this post was submitted on 13 Jan 2025
15 points (80.0% liked)

Colibri Wallet

39 readers
2 users here now

Colibri is a free and open source DIY project, with the goal to enable everyone with $5 and access to a laptop and Internet™ to create their own secure crypto hardware wallet, using off-the-shelf ESP32 hardware development boards.

Head over to colibri.diy to find build instructions and more information!

founded 4 weeks ago
MODERATORS
 

Just released v0.0.3 of colibri.diy - new features include Ethereum transaction signing and basic Bitcoin support <3

Now working on a companion webapp to ease device setup, and the first 3rd-party wallet integration. Please let me know what you think!

you are viewing a single comment's thread
view the rest of the comments
[–] onlinepersona@programming.dev 2 points 2 days ago (4 children)

Hmmm, not a single picture of what it looks like.

Anti Commercial-AI license

[–] xtools@programming.dev 6 points 2 days ago* (last edited 2 days ago) (3 children)

yeah since its still in the pre-release stage, i'm focusing on the firmware and docs for the moment. i've started working on a webapp for device setup too, which will ultimately double as landing- and docs-page, and will become more visual.

here is a picture of various ESP32 dev-boards from my desk, any of these would work:

[–] onlinepersona@programming.dev 3 points 2 days ago (2 children)

Could you explain how this hardware wallet works? Doesn't it need to save a private key that provides access to your crypto account? How does it output it? Specifically, what is the flow?

From the description, the (correct) assumption is that nothing is unhackable. So I'm assuming the private key is somehow encrypted by a password/passcode. That means either it has to be decrypted on the hardware wallet itself and somehow presented to the user unenecrypted (QR-code, drops a text file over some protocol, provides a webinterface accessible over the local network, ...), or it's simply dumb storage like an SSD - which would make me question its utility.

As somebody who knows about crypto, but never saw owned nor got the idea of hardware wallets (paper wallets make sense though), what exactly is this?

Anti Commercial-AI license

[–] xtools@programming.dev 4 points 2 days ago* (last edited 2 days ago)

Regarding encryption, I'm gonna write up a security-doc that goes into more detail, but in a nutshell yes, keys are encrypted using your password (see also here in the build instructions). Your password is salted and hashed and turned into a 256bit key. The ESP32 has a hardware AES module on board, and encrypts your crypto keys with AES-256 CFB128 before storing them. The password itself is not stored on the device. Currently you'd need to send the pw via RPC command to unlock the wallet, in the future you'll be able to input it on the device directly (display- and GUI-integrations are planned for 0.2.x).

After setting a pw, you can either add your existing keys, or generate new ones on-device (ESP32 comes with hardware TRNG capabilities). In the latter case, they're returned to you once in the RPC response so you can back them up, in the future you'll be able to show them on the display instead.

load more comments (1 replies)
load more comments (1 replies)
load more comments (1 replies)