Skip to content

Commit

Permalink
Document hsm_secret encryption
Browse files Browse the repository at this point in the history
  • Loading branch information
darosior authored and niftynei committed Oct 10, 2019
1 parent 1c27545 commit fac5faa
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Protocol: no longer ask for `initial_routing_sync` (only affects ancient peers).
- Protocol: nodes now announce features in `node_announcement` broadcasts.

- Wallet: we now support the encryption of the BIP32 master seed (a.k.a. `hsm_secret`).

### Changed

- JSON API: `txprepare` now uses `outputs` as parameter other than `destination` and `satoshi`
Expand Down
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ You can start `lightningd` with the following command:
lightningd --network=bitcoin --log-level=debug
```

This creates a `.lightning/` subdirectory in your home directory: see `man -l doc/lightningd.8`.
This creates a `.lightning/` subdirectory in your home directory: see `man -l doc/lightningd.8` (or https://lightning.readthedocs.io/) for more runtime options.

### Using The JSON-RPC Interface

Expand All @@ -102,6 +102,8 @@ Once you've started for the first time, there's a script called
`contrib/bootstrap-node.sh` which will connect you to other nodes on
the lightning network.

You can encrypt the BIP32 root seed (what is stored in `hsm_secret`) by passing the `--encrypted-hsm` startup argument. You can start `lightningd` with `--encrypted-hsm` on an already existing `lightning-dir` (with a not encrypted `hsm_secret`). If you pass that option, you __will not__ be able to start `lightningd` (with the same wallet) again without the password, so please beware with your password management. Also beware of not feeling too safe with an encrypted `hsm_secret`: unlike for `bitcoind` where the wallet encryption can restrict the usage of some RPC command, `lightningd` always need to access keys from the wallet which is thus __not locked__ (yet), even with an encrypted BIP32 master seed.

There are also numerous plugins available for c-lightning which add
capabilities: in particular there's a collection at:

Expand Down

0 comments on commit fac5faa

Please sign in to comment.