Note: This application is currently in beta and should only be attempted by those who are confident of their wallet recovery process.
Blockstream Jade uses a powerful security model to protect your device from physical attacks by communicating with a blind oracle to unlock your device. Your blind oracle functions as a virtual secure element by holding the decryption mechanism to your wallet off-device, making Jade alone invulnerable to physical key extraction. This is unlike typical secure element devices, which hold everything needed to extract your keys on the actual hardware device itself.
By default Jade will communicate with Blockstream's blind oracle, however users also have the choice to run their own if they'd like. The following guide covers a simple personal oracle setup using Umbrel, however more advanced users can follow our guide here to run this on other software.
Pre-Requisites
- A machine running Umbrel
- An uninitialized Blockstream Jade
- If your Jade is already initialized, you will need to perform a factory reset
- Knowledge of Tailscale and/or Tor usage
- Tailscale is recommended for maximum reliability. Before continuing, make sure the Tailscale app is installed and enabled on Umbrel and any devices you want to connect Jade to.
- If Tor is not enabled on your Umbrel, visit Settings and turn on Remote Tor Access. You will also need Tor enabled on the same device as the companion app you want to unlock Jade with.
Current Limitations
The following functionality is not currently available if you run a personal blind oracle with Umbrel:
- Unlocking Jade using the Blockstream-hosted QR PIN Unlock page
- Upgrading Jade using the Blockstream-hosted web portal
- Switching between Tor and clearnet/Tailscale connections when using 3rd party apps
- You will need to choose either Tor or Tailscale as your primary URL when unlocking Jade with apps that are not Blockstream Green. Green can use your alternate URL as a fallback.
Personal Oracle Setup
1.
Navigate to the Umbrel App Store and install the Blockstream Blind Oracle app.
2.
Open the Blind Oracle app to view your oracle details. The default URL is your onion address, however if you have Tailscale set up it is recommended to paste the following into your browser address bar to set Tailscale as the default. This is highly recommended if you are using companion apps besides Blockstream Green.
- http://umbrel.local:3344/?urla=http://umbrel&urlb=http://[insert onion address]
Tip: Using the URL template above will allow you to unlock Jade when on your local network, as well as remotely if Tailscale is installed on your companion device (for example your phone that is running Blockstream Green).
3.
Turn on Jade and access the boot menu by clicking (not holding) the select button once while the logo screen is showing. Select Blind Oracle and then Scan Oracle QR. Confirm the details on screen and continue setting up Jade with PIN on your preferred companion app. Your Jade will now communicate with your personal blind oracle in order to initialize and unlock your device.
Note: If you have trouble connecting to your personal oracle, make sure Tor and/or Tailscale is configured properly on your companion device. You may also factory reset Jade to reconnect to Blockstream's oracle which solve any issues related to your personal oracle setup.