Q&A about Fully Noded

Inspired by questions asked on the open Telegram Fully Noded group here and Twitter.

Beware: A Q&A is always work in progress. Tips & help welcome.

Disclaimer

None of the respondents in the open Telegram group have been explicitly named as a source, except for @Fonta1n3. For practical reasons educational images uploaded by Telegram group members have been downloaded to Imgbb, we de-personalised them by giving images a new name. Under these new names these images have been used in the Q&A to clarify the questions and answers.

We've done our best to protect the privacy of the Telegram group members by investigating the images we used. We haven't come across personal identifiable information (pii). However, should we have made a mistake after all, please let us know and we'll correct this immediately.

Explanation of the Q&A

The answers are given by @Fonta1n3. If not than an explicit source is referenced.

Definitions

FN : Fully Noded app
FN2 : Fully Noded 2 app, misnaming because it is a different app than FN. This comparison tries to explain the differences. A new name for FN2 will be invented in the future.
satoshi: 0.000000001 BTC. A satoshi is the smallest unit of a bitcoin, equivalent to 100 millionth of a bitcoin.
UTXO's: Unspend transaction Outputs; UTXO stands for the unspent output from bitcoin transactions. Each bitcoin transaction begins with coins used to balance the ledger. UTXOs are processed continuously and are responsible for beginning and ending each transaction. Confirmation of transaction results in the removal of spent coins from the UTXO database. But a record of the spent coins still exists on the ledger. for newbies: UTXO is unspent bitcoin that you can "see" in your wallet and on the blockchain. It is an address and amount of sathosis. As soon as you spend the money, it won't add to your wallet balance anymore and therefore will only.
signed raw transaction : Wikipage explains it all
psbt: Partially signed bitcoin transactions (PSBTs) Also covering BIP174. Partially Signed Bitcoin Transactions (PSBTs) are a data format that allows wallets and other tools to exchange information about a Bitcoin transaction and the signatures necessary to complete it.
rbf; Replace-By-Fee (RBF) is a node policy that allows an unconfirmed transaction in a mempool to be replaced with a different transaction that spends at least one of the same inputs and which pays a higher transaction fee. For newbies: a transaction that can't get through because of too low fee, can be overridden (replaced) with a higher fee to maybe succeed instead.
pure bitcoin core wallets: traditional bitcoin wallet, that has to be manually backed up, recovered etc using bitcoin-cli. Your node will sign transactions and will hold the private key.
Fully Noded wallets: support BIP39 recovery words, the seed is encrypted and stored on your device not on the node. The node will only ever hold public keys. Your node will build psbt for us that FN will sign (not your Node). Your node verifies the UTXO's
Libwally : an open source library (https://github.com/ElementsProject/libwally-core) used by Fully Noded, (https://github.com/blockchain/libwally-swift/blob/master/README.md) which allows us to utilize BIP39 directly in the app meaning you can easily recover your Fully Noded wallet with Electrum for example. Now when you create a wallet you will get a 12 word recovery phrase (no passphrase by default) to backup and keep safe.
legacy bitcoin address (p2pkh): refers to the accepted common standard to derive non segwit addresses. These addresses always begin with a 1.
bech32 bitcoin address(p2wpkh):BIP49 refers to the accepted common standard of deriving segwit "compatibility" addresses. These addresses begin with a 3.
segwit wrapped bitcoin address (p2sh-p2wpkh) : BIP49 refers to the accepted common standard of deriving segwit "compatibility" addresses. These addresses begin with a 3.
BIP84 keys : BIP84 refers to the accepted common standard of deriving native segwit addresses. These addresses always begin with bc1 - and are referred to bech32 addresses.
Segwit addresses: – Segregated Witness – or SegWit in short – reduced the transaction data’s size to allow for faster transactions, better scalability and decreased fees. Native SegWit (bech32) enhanced this even further and includes even lower fees. Not all exchanges and wallet providers support sending Bitcoin to a Native SegWit address yet, which is why you are presented both options in Ledger Live. Transactions between all 3 address types are possible
