krux icon indicating copy to clipboard operation
krux copied to clipboard
verified publisher icon selfcustody

[Enhancement] Passphrase QR Code scan process can detect and decode Encrypted QR Code

Open comassky opened this issue 10 months ago • 2 comments

Hi Krux !

I love the mechanics of scanning an encrypted qr code that asks for the decryption key.

This process is requested when the mnemonic loading via QRCode feature is used.

I realized that passphrase scanning doesn't use this “if qr code encrypted, then I propose to decrypt it via keyboard or qr code” mechanic.

Is it possible to apply this to passphrase scanning?

This would allow you to store your passphrase in encrypted form.

In my opinion, this is a gain in terms of usage (especially since the process is already in place for loading wallets).

comassky avatar Mar 05 '25 13:03 comassky

For me it is strange this kind of request because:

  • Encrypted mnemonics gives you the ability to use a password
  • The mnemonic gives you the ability to use a passphrase

So you will use a password, then another password to get the passphrase... we could do this multiple times too, but what is the use case? If you want the passphrase in encrypted form, the password will not be plain text? Using the password to decode this passphrase for me is the same as using this password as the passphrase itself.

To be crystal celar, what we gain from password to decrypt a -> password to decrypt a -> password to decrypt a -> password to decrypt a -> passphrase ? Would it not be the same of a password to decrypt a -> password to decrypt a -> password to decrypt a -> password to decrypt a -> mnemonic ? Why you need Krux to do that? why is that better than a strong password?

tadeubas avatar Mar 10 '25 17:03 tadeubas

The use case is :

Use Encrypted QR Code BIP39 12 words as BIP39 24 words passphrase.

A 12-word passphrase is a very secure passphrase

To cut a long story short, I create a BIP39 12 Word (which will be my passphrase), which I store as an Encrypted QR Code A with password A1.

I create a BIP39 24 Word (which will be my wallet), which I store as an encrypted QR code called B with password B1.

To use my real wallet, i need B + passphrase A sooo :

  • Scan B, decode with B1,
  • Ask to add a passphrase
  • Scan A, then decode with A1.

I end up with my wallet B + passphrase A

comassky avatar Mar 10 '25 18:03 comassky

IMO this issue can be closed as I've tested here an encrypted QR code as passphrase (needing you to type the key) is working on Version 25.09.0

tadeubas avatar Oct 27 '25 14:10 tadeubas

Hello,

Thanks for the feedback. I just tested it, and it partially solves the issue.

It is indeed possible to scan an encrypted QR code seed into a passphrase, but the passphrase entered is not seen as a seed (12 or 24 words); it is “raw” data.

I get the impression that the QR code is not being interpreted fully.

I would like that when scanning a Seed QR Encrypted by Krux as a passphrase, the recovered passphrase be 12 or 24 words separated by a space.

comassky avatar Oct 28 '25 09:10 comassky

Indeed, if you were to use a normal krux encrypted-mnemonic QR as your passphrase, then the resulting plaintext will NOT be a string of 12 words separated by spaces, it will rather be 16 bytes of binary data (exactly like a compact SeedQR which represents bip39 entropy bytes).

In order to achieve the result you're looking for, you would need to use Datum Tool (in tools before loading mnemonic).

  • Datum Tool
  • Via Manual Input: enter your 12 word mnemonic with lowercase letters and one space between each word, then hit Go
  • or if you have a 2nd krux, load your passphrase mnemonic in one, backup mnemonic as Plaintext QR (so you get the words spelled-out) and load that into second krux's DatumTool - Via QR.
  • Convert Datum
  • from UTF-8 (you're changing the long string of text into bytes)
  • Encrypt (and follow instructions: AES-GCM is a sane default but any version would work (the "+c" versions use compression so maybe play?), use a strong key, edit the ID to something other than "Custom Text")
  • to base43 (this will setup for the most compact QR, but it will be big... 12 words are much bigger than 16 bytes)
  • Done Converting
  • QR Code

I'm honestly not sure how big the resulting QR will be.

In theory, it's totally possible to just assume that the bytes of plaintext that are decrypted when in "bip39 passphrase" context, as long as they are 16 or 32 bytes... should be expanded-out so they are interpretted as a bip39 mnemonic, but also please understand how hazardous this assumption would be: Anyone choosing a 16 char or 32 char passphrase... which arrives looking like 16 or 32 ascii bytes... would be expanded into a mnemonic while that's not always a safe assumption to make (without special UI that asks user "Expand these bytes to a valid BIP39 mnemonic in english?"). The way it is now... where plaintext bytes are simply the plaintext bytes... displayed in utf-8 as a string if they make sense else the plaintext bytes is the only safe assumption that can be made in this context. And it works (though it creates arguably ginormous QRs to transcribe). There are templates as big as 37x37 https://selfcustody.github.io/krux/getting-started/templates/templates/)

jdlcdl avatar Oct 28 '25 09:10 jdlcdl

This use case / tests made me think we should raise an error for decrypted passphrases in case its data is not within ascii range.

odudex avatar Oct 28 '25 10:10 odudex

Is it not possible to add a marker to the encrypted QR code seed so that when the passphrase is read and decoded, it indicates that it should be treated as a seed and not as raw data?

I am referring to seeds stored via Krux encrypted QR codes and read in seed format (12/24 words) as a passphrase.

The idea is to be able to store two seeds (one main seed and one used as a passphrase) in two encrypted QR codes.

Maybe an option "Read QR Encrypted code as seed" ?

comassky avatar Oct 28 '25 11:10 comassky

Is it not possible to add a marker to the encrypted QR code seed so that when the passphrase is read and decoded, it indicates that it should be treated as a seed and not as raw data?

I am referring to seeds stored via Krux encrypted QR codes and read in seed format (12/24 words) as a passphrase.

The idea is to be able to store two seeds (one main seed and one used as a passphrase) in two encrypted QR codes.

Maybe an option "Read QR Encrypted code as seed" ?

Assumptions are always a danger territory, we have to think this carefully.

odudex avatar Oct 28 '25 11:10 odudex

As encrypted mnemonic QR codes store entropy bytes rather than plaintext mnemonic words, we decided it was more prudent to display an error in this case starting from release 25.10.1. To improve setup compatibility, we also tightened the validation of scanned passphrases to accept only ASCII characters, preventing unexpected behavior that could occur with atypical symbols.

As a workaround to achieve your goal, you could use two Krux devices.

  • Export mnemonic as a plaintext QR using one device
  • Import the plaintext mnemonic QR code in Datum, using a second Krux device
  • Convert the text from utf-8 to bytes
  • Encrypt the mnemonic text bytes
  • Convert to base43 (will result in a more compact QR code)
  • Export as QR code. The result could be used as a "encrypted mnemonic passphrase QR code"

odudex avatar Oct 30 '25 16:10 odudex

In other words, reading an encrypted QR code from Krux as a passphrase automatically won’t work. This is because Krux encrypts data in the most compact form possible - raw bytes, not the mnemonic string.

If you don’t want to deal with two separate QR codes (one for the mnemonic and another for the passphrase), you’ll need two devices: one to load the mnemonic and export it as a plaintext QR, and another to load its own mnemonic and import that plaintext QR as the passphrase.

tadeubas avatar Oct 30 '25 17:10 tadeubas