#configuration-file) * [Further Information](#further-information) * [Pruning](#pruning) + * [HD wallet encryption](#hd-wallet-encryption) * [Developers](#developers) ## Project Status @@ -102,8 +103,6 @@ Once you've started for the first time, there's a script called `contrib/bootstrap-node.sh` which will connect you to other nodes on the lightning network. -You can encrypt the BIP32 root seed (what is stored in `hsm_secret`) by passing the `--encrypted-hsm` startup argument. You can start `lightningd` with `--encrypted-hsm` on an already existing `lightning-dir` (with a not encrypted `hsm_secret`). If you pass that option, you __will not__ be able to start `lightningd` (with the same wallet) again without the password, so please beware with your password management. Also beware of not feeling too safe with an encrypted `hsm_secret`: unlike for `bitcoind` where the wallet encryption can restrict the usage of some RPC command, `lightningd` always need to access keys from the wallet which is thus __not locked__ (yet), even with an encrypted BIP32 master seed. - There are also numerous plugins available for c-lightning which add capabilities: in particular there's a collection at: @@ -112,6 +111,9 @@ capabilities: in particular there's a collection at: Including [helpme][helpme-github] which guides you through setting up your first channels and customizing your node. +For a less reckless experience, you can encrypt the HD wallet seed: + see [HD wallet encryption](#hd-wallet-encryption). + You can also chat to other users at [#c-lightning @ freenode.net][irc2]; we are always happy to help you get started! @@ -202,6 +204,12 @@ If `bitcoind` prunes a block that c-lightning has not processed yet, e.g., c-lig In order to avoid this situation you should be monitoring the gap between c-lightning's blockheight using `lightning-cli getinfo` and `bitcoind`'s blockheight using `bitcoin-cli getblockchaininfo`. If the two blockheights drift apart it might be necessary to intervene. +### HD wallet encryption + +You can encrypt the `hsm_secret` content (which is used to derive the HD wallet's master key) by passing the `--encrypted-hsm` startup argument, or by using the `hsmtool` (which you can find in the `tool/` directory at the root of this repo) with the `encrypt` method. You can unencrypt an encrypted `hsm_secret` using the `hsmtool` with the `decrypt` method. + +If you encrypt your `hsm_secret`, you will have to pass the `--encrypted-hsm` startup option to `lightningd`. Once your `hsm_secret` is encrypted, you __will not__ be able to access your funds without your password, so please beware with your password management. Also beware of not feeling too safe with an encrypted `hsm_secret`: unlike for `bitcoind` where the wallet encryption can restrict the usage of some RPC command, `lightningd` always need to access keys from the wallet which is thus __not locked__ (yet), even with an encrypted BIP32 master seed. + ### Developers Developers wishing to contribute should start with the developer guide [here](doc/HACKING.md).