keypool : The keypool is a collection of unused addresses in your wallet. The keypool parameter tells the client how many unused addresses to keep in its pool. The original purpose of the keypool is to allow you to backup your wallet file less frequently and still have access to all your funds in the event of a hard drive failure. However since the invention of Hierarchical Deterministic Wallets (HD wallets, BIP32): If you have a HD wallet (check the icon on the bottom-right corner in Bitcoin Core), it doesn't matter. If you've created your wallet in an older version of Bitcoin Core, it's not an HD wallet. If that's the case, your keypool is important for backups: your backup has the same 1000 keys, which means you only need to make a new backup after using many different new addresses. If you would limit the keypool size to 20, you'll quickly run out of addresses, and you need to make new backups very often. That's the reason the keypool was increased from 100 to 1000. An important distinction with regrads to FN and Bitcoin Core is that Bitcoin Core is not able to add multisig addresses to the keypool, therefore we rely on the bitcoin-cli command deriveaddresses to derive multisig addresses on the fly using your multisig descriptors.
Output descriptors: Descriptors are a clever way of importing specific keys into your node from any derivation, for any (or all) address types, single or multi signature, along with a fingerprint so offline psbt signers like a Coldcard and Fully Noded can sign the psbt if they hold the correct seed.
coldcard : a type of hardware wallet to store, send and receive crypto currencies
ledger Nano S/X: types of hardware wallets to store, send and receive crypto currencies
Keepkey : a type of hardware wallet to store, send and receive crypto currencies
Trezor : a type of hardware wallet to store, send and receive crypto currencies
Tor:Tor is free and open-source software for enabling anonymous communication. The name derived from the acronym for the original software project name "The Onion Router". Read more in Wikipedia
Node: A bitcoin full Node is a independent entity in a peer to peer ecosystem. A Node independently checks and verifies all protocol rules for incoming broadcasted transactions. A full node does not trust, but verifies. Technically speaking a node is a computer connected to other computers which follows rules and shares information. A 'full node' is a computer in Bitcoin's peer-to-peer network which hosts and synchronises a copy of the entire Bitcoin blockchain. Here is an excellent read on nodes, what they are and the differences between types of nodes.
Standup app: is a personal one-click Mac OS installer for Bitcoin Core and Tor that will present a QuickConnect QR code that can be used to pair mobile wallets for remote use over Tor V3. Read more
Datadir: The data directory is the location where Bitcoin's data files are stored, including the wallet data file.
bitcoin.conf: The bitcoin configuration file is a list of 'setting=value' pairs, one per line, with optional comments starting with the '#' character.
initial block download (IBD): The Bitcoin Core initial block download code makes sure that the block headers you are downloading (from a single peer) passes certain, hard-coded "checkpoints.
Nodl: A hardware box with to run a non-preloaded bitcoin node on it, commercial site.
RPC: Remote Procedure Calls
bitcoind: Bitcoin Deamon, background process running a bitcoin node. Bitcoind is a program that implements the Bitcoin protocol for remote procedure call (RPC) use. It is also the second Bitcoin client in the network's history. It is available under the MIT license in 32-bit and 64-bit versions for Windows, GNU/Linux-based OSes, and Mac OS X. Read more
SSH: Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.[1] Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
Nano : famous text GUI editor to start from commandline, not to be confused with Ledger Nano S/X, which is a cold storage.

Knowledge you should be confidently applying

The definitions above
Output Descriptors : https://github.com/bitcoin/bitcoin/blob/master/doc/descriptors.md
BIP32, BIP39, BIP44, BIP47, BIP49, BIP84, BIP174
derivation paths, keypools

Actions you should be comfortable with

Amend knowledge and keep existing knowledge up to date
recover from a seed
sweep to a new wallet
use bitcoin-cli
install, sync, start and stop your own full node
connect your TOR V3

Q&A

Userinterface

Question : This button should bring up info and allow me to make changes?

