Note: This application is currently in beta and should only be attempted by those who are confident of their wallet recovery process.
Blockstream Jade uses a powerful security model to protect your device from physical attacks by communicating with a blind oracle to unlock your device. A blind oracle functions as a virtual secure element, and instead holds the decryption mechanism to your wallet off-device which makes Jade alone invulnerable to physical key extraction. This is unlike typical secure element devices, which hold everything needed to extract your keys on the actual hardware device itself.
By default Jade will communicate with Blockstream's blind oracle, however users also have the choice to run their own if they'd like. The following guide covers a simple personal oracle setup using Umbrel, however more advanced users can follow our guide here to run this on other software.
Pre-Requisites
- A machine running Umbrel
- An uninitialized Blockstream Jade
- If your Jade is already initialized, you will need to perform a factory reset
- Knowledge of Tailscale and/or Tor usage
- Tailscale is recommended for maximum reliability. Make sure the Tailscale app is installed and enabled on Umbrel and any devices you want to connect Jade to before continuing.
Current Limitations
The following functionality is not currently available if you run a personal blind oracle:
- Accessing Jade using QR PIN Unlock
- Upgrading Jade using the web portal
- Switching between Tor and clearnet/Tailscale connections when using 3rd party apps
- You will need to choose either Tor or Tailscale as your primary URL when unlocking Jade with apps that are not Blockstream Green. Green can use your alternate URL as a fallback.
Personal Oracle Setup
1.
Navigate to the Umbrel App Store and install the Blockstream Blind Oracle app.
2.
Open the Blind Oracle app to view your oracle details. The default URL is your onion address, however if you have Tailscale set up it is recommended to paste the following into your browser address bar to set Tailscale as the default.
- http://umbrel.local:3344/?urla=umbrel&urlb=[insert onion address]
Tip: Using the URL above will allow you to unlock Jade when on the local network, as well as remotely if Tailscale is installed on your device (for example your phone that is running Blockstream Green).
3.
Turn on Jade and access the boot menu by clicking (not holding) the center button once while the logo screen is showing. Select Blind Oracle and then Scan Oracle QR. Confirm the details on screen and continue setting up Jade with PIN on your preferred companion app. Your Jade will now communicate with your personal blind oracle in order to initialize and unlock your device.
Note: If you have trouble connecting to your personal oracle, you can factory reset Jade to reconnect to Blockstream's oracle.