FullyNoded

Self sovereign, secure, powerful, easy to use wallet that utilizes your own node as a backend. Powered by PSBT's and descriptors. Acts as an offline signer using your node as a watch-only wallet. C-Lightning compatible for instant, unfairly cheap payments.

View on GitHub

Tor V3 Authentication

THIS IS OPTIONAL It ensures that even if an attacker got your rpcport hidden service’s hostname and bitcoin.conf rpc creds (the quick connect QR) they would still not be able to access your node. For an explainer on how this generally works read this

Preparatory work:

First get your connection going. Resolve the connection issue first then add the keypair, to keep things simple. Some double checks ( A more extensive guide here).

On your device running node
On your device running FN

How to add extra security by adding a V3 Auth Keypair to a already established (Tor Hidden Services) connection?

The easy way:

From scratch:

Install python3, pip3, virtualenv and then run the following commands in a terminal (do this on any machine):

virtualenv -p python3 ENV
source ENV/bin/activate
pip install pynacl
sudo nano createKeys.py
#!/usr/bin/env python3
import base64
try:
    import nacl.public
except ImportError:
    print('PyNaCl is required: "pip install pynacl" or similar')
    exit(1)


def key_str(key):
    # bytes to base 32
    key_bytes = bytes(key)
    key_b32 = base64.b32encode(key_bytes)
    # strip trailing ====
    assert key_b32[-4:] == b'===='
    key_b32 = key_b32[:-4]
    # change from b'ASDF' to ASDF
    s = key_b32.decode('utf-8')
    return s


def main():
    priv_key = nacl.public.PrivateKey.generate()
    pub_key = priv_key.public_key
    print('public:  %s' % key_str(pub_key))
    print('private: %s' % key_str(priv_key))


if __name__ == '__main__':
    exit(main())

use ctrl-x to quit, y to save and return to exit nano

Then simply run:

python3 createKeys.py

and it returns your key pair:

public:  PHK2DFSCNNJ75U3GUA3SHCVEGPEJMZAPEKQGL5YLVM2GV6NORB6Q
private: DARUBG4CIQ4FMPTGUOE36P7DYCKHRBCCNPU5QWCSYBFPWBCA5RCQ

The private key is for Fully Noded (paste it or scan it as a QR code when you add your node). The public key is for your servers authorized_clients directory.

To be saved in a file called fullynoded.auth

Go to your hidden services driectory that you added to your torrc (/var/lib/tor/theNodlTorDirectoryName/authorized_clients/fullynoded.auth):

HiddenServiceDir /var/lib/tor/FullyNodedV3/  (**theNodlTorDirectoryName** is FullyNodedV3 in this example)

Open the example file:

sudo nano /var/lib/tor/FullyNodedV3/authorized_clients/fullynoded.auth

and paste in:

descriptor:x25519:PHK2DFSCNNJ75U3GUA3SHCVEGPEJMZAPEKQGL5YLVM2GV6NORB6Q

No space, no newline.
Save and exit and you have one of the most secure node/light client set ups possible. (assuming your server is firewalled off)