It does, but only for Fully Noded wallets. It does not do anything for wallets created on your node externally from FN. FN allows you to manually create wallets and access all your nodes wallets. It is only possible for FN to show wallet details when the wallet was created via the + button on the Active Wallet tab. With FN wallets the app will remember the public key descriptors that were used to create the wallet, it's derivation, it's keypool range, the wallet label, the wallet filename, and a unique identifier.

Question: why can't I see the label I gave the change address? When I have wallet loaded and go to List Labels under settings I can only see the name I have the wallet, not the label I gave the change address?

When importing change keys and adding them to the keypool you can not add a label to change keys, this is a Bitcoin Core limitation. However if you do not add the keys to the keypool (multisig for example) yet you wish to designate your imported descriptor or extended key as deriving change keys then you can assign them a label. This would be useful if you are recreating an external wallet from say a Coldcard or a Ledger and you want to identify change outputs from receive outputs. There are multiple ways to see your keys labels. They will be shown in each transaction by default, in the utxo view or you can do it manually by going to tools > Wallet > List Address Groups/List Labels/Get Address Info/Addresses by Label. If your wallet conforms to BIP44/84/49/48 then you can always look at the utxo info view and see the change path in the descriptor for that utxo, for example a BIP44 receive path is m/44'/0'/0'/0/0 and a change key would be m/44'/0'/0'/1/0

Question : I'd like to recover a wallet using FN without revealing seed words, is that possible?

There is a big difference between "recovery" and "importing". Recovering a wallet implies you would want to be able to spend the btc which means either seed words, an xprv or a WIF is needed. For importing and creating a watch-only wallet only an xpub is needed. The recovery wallet is specifically for recovering wallets and making them spendable. However it is an extremely easy way to import wallets into FN as we can do all the complex derivations for you when you supply seed words, if you want to make it watch-only you can always delete the seed words by navigating to Active Wallet > squares button > signers button > tap the signer > you will see a delete button. The proper way to import a wallet as watch-only is to import either the xpub or the descriptor for that wallet via Active Wallet > import > xpub/descriptor. If importing an xpub you will need to know its derivation path, and ideally import it twice once using the receive path and once designating it as change to ensure all transactions/utxos show. To do, create a pictorial explaining how to do this with accurate instructions

Question : how to verify all outputs of a raw transaction? I verified the Send address. I would like to verify the Change address. How?

Copy and paste the raw transaction in hex formate 0200011200..., go to Tools > Transactions > Verify, this tool will go through each input and output fetching all the addresses associated with each input and output. You can from their copy and paste the address and go to Tools > Wallet > Get Address Info to verify whether the address belongs to your nodes current active wallet. To verify an address belongs to your node's wallet check the solvable field =1, if it =0 it does not belong to your wallet.

Question : how do I figure out what version of fully noded I'm using on my IOS device?

Nowhere, will add it to the header of settings

Question : Made 2 single sig wallets in FN. Both have same signer words?

Ignore wallet manager
Tap the squares button on the active wallet view
Use your Fully Noded wallets from there
After deleting wallets via powershell make sure you restart your node
Just use the one you’ve got in the Fully Noded wallets, Delete the other one from your node, that originally failed

Further elaboration on the answer

TBW

Question : Why is camera always active in the wallet?

should only be active when you are scanning a QR code...
when you swipe down or close the QR scanner it dismisses all camera related code
For now, i guess if you do not want it to use the camera just disable that in the devices settings
I will look into it, give it more though and see what I can do
If the camera is dismissed and not being used, it makes no sense that the light would stay on.

Update: Think it should be fixed now, please try again when next update goes live.

Question : Why might the app be crashing for me?

MD: What is your node setup like? And what is the last thing you are doing before it crashes?

Matt Hill: Please make sure you are running Bitcoin 0.20.0 on the Embassy. And that you have the "wallet" feature in your config file enabled.

Fonta1n3: Looks like you never actually connected? If your connection is successful you’ll see the home screen look like this:

Occasionally you’ll get a crash if you race around the app not allowing things to finish loading or if you put it into background before tor connects and back into foreground very quickly and vice versa. Important to let things load and go slow. Other then that there really should not be crashes, only way i can troubleshoot that is release on Testflight again and ask that you share the crash report. For starters ensure you are connected to your node, can you confirm it successfully connects? Actually connecting is only successful when the home screen has loaded.

