this post was submitted on 13 Jan 2025
15 points (77.8% liked)

Colibri Wallet

42 readers
6 users here now

Colibri is a free and open source DIY project, with the goal to enable everyone with $5 and access to a laptop and Internet™ to create their own secure crypto hardware wallet, using off-the-shelf ESP32 hardware development boards.

Head over to colibri.diy to find build instructions and more information!

founded 1 month ago
MODERATORS
 

Just released v0.0.3 of colibri.diy - new features include Ethereum transaction signing and basic Bitcoin support <3

Now working on a companion webapp to ease device setup, and the first 3rd-party wallet integration. Please let me know what you think!

you are viewing a single comment's thread
view the rest of the comments
[–] onlinepersona 2 points 1 week ago (4 children)

Hmmm, not a single picture of what it looks like.

Anti Commercial-AI license

[–] xtools 6 points 1 week ago* (last edited 1 week ago) (3 children)

yeah since its still in the pre-release stage, i'm focusing on the firmware and docs for the moment. i've started working on a webapp for device setup too, which will ultimately double as landing- and docs-page, and will become more visual.

here is a picture of various ESP32 dev-boards from my desk, any of these would work:

[–] onlinepersona 3 points 1 week ago (2 children)

Could you explain how this hardware wallet works? Doesn't it need to save a private key that provides access to your crypto account? How does it output it? Specifically, what is the flow?

From the description, the (correct) assumption is that nothing is unhackable. So I'm assuming the private key is somehow encrypted by a password/passcode. That means either it has to be decrypted on the hardware wallet itself and somehow presented to the user unenecrypted (QR-code, drops a text file over some protocol, provides a webinterface accessible over the local network, ...), or it's simply dumb storage like an SSD - which would make me question its utility.

As somebody who knows about crypto, but never saw owned nor got the idea of hardware wallets (paper wallets make sense though), what exactly is this?

Anti Commercial-AI license

[–] xtools 4 points 1 week ago* (last edited 1 week ago)

I appreciate the curiosity :) Let me answer your first and last question first: A hardware wallet acts as a store for your keys, with the premise that they cannot and will never be extracted from said device. A "software wallet" or app (like Metamask) which runs on a phone/PC might be exposed to vulnerabilities of the underlying operating system or environment. Your PC might be exploited, and someone steals the keys stored in the app you're using to sign, or injects bogus input into the signing process, etc.

In contrast to that, a hardware wallet is only sent the data to sign, returns the signature, and never exposes the keys to anything connected to it. In the case of Colibri, it has a BLE interface and you can pair your PC or phone, then send commands in JSON-RPC format. Sensitive commands (like signing) require approval on the device, by pushing a physical button.

Ideally, this process is integrated into a software wallet, to have a GUI to prepare and send your transactions, and double-check and sign them on the hardware wallet - I'm working on a proof of concept integration via a MyEtherWallet.com fork for this.

So the flow would be something like

  • Connect hw wallet to PC/phone
  • Set up hw wallet: set a password, add or generate keys
  • Connect hw wallet to wallet app
  • Unlock the hw wallet with your password
  • Prepare transaction data in app, and send it to hw wallet
  • Approve request on hw wallet; sign data and return signature to app
  • App broadcasts signed transaction to the blockchain
load more comments (1 replies)
load more comments (1 replies)
load more comments (1 replies)