mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2024-11-19 09:54:16 +01:00
Code Issues Projects Releases Wiki Activity

README: move hsm_secret encryption infos into a dedicated part

Browse Source 
And tell about decryption/encryption with hsmtool
This commit is contained in:
darosior 2019-10-22 12:40:48 +02:00 committed by Rusty Russell
parent f97d548582
commit c61b60b8fb
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -12,6 +12,7 @@ c-lightning is a lighweight, highly customizable and [standard compliant][std] i
* [Configuration File](#configuration-file)
* [Further Information](#further-information)
* [Pruning](#pruning)
* [HD wallet encryption](#hd-wallet-encryption)
* [Developers](#developers)
## Project Status
@ -102,8 +103,6 @@ Once you've started for the first time, there's a script called
`contrib/bootstrap-node.sh` which will connect you to other nodes on
the lightning network.
You can encrypt the BIP32 root seed (what is stored in `hsm_secret`) by passing the `--encrypted-hsm` startup argument. You can start `lightningd` with `--encrypted-hsm` on an already existing `lightning-dir` (with a not encrypted `hsm_secret`). If you pass that option, you __will not__ be able to start `lightningd` (with the same wallet) again without the password, so please beware with your password management. Also beware of not feeling too safe with an encrypted `hsm_secret`: unlike for `bitcoind` where the wallet encryption can restrict the usage of some RPC command, `lightningd` always need to access keys from the wallet which is thus __not locked__ (yet), even with an encrypted BIP32 master seed.
There are also numerous plugins available for c-lightning which add
capabilities: in particular there's a collection at:
@ -112,6 +111,9 @@ capabilities: in particular there's a collection at:
Including [helpme][helpme-github] which guides you through setting up
your first channels and customizing your node.
For a less reckless experience, you can encrypt the HD wallet seed:
see [HD wallet encryption](#hd-wallet-encryption).
You can also chat to other users at [#c-lightning @ freenode.net][irc2];
we are always happy to help you get started!
@ -202,6 +204,12 @@ If `bitcoind` prunes a block that c-lightning has not processed yet, e.g., c-lig
In order to avoid this situation you should be monitoring the gap between c-lightning's blockheight using `lightning-cli getinfo` and `bitcoind`'s blockheight using `bitcoin-cli getblockchaininfo`.
If the two blockheights drift apart it might be necessary to intervene.
### HD wallet encryption
You can encrypt the `hsm_secret` content (which is used to derive the HD wallet's master key) by passing the `--encrypted-hsm` startup argument, or by using the `hsmtool` (which you can find in the `tool/` directory at the root of this repo) with the `encrypt` method. You can unencrypt an encrypted `hsm_secret` using the `hsmtool` with the `decrypt` method.
If you encrypt your `hsm_secret`, you will have to pass the `--encrypted-hsm` startup option to `lightningd`. Once your `hsm_secret` is encrypted, you __will not__ be able to access your funds without your password, so please beware with your password management. Also beware of not feeling too safe with an encrypted `hsm_secret`: unlike for `bitcoind` where the wallet encryption can restrict the usage of some RPC command, `lightningd` always need to access keys from the wallet which is thus __not locked__ (yet), even with an encrypted BIP32 master seed.
### Developers
Developers wishing to contribute should start with the developer guide [here](doc/HACKING.md).