Bitcoin.org
Bitcoin.org copied to clipboard
bitcoin-dot-org
Introducing AirGap Wallet and AirGap Vault
Hi all. My name is Andreas Gassmann and I'm the lead developer of AirGap Wallet.
I want to quickly introduce our wallet and have some discussions before making an official request for listing on bitcoin.org via PR following this guide.
AirGap Wallet is a cryptocurrency wallet developed by Papers AG. We are an independent software company based in Switzerland.
The AirGap project has been around for over four years and has a community that grows day by day because it provides a unique kind of solution that provides a high level of security. To explain it in one sentence, our solution turns a spare phone into a cold / hardware wallet.
Our project consists of two apps, the AirGap Vault, and the AirGap Wallet. Both apps are completely open source, free to use and AirGap Vault is also rated "reproducible" on WalletScrutiny.
The AirGap Vault app does not connect to any network and is completely offline at all times. It is responsible for secure private key generation, storage, and air-gapped transaction signing. The Vault should be installed on a dedicated device with no internet access or connection. The only way for the Vault to communicate with the outside world is through scanning and displaying QR codes. This approach is very secure because it's a transparent and one-way communication channel.
The AirGap Wallet app is a companion app to the Vault that shows account balances, creates transactions, and broadcasts them to the network. The AirGap Wallet is installed on an everyday smartphone, and in contrast to the Vault, the device has access to the internet. AirGap Wallet only has access to public information, the Vault never shares any private information.
Recently, we’ve started making the AirGap Vault more interoperable. We have added support for bc-ur, which allows the Vault to be used with a variety of Bitcoin wallets, such as BlueWallet or Sparrow Wallet, while keeping your private keys completely air-gapped.
We are excited to share our wallet with you in the hopes that you will find it to be something that is both innovative and worthy of being listed on Bitcoin.org. If you have any criticisms, questions, or suggestions for improvements that you would like us to answer, please let us know. Before we open an official issue to get listed, we would appreciate it if you could provide us with your feedback.
@AndreasGassmann Thanks for the information.
I glanced over the web page and the repos and I can confirm that this is the type of wallet that is eligible for listing.
I would suggest that your next step is to very carefully go over each of the submission criteria and be sure that all of the criteria are met. If you need additional information or clarifications, please feel free to ask for them here. Many items are tersely worded, so please feel welcome to ask for clarifications or information on intent. Once that is complete, please submit a PR. You may want to include notes here or in the PR about how you feel you satisfy the criteria, particularly ones that may not be obvious. That is definitely not required, but can speed up a review. Again, please do not hesitate to ask for guidance here.
As you probably know, all the work here is done by community volunteers, including reviews, which can take some time to complete depending on resources available at the time.
Thank you for the prompt response.
We are aware that the work here is done by community volunteers and that the process might take some time and is quite thorough. We're happy to invest time from our side to assist you as much as we can in the process.
Before we submit a PR, I would like to discuss how, or which app, we should be listing. Our apps are different to traditional apps. For example, "AirGap Wallet" does not hold any private data, so some don't even consider it a wallet (because a "wallet" commonly refers to an app that can sign transactions, etc.). In our case, the "AirGap Wallet" app is more like a portfolio app with some more extended features like being able to prepare transactions, but it can never be used to manage funds without a companion app like AirGap Vault.
On the other hand, AirGap Vault can be categorised like a hardware wallet. For example, the criteria of having changing receiving addresses in AirGap Vault can obviously not be satisfied because it isn't aware of what happens on the blockchain.
The focus of our project is the AirGap Vault. We want to give users an alternative to traditional hardware wallets. One that isn't tied to a specific hardware vendor and provides more flexibility for people in problematic situations or countries.
What would you suggest we do. Should we, in a first step, submit only AirGap Vault and position it in the "Hardware Wallet" section? To use AirGap Vault, AirGap Wallet is not required. It can be used with other Bitcoin wallets like BlueWallet, Sparrow, Specter and others (the ones that support the bc-ur standard). So in that sense, it is similar to a Ledger or a Trezor.
In a second step we could then add "AirGap Wallet" to the traditional list of wallets.
Let me know what you think about this.
EDIT: AirGap Knox is a business focussed version of AirGap that has some more advanced features, mainly related to easily signing multiple transactions.
Thanks for explaining that your focus is on AirGap Vault. I now better understand the direction of your issue.
Above, I was thinking about a current (software) wallet listing, Bither, which is similar in that it has an online (hot) component and an offline (cold) component (but both components are contained in a single app). I haven't gone much past a simple launch of AirGap, but I noticed it prompts one to download the companion app which led me to believe we could list one of the apps, similarly to Bither, and the user would be prompted to download the other. I assumed we could review them as a package. As an aside, there have been discussions in the past about whether hardware wallets should be reviewed with software wallets as a pair, but that was during a time when some hardware wallets were only compatible with a single software wallet and while I was leaning toward that at one point with enhanced compatibility these days, I'm not sure that is necessary any longer.