Problemsolving

Are you absolutely sure the rpc password and username and onion are 100% correct? rpcpassword that's in your bitcoin.conf.
Have you tried rebooting the node?
Are there any special characters in the RPC password? Only alphanumeric is allowed but the app should warn you about that. Make sure your rpc credentials do not have any special characters
Generally rebooting Tor on the node would solve this issue if everything else is correct.
is there any possibility your isp is blocking tor (On your phone)?

Question : Is airdropping a requirement?

I dont have a mac but i have saved the file on my iphone. is there a way to tell fully noded about that file?

Airdrop is not a must. You can save the files in iphone using the native file application.

Question : How to export your single sig wallet from Coldcard to Fully Noded using your own node?

See this instruction of 33 secs here. This is super cool, super easy.
Video is obviously edited, the spinner will take longer then that, just wait a bit

Question : I experience crashes, and I want it fixed. How?

I will be be keeping the testflight up to date for you here, so that they can be shared and investigated.

For sure tor will crash occasionally. If you race around the app and put it into foreground and background quickly, actually a guaranteed way to make the app crash is quickly backgroundning it and quickly foregrounding it as Tor needs about 10 seconds to bootstrap and if it is does not complete that process before getting backgrounded tor will crash, just something to keep in mind.

Go slow, tor is not meant for speed. Tor does not stay alive in the background so every time the app does go (crash) there we have to force tor to quit, then when the app reappears it has to bootstrap tor again every time.

Question : What are the assurances that the developer cant push out software that will steal my seed say in a single sig wallet?

There isn’t any, that’s why you should use multisig or build the app from source.

Further question: how can I load that code directly to my iOS device without the appstore? What assurances are there that the github code is exactly what is sent and installed via apple appstore?

Again there isn’t any, the code is open sourced so you can build it yourself. Its actually not very difficult to do.

##Import

Question : I got the zpub from electrum. I thought that if you use a bech32 wallet, you get a zpub not xpub?

Fully Noded only takes xpub (from what i can tell you can not import zpub into bitcoin core)

If you have the xpub just select bip84 in settings and it will derive bip84 addresses (bc1). You can use an xpub to generate bech32 addresses, electrum does things a bit differently...

I think the reason electrum (and some wallets use zpub ypub etcc) is so the wallet knows which type of address to create, at the end of the day what your are dealing with are private keys, and there is only one type of private key, just different address types which are derived from the private key

Unless you opted in to using BIP39 in electrum, your electrum xpub will not work in Fully Noded for now. You can create a new wallet in electrum, opt in to BIP39 and then it should work.

If you want to read about it from Peter Wuille here it is (for what you can import into bitcoin core).

I got a good answer from Andrew Chow here

Question : Why does importmulti not support zpub and ypub?

As far as I can tell importmulti does not work with zpub/ypub.

Why not?
I prefer only to deal with xpubs, but I am curious. Basically zpub,ypub is not part of bitcoin but an add on for wallets

Max: Lopp has a nice tool for switching an XPUB to a YPUB or ZUB and vice versa, here

Question : I am not sure, I forgot, So have I basically at some point imported a bunch of addresses?

Your node(e.g. nodl) should see that too though.
The best way to do it is create new wallets in the node
In the app you go to utilities and create new wallet, and you import your xpub then. That way you can have multiple wallets that are dedicated for individual xpubs.

Question : How to import my BRD wallet?

You can go to the “active wallet” tab > + button > recovery > input your BRD seed words and optional BIP39 passphrase, then tap recover or you can import the xpub via Active Wallet > import > xpub

Question : `.txn` files, is there anyway to open on iPhone?

A .txn file is a signed raw transaction as exported by Coldcard. Fully Noded has registered the file extension .txn so that when you airdrop or tap a .txn file in the iOS Files app FN will automatically launch a Broadcaster allowing you to broadcast that transaction with your node. You can always copy and paste the raw transaction and go to Tools > Transactions > Broadcast to do it manually.

