openHW project 0.5

Open hardware wallet. Supports Arduino AVR / ESP/ STM chips (atmega328 included), Emercoin / Bitcoin / Ethereum etc compatible

Made by Denis https://github.com/DenisDx/openHW

I welcome the use of this code, or parts of it, in any application that enhances the security and privacy of users. Feel free to ask questions. The code is based on a number of libraries listed in the corresponding section of this document.

The project is being developed with the support of the Emer community as a part of the Emer's infrastructure

Abstract

openHW is an open-sourse free-licensed project aimed at developing a universal hardware wallet code that supports a wide range of computer chips (including the weakest ones) as well as a wide range of popular boards The main emphasis is on the simplicity of program code integration, simplicity of building and configuring. However, the cryptography used to preserve sensitive data is strong enough to ensure the security of the data at an industrial level if the wallet used correctly.

One of the scenarios for using this code is when the end user buys the device compatible with the code and flashes it himself. An alternative is to buy a device specially designed for use with this firmware, but with the subsequent flashing of the code by the user himself.

This important point provides the user with sufficient assurance that the device does not have built-in backdoors allowing the attacker who sold it to gain access to sensitive information.

We believe that only open-source firmware and self-flashing on independent devices can provide sufficient security guarantees today.

How to use

The ready-to-use device with firmware is connected to a computer or smartphone (hereinafter - the Host) via USB cable or via Bluetooth (if supported by the choosen board)

Host must have openHW-compatible software installed (e.g. EmerAPI KeyKeeper app). The device can be automatically detected or set in the program settings on the host.

At the first connection the user is offered to load his private key (and optionally the second private key for the Plausible deniability scheme) into openHW After the private key(s) is loaded, it is proposed to create a PIN code to protect the private key in case the device is stolen (and, optionally, a second PIN to be reported as a real)

Optionally, a Private Key Encryption Password can be set, which binds openHW to a specific host and makes it impossible to obtain the Private Кey in case the device is stolen.

Further, to perform any operations that require the use of the private key (signing transactions and messages, initiating secure ECDH channel, encryption and decryption) it will be necessary to connect the device to the host and enter the PIN Optionally, the user can be required the hardware button to be pressed (if it exists on the selected board)

When operating without a Password Encryption scheme, the key can be used on any host that has compatible software installed. With the Encryption Password scheme, the key can only be used with one host. If the host is broken or stolen, the device will not be able to use the key (you will need to re-program the private key on the device)

The Password Encryption scheme is preferred for storing valuable information. Don't store the openHW device and the host device in the same place, as stealing both devices can probably allows the Intruder to gain access to your Private Key.

Multiple openHW devices can be mapped to a single host; one openHW device can be paired with multiple hosts.

Attention! DO NOT use the openHW device as the only place to store your private key. Be sure to keep a copy of the master password on paper in a safe place (can be stored in parts).

How it works

Private key storage and protection

The private key is stored in the EEPROM (NVS when using ESP chips) of the microcontroller and never leaves it. There are two storage modes

1. The key is stored as is. In this case, if the device is stolen, it is technically possible to physically open the chip and read the key.
2. The key is encrypted in a crypto-resistant way based on the secret (Encryption Password) stored on the bound host. This password is generated by the host when initializing the wallet and is never entered manually.

All cryptographic operations with the key are performed inside the chip. Thus, even if the computer is under the control of a malefactor, the interception of a private key becomes complicated.

In addition, the chip stores a PIN (short string of letters and numbers, 4 or more characters are recommended).

To access sensitive information, the device must be given the correct PIN The private key is set when initializing the wallet with the SetPrivateKey() command. As a second parameter, a second private key can be passed to this function for using in the PD scheme.

The data exchange with the host

The openHW device is controlled by the host by sending text commands. This can be done via a serial port, via USB (USB serial port), if the board has a Bluetooth module and this function is supported in the firmware - via a Bluetooth connection. Commands and data can be ended by line feed characters or be send as a unbreakable stream.

