How to securely transact on the Nano network using an offline device

Nano | 01.12| 211

A Nano wallet and its accounts are protected with a seed that controls a set of private keys. The level of security for the corresponding funds is determined by how secure the seed or keys are stored. There are many different approaches to storing these critical hexadecimal strings, including; password managers, hardware wallets, or written on paper and stored securely — The security implications of each method are explained in detail in this article.

Nano Wallets — Security and Convenience

Offline storage is widely considered one of the most secure methods of protecting private keys. But how can we use these private keys to transact on an online network like Nano without exposing them? That’s where off-chain/offline-signing comes into play!

Offline-signing a very secure way of performing transactions because the data that is entering and leaving the offline device is nonsensitive and cannot be altered to compromise the funds.

This guide will help you create transactions with an online device, sign the transaction with a private key from an offline device, and then publish the block to the Nano network. I will use KeyTools, a set of secure web tools made for precisely that purpose. The website can be downloaded and used on any offline javascript enabled device.

Block Variants and Method

A Nano transaction comes in one of four different flavors. The block itself is always constructed in the same way as a “State Block,” but the input parameters will slightly differ. The webtool is designed to make this process both easy and flexible for the user, though it may seem a bit daunting at first.

  1. Open: The first transaction of an account
  2. Send: When funds are deducted from a Nano account
  3. Receive: When funds are added to a Nano account
  4. Change: When the representative is changed. (Note: this function can be performed with 1,2 or 3, but in the case of a dedicated Change block, zero Nano is transferred.)

In all cases, input data is retrieved from the network either manually via a block explorer or by direct network requests. The block is created from that data, which results in a Block Hash. The Block Hash sent to the offline machine (browser to the right side in the videos) where it’s signed, and a Signature is returned to finalize the block. It can then be published to the network as a valid transaction.

To send data securely to and from the offline machine, QR codes are used together with a webcam. It’s also possible to use an audio signal, which is shown in the last video.

Block Parameters

  • Address: Also called Account, is the Public ID where funds are sent To/From.
  • Previous Hash: Usually, the latest recorded block, called Frontier, in the account’s chain and describes the latest known balance. This block always comes before the one you are creating.
  • Pending Hash: Also called Delivered Hash. It’s a block that has been sent but not yet received by the final account.
  • Representative: The account address that does the delegated voting.
  • Current Balance: The balance reported by the Frontier or by the block that comes before the one you are creating.
  • Amount: Value to be Sent or Received.

Video Tutorial

Audio Transfer

If you don’t have a webcam for the offline machine, there is also the possibility of transferring data using audio and speaker/mic via the Audio Messenger tool.

Ledger Hardware Wallet

If you own a Ledger you can use this guide as a last resort recovery procedure as well. Just import the mnemonic passphrase and extract the private keys using the Key Converter in an offline state, then continue with any of the methods above. More info in this article.

How to securely transact on the Nano network using an offline device was originally published in Nano on Medium, where people are continuing the conversation by highlighting and responding to this story.

Comment 0


Are you sure you want to delete this post?