Note: This application is currently in beta and should only be attempted by those who are confident of their wallet recovery process.
Jade uses a powerful security model to protect your device from physical attacks by communicating with a blind oracle to unlock your device. A blind oracle functions as a virtual secure element and instead holds the decryption mechanism to your wallet off-device, which makes Jade invulnerable to physical key extraction. This is unlike typical secure element hardware devices, which hold everything needed to extract your keys on the actual device itself.
By default, Jade communicates with Blockstream's blind oracle, however you also have the choice to run your own if you'd like. The following guide covers a simple personal oracle setup using Umbrel, however more advanced users can follow our alternative guide to run this on other software.
Pre-Requisites
- A machine running Umbrel
- An uninitialized Blockstream Jade
- If your Jade is already initialized, you will need to perform a factory reset.
- Knowledge of Tailscale and/or using Tor
- Tailscale is recommended for maximum reliability. Make sure the Tailscale app is installed and enabled on Umbrel and any devices you want to connect Jade to before continuing.
Current Limitations
The following functionality is not currently available if you run a personal blind oracle:
- Accessing Jade using QR PIN Unlock
- Upgrading Jade using the web portal
- Switching between Tor and clearnet/Tailscale connections when using third-party apps
- You will need to choose either Tor or Tailscale as your primary URL when unlocking Jade with apps that are not the native Blockstream app. The Blockstream app can use your alternate URL as a fallback.
Personal Oracle Setup Process
1.
Navigate to the Umbrel App Store and install the Blockstream Blind Oracle app.
2.
Open the Blind Oracle app to view your oracle details. The default URL is your onion address, however if you have Tailscale set up, we recommend pasting the following into your browser address bar to set Tailscale as the default.
- http://umbrel.local:3344/?urla=umbrel&urlb=[insert onion address]
Tip: Using the above URL will allow you to unlock Jade while on the local network, as well as remotely if Tailscale is installed on your device (for example your phone that is running the Blockstream app).
3.
Turn on Jade and access the boot menu by clicking (not holding) the center button once while the logo screen is showing. Select Blind Oracle → Scan Oracle QR. Confirm the on-screen details and continue setting up Jade with PIN on your preferred companion app. Your Jade will now communicate with your personal blind oracle in order to initialize and unlock your device.
Note: If you have trouble connecting to your personal oracle, you can factory reset Jade to reconnect to Blockstream's oracle.