Question : How are you transferring the txs from the Coldcard to the iPhone - microSD card reader?

So on your coldcard you go to “dump wallet summary” in the sd card section
And get either your bip44 or bip84 xpub
Make a qr code with it or copy and paste it
In Fully Noded you go to settings

Inout your master fingerprint and the correct settings, then scan the qr-code of the xpub, and it will import whatever range of addresses you specified
You have to take the sd-card and put it into a computer and create the qr.

Further question : what the added benifit of going through the iPhone?

It is just that if someone is signing a tx on their coldcard, then going to SD, they may as well broadcast from their computer rather than move it to their phone?

Once you've done this, you can build PSBT and unsigned transactions and receive to your hw wallet.
My ideal setup is to have an airgapped laptop
And that SD card only ever touches the coldard wallet and the airgapped laptop
So its a true airgap.
Then you create your qr codes on the airgapped laptop, and scan signed txs with the phone
Build your unsigned transactions on your phone, and send them to airgapped laptop via QR code scanning.

Export

Question : Why doesn't broadcast work via my Node?

You can only broadcast signed raw transactions. The only purpose of psbts is to end up with a signed raw transaction. e.g. The .txn file from Coldcard.

Question : Hardware wallet support?

They should all work with Fully Noded too. You can import your xpub directly into your node from your hardware wallets. I import my coldcard wallet xpub with Fully Noded, then build PSBTs with it.

General

Question : Why is there no version for Android yet?

It is a budget issue. Android has bigger security issues. Tor is easier on Android.

Further question : Why would Apple not make Tor easier?

I wouldn’t say its Apple intentionally making it difficult. Its just the go to tor framework for iOS is not easy to get working.

I have Tor running fine and you can make normal url requests over Tor in the app. But when it comes to making url requests to onion sites (eg your nodes hidden service) it only works on simulator. I know its possible but I also know i am not the only one who has had this issue, very frustrating bc using your node as a backend via a hidden service is badass.

Onion Browser has the solution, worst case scenario I can fork it and include the entire codebase in Fully Noded, but I want to try and find a proper solution before I do that.

On android they have orbot and the path to getting tor working to onion sites for devs is easier.

Question : What is your privacy policy and how to comply with GPDR?

Here is the privacy policy. It inherently complies with GDPR.

Question : Why did you choose iOS to build on? Any advantage compared to Android?

Only because that is what I know how to code with and what I am a user of.

Question: please elaborate on the seemingly contradictory statements about '100% offline signing'

"Fully Noded now acts like a hardware wallet, it can sign anything 100% locally with no internet required at all." says the Introduction FN Wallets Medium post July 1 2020 Link Medium post.

"This works without internet connection but we do make a few commands to the node so it is not offline optimized. Perhaps in the future we will move to 100% offline."
says the Introduction to FN psbt signers a week later Link Medium post.

Could you pls elaborate on that. My question is about the two medium posts of @Fonta1n3, that seem to have contradictory statements in it. It's not contradictory, it does sign 100% offline. FN makes other commands that require an internet connection though, it's possible to enhance that in the future. The 'online' commands that the signing process generates, do not reveal any sensitive data.

Further elaboration on the answer / issue

In order to make the signing functionality work as reliably as possible the app first checks if the psbt is fully signed, if it is it will finalize it right away and allow you to broadcast, if not then it passes the psbt to your node for processing with bitcoin-cli walletprocesspsbt, if for some reason the psbt you passed to the app does not hold all the bip32_derivs then that command will get your node to fill out the bip32_derivs (our offline signer needs the bip32_derivs in order to sign as they tell us what derivation path the private key needs to be derived with). The process command also gets your node to sign the psbt if it can, it is always possible a user has imported an xprv themselves into their node without FN knowing about it (FN2 for example makes your node a signer), so that command accounts for that possibility.

All of the above can not be done offline, if it is going to be 100% offline we can't sign with your node and cant fill the bip32_derivs with your node.

