This is a preliminary, basic guide. More to come soon.
Jade uses a unique security model to protect your device from physical attacks by communicating with a blind oracle to unlock your device, essentially functioning as a virtual secure element. By default, Jade will communicate with Blockstream's blind PIN oracle, however you also have the choice to run your own. This guide is recommended for more technical users who are comfortable with command-line, though it should be fairly simple to set up for varying skill levels.
Note: This guide follows the basic process for setting up a personal PIN server on a Mac, however, the process should be fairly similar for other devices as well. You can only unlock Jade with this device if you follow these instructions, while more advanced users should understand how to set up a blind PIN server for remote access (via Tor to a Raspberry Pi for example), by adjusting the --set-url argument found in the python script below.
Blind Oracle Setup Process
1.
Open a terminal window on the device you would like to run your blind oracle on and enter the following:
$ git clone https://github.com/Blockstream/blind_pin_server.git
$ cd blind_pin_server
2.
Next, generate a new key using this command:
$ python3 -m venv venv
$ . venv/bin/activate
$ pip install --require-hashes -r requirements.txt
$ PYTHONPATH=.. python -m blind_pin_server.generateserverkey
3.
Run this command to build the docker image:
$ docker build -f Dockerfile . -t dockerized_pinserver
4.
Next, prepare a PIN directory:
$ mkdir pinsdir
5.
Run the docker image (copy all of the following and paste in one line):
$ docker run -v $PWD/server_private_key.key:/server_private_key.key -v $PWD/pinsdir:/pins -p 8096:8096 dockerized_pinserver
Point Jade to Personal Blind Oracle
Jade will need to be uninitialized in order to set a new blind oracle. If your Jade is already set up, you will need to perform a factory reset and restore using your recovery phrase. Your funds will be lost if you do not have the correct backup materials.
1.
Open a new terminal window and enter the following:
$ git clone https://github.com/Blockstream/Jade.git
$ cd Jade
2.
Plug in your uninitialized Jade and enter the command below:
$ python3 set_jade_pinserver.py --serialport <ENTERJADESERIALPORT> --set-pubkey ../blind_pin_server/server_public_key.pub --set-url http://127.0.0.1:8096
Tip: You can find the system location to enter for the --serialport argument on the Devices tab of the Blockstream app. For example: --serialport /dev/cu.usbserial-01ETCB87. Make sure to close the app afterwards otherwise you will be unable to run the command above.
3.
Confirm your pubkey and URL on Jade's screen. Your Jade will now communicate with the PIN server running on your device instead of Blockstream's. Then, if you are able to initialize Jade and enter a PIN, everything is set up properly.
Note: If you experience errors when setting your PIN, you may factory reset your device to return to using the default Blockstream blind PIN server.