The device responds with strings ending with \n This is either a data string (with an answer to a request) or a string starting with one of the signatures: "OK: " (success), "ERROR: " (error), "PIN: " (PIN request), "PASSWORD: " (Password request), "BUTTON: " (a request of pressing of the device's hardware button) More detailed information on the commands can be obtained by sending the command "help" to the device The default port speed is 115200

Plausible deniability (PD) scheme

In order to protect the user from the violent demand for a PIN code (from criminals or public authorities), a second private key (PD Private Key) and a second PIN code (pin2) support is provided If the criminals force require access to the device, the user disclosures the PD pin (pin 2)

The first time you enter it, the device switches into PD mode. In this mode

• The device can be unlocked by PIN2 and the PD private key will be used
• There is no way to determine that the PIN is a PD-PIN, not a normal PIN. The behavior of the device is identical to normal.
• The correct pin must be entered no earlier than five days after the power is supplied to the device in order for the device to switch into the standard mode. If the correct PIN is entered earlier, the device reacts to it as if it was an erroneous.

For complete reliability we recommend to create a fake activity on the PD address - to transfer coins to it, to create some digital assets.

Do not disclose the fact of PD scheme usage to your friends, partners and loved ones for their own protection and your safety.

WARNINGS

1. No chip guarantees the security of your data when it is stolen. The system uses a PIN code that is strong enough to protect the data (if the instructions are followed) in case the chip is not physically opened. However, any chip can be hacked with special equipment and the data can be read. All existing devices on the market are exposed to this vulnerability. The only difference is the complexity of their hacking. Using a password (in addition to the pin, computer + device mode) solves the problem in many ways, but creates the risk of losing access to your data if your computer is damaged

2. Chips that are most vulnerable to physical hacking Protecting the memory of some chips at the moment can be easily hacked by physically exposing the chip (costs around USD$1000 with 50% chance of success) Storing your private keys on these chips is comparable in security to storing paper with a password in a locked box. If this chip is stolen, all assets should be immediately transferred to another private key and the old one should not be used. Below is a list of unsafe chips: Atmel Atmega*** STM32F1xx STMicroelectronics STR7xxxxx

Chips that are not known to be unsafe at the time of writing this document: ESP32 ESP8256

How to compile

First, you should purchase any board with an avr/stm/esp chip board supported by the Ardiuno development environment. It can be implemented as a USB token, a separate board or otherwise. I recommend using ESP chips (esp32, esp8266) It will be easier if you choose a board on which the firmware has already been tested. The list is given at the beginning of the main firmware file openHW.ino In this case you just need to uncomment (remove "//" from the beginnig) on the line corresponding to your board. For example, if you purchase a Heltec WiFi Kit 32 board (https://heltec.org/project/wifi-kit-32/) you will need to change line "//#define board_Heltec_WiFi_Kit_32" to "#define board_Heltec_WiFi_Kit_32", removing firts two symbols

this test is also repeated in openHW.ino file

1. Intall Ardino board framework https://www.arduino.cc/en/Main/Software
2. Install additional libraries for you board: Go to File > Preferences : Enter library json URL into the “Additional Board Manager URLs” and click "ok"

• arduino (or compatible board): do not need to intall additional libraries
• esp8266: http://arduino.esp8266.com/stable/package_esp8266com_index.json
• esp32 (Heltek web kit) : https://dl.espressif.com/dl/package_esp32_index.json
• etc (see your board manual) if you wish to work with different boadrs, you can set mutily urls like https://dl.espressif.com/dl/package_esp32_index.json, http://arduino.esp8266.com/stable/package_esp8266com_index.json

3. install micro-ecc library: go to Sketch=>Include Library=>Manage Libraries; find uECC library and install it
4. Perform additional steps (you should restart arduino application after the changes): ---For AVR (Arduino UNO, etc):--- A.1. change #define uECC_SUPPORT_COMPRESSED_POINT 1 to #define uECC_SUPPORT_COMPRESSED_POINT 0 in uECC.h A.2. make modification to the board's setting