I don't see how a connection to Hive from the machine you interact with could be considered airgapped. Using the QR codes you refer to could limit the connection, but there has to be a connection for the Pi to reach from your machine to Hive.
You are viewing a single comment's thread from:
The definition of an airgap is "limit the connection" by transferring data through the air.
There are QR codes on both sides.
QR code input
QR code output
Airgapped on both sides.
I've already performed this operation by hand when changing my recovery account signed by owner key.
Which was a complete pain in the ass but it worked.
I can also be done using a flash drive; still technically airgapped but not as secure as a raw QR code.
If the QR code is able to be output to the internet by the Pi, doesn't the Pi have to have an internet connection? Such connection would entail other data transferred to and from the Pi, if I'm not mistaken. While there would be an airgap between the source of the QR code and the Pi, since no other connection to it, nor to the internet, would be necessary, the Pi itself wouldn't be airgapped, right?
Edit: depending on how the QR code was provided to the Pi. I guess the Pi wouldn't necessarily have a camera to get the QR code, and then might not be airgapped from the source of the QR code. Seems to me the USB, however, would be a mechanism to airgap between the source of the data and the Pi, with only the USB drive connecting the source of the data and the Pi.
Alright well firstly the PI doesn't need an input QR code unless it needs information from the blockchain/Internet.
For example hardware wallets don't have internet access and have no idea how much crypto they are securing.
All a hardware wallet can do is sign a public operation with the private key (blindly).
On Hive there are variables to make sure you can't post to multiple chains at once so you need to know a valid
ref_block_num&ref_block_referencewhich act as a reference to the current chain you are posting on. Theref_block_numresets every 2^16 (65,536) blocks so you have to pick a reference that is at most 54.6 hours old otherwise it will not be valid by definition and the nature of the 16-bit overflow mechanic.All this being said if you want airgapped communications and already know your partner's public key for encrypting messages then you don't need additional info from the interwebs. Again all these values can be input by hand, the QR code scanning is just an extreme convenience to avoid needing to type hundreds of characters flawlessly. In a way doing it by hand makes your brain the airgap rather than the QR code.
Output QR code:
The QR code that the PI creates to broadcast to the Internet is scanned by a phone.
The phone piggyback then broadcasts that message to the interwebs.
You can manually read all the data that goes in or out of the PI before it gets exposed.
All outbound transactions have already been encrypted by the private key.
Remember that the main reason to do all of this is to protect the private key.
As long as the key can't get leaked by outbound and the device functions as intended we're good.
My linux experience in a nutshell. LOL
The necessity for all this is disheartening, but I have no suspicion it isn't necessary. I have exposed my keys once, and lost 400 Hive for it. I appreciate your detailed explanation and the kind consideration that is behind it.