We've struggled with terminology in the past that most "hardware wallets" are not really wallets, but rather a combination key store and signing engine. (Perhaps the notable exception is the Case hardware wallet which has been discontinued.) In the past we've chosen to continue using the "hardware wallet" nomenclature to be consistent with developers and the market. Here are some things, both organizational and conceptual, we have to consider if we list AirGap Vault as a hardware wallet:
- An artifact of our current listing hierarchy is that "hardware" is a sibling to "mobile" and "desktop" and does not have an attribute for listing an OS selection.
- Related to the first point, there is no separate download link for different operating systems for hardware devices.
- The risk profile and attack surface is somewhat different from what people are traditionally taught about hardware wallets.
- There may be current hardware listing criteria such as protecting seeds from unsigned code and code downgrades which are not possible to determine because it would depend on user selection of hardware and OS and thus could fail the criteria.
I see two options here for submitting AirGap:
- Submit it as a regular wallet and review both apps together as a package.
- Submit it as a hardware wallet and deal with the issues above somehow (right now, I'm not sure how to get around the criteria issue).
A longer term solution could be
- Create another category of DIY signing devices which could include the likes of SeedSigner and Specter-DIY.
In the past, there has been reluctance to create new categories.
What do you think? I'm on the fence about this. I would definitely appreciate some input from the community.
We have internally discussed this issue and came to the following conclusion:
Option 1. wouldn't be ideal because the strength of our solution lies with the Vault and the interoperability with other wallets, so the two should be separated.
Ideally, we would find a way to add AirGap Vault to the "Hardware Wallet" category. It seems that the only criteria that isn't compatible with our app is the "run unsigned / can downgrade firmware" category, because those depend on the OS that is used. Regarding the different OSs that we support, that may not be a limiting factor. If we leave the technical differences of the OSs aside, a user that visits the "Hardware Wallet" category will most likely have to acquire new hardware once he decides which solution fits him best. In the case of AirGap Vault, that would then simply be a new phone.
Creating a new category for "DIY signing devices" might also be an option. However, the "DIY" in the category name might sound intimidating to some people. Comparing AirGap Vault with a project like SeedSigner or Specter-DIY, they are on a very different level skill wise (buying a phone vs. building your own device with a RaspberryPi), so we'd have to think about how that can be explained to the user. You mentioned previously that the term "hardware wallet" may not be the best, so this category could potentially have another name, like "Cold Wallets", "Hardware Signers" or something along those lines.
While we discuss the category that AirGap fits into, we will already submit AirGap Vault for the Hardware Wallet category. During the review we will see how many issues pop up, which will help us make a decision in this discussion. And even if the review in the current Hardware Wallet category fails, I assume we'll be able to carry over most parts of the review to the new category if we decide to create one.
I see one more short term option in addition the two I presented above:
- Submit the Vault (alone) with other (non-hardware) wallets and accept the fact that there may be criteria that are not applicable
This would list the wallet under the correct OS and artifacts such as download links would be consistent with other listings. Doing this seems like it might be more appropriate given that current listings such as Bither, Sparrow, and Specter are capable of performing in a similar mode to the Vault. There will be (what we call internally in the submission) scores (which are exposed as "criteria" to users on the site) which will be "Not applicable" as they are for hardware wallets, and I think that's OK.
I haven't exhaustively tested all my assumptions listing this way, but I think it will work best and i'm willing to give it a try if you want. As always, input from the community is welcome and is solicited.
I think that idea makes sense. I'm assuming that once the Vault has been tested and is hopefully approved, changing its category later on might not be that much work because only the "new" criteria would have to be evaluated.
So we will probably move forward with one pair, eg. Sparrow + AirGap Vault and then see how that goes. Does that sound like a plan?
OK. I'll look at the Vault with multiple coordinators. Is there any reason not to include AirGap Wallet in the list? The review will only depend on the Vault.
There is no reason for why AirGap Wallet shouldn't be in the list. I left it out because I know that there is one criteria that would not pass a review (changing receiving addresses in AirGap Wallet). But if the review will only depend on the Vault, then nothing speaks against including it.
I've attempted to use AirGap Vault and I have reported some observations and a few bugs to the team.
The next step after resolving those issues should be to submit a PR as described here. I would suggest starting with an entry of another software wallet that supports similar platforms as AirGap Vault and editing the features appropriately, and then setting Validation, Privacy, and Fees to the same scores as a hardware wallet. In the (fairly short) Description I believe it would be good to mention that AirGap Vault works in conjunction with a companion app. You might want to list companion apps that are listed on bitcoin.org or mention "like a hardware wallet."