We then loop through each signer on the device, decrypting them and seeing if its possible to sign the psbt with each. It then signs locally using the Libwally library.

Question : My transaction still says 0 confirm?

You can set a mining fee target in settings, if you want it to be confirmed quickly adjust this setting accordingly. Otherwise all transactions are replace by fee enabled in FN. To bump the fee simply tap the transaction and you will see a button for bumping the fee. If FN does not hold a signer for the wallet and the node can not sign then FN will allow you to export the new transaction as a psbt which you will need to pass back to your signer and broadcast again as utilizing rbf means you create an entirely new transaction.

Question : Any suggestion about this problem? All the username, password, and onion address are OK

Force quitting FN and rebooting tor on your node usually works. Sometimes Tor can get "stuck" especially if your node's machine has gone offline or been put to sleep. This issue may also be encountered if you connect to multiple nodes and switch between them, simply force quitting FN and reopening it resolves the issue and force refreshes the connection to the new node.

Question : "Transaction invalid: some outputs that it attempts to spend have been already spent or ... Did I set my fee's too low?

It probably was not RBF enabled to begin with.

Question : FN latest: “Added ability to share your node”. Please explain?

Embassy allows you to add your Node credentials manually, but I had come up with a url scheme that converts your node's credentials into a "Quick Connect QR" https://github.com/Fonta1n3/FullyNoded#quickconnect-url-scheme.

Standup, BTCPayServer, Nodl, myNode and Raspiblitz are supporting the QR. The "Share" button on your "node details" just takes your current node credentials and puts them into that QR format so anyone can scan the QR and connect to your node.

I talk about Tor V3 auth, this should definitely be used, if you want to share your node as if that QR gets leaked and you do not have auth setup anyone can access your node (your trusted others may share without you knowing for example). However with auth you need to explicitly add their pubic key to your nodes tor config, for example I can give you my QR codes but they are useless to you.

Question : Have you been able to overwrite other apps associations?

If you airdrop FN gives a choice

Question : Does this imply that using my node is not private?

I think it should say third party service or use my own node. In fact this should be a setting that you opt in right?
Javier: I think that option is in case your node is not running Tor. If your bitcoind instance is not running over Tor each tx propagated is more likely to be desanonymized. That’s the reason to choose propagate Esplora API.

Question : Do you have a lightning node? to send donations? The fees are currently high for a mainnet transaction.

Nope, lightning not ideal for large transactions anyway. Joking joking :) I mean i can give you a lightning invoice if you’d like. I did get one set up with electrum

Further question : About donations : how are the addresses generated?

does it fetch em? or are they hard coded in?

Random address generated from an xpub.

Question : How to do c-lightning on mac with pruned node?

As long as you have bitcoin core already running and have brew installed (properly). C-lightning is pretty cool, you do not even to to "deposit" btc to your node anymore, you can fund any channel direct from any btc wallet.

Further Question: As far as I know c-lightning doesn’t fully support pruned nodes.

If bitcoind prunes a block that c-lightning has not processed yet, e.g., c-lightning was not running for a prolonged period, then bitcoind will not be able to serve the missing blocks, hence c-lightning will not be able to synchronize anymore and will be stuck)?

C-lighting does support pruned nodes with this: https://github.com/Start9Labs/c-lightning-pruning-plugin. Works well and easy to setup, c-lightning does support pruned nodes out of the box, but this plug makes it very reliable, can be any pruned size as far as I know.

lightning-cli fundchannel_start <node_id> <satoshi_amount>

Returns a segwit multisig address to send btc to
Does not matter where the btc comes from, as far as I can tell
I sent from my onchain wallet in FN and it worked.

How could I connect Casa Node and FN?

You have to enable ssh on the node (using keyboard and monitor), tehn ssh in, and setup a v3 hidden service.
More info on enabling ssh on Casa Node 1 here and 2 here.

HenkvanCann: Be aware that Casa is no longer supporting their node. On social media like Reddit, it becomes clear that people move away from Casa node 1+2, and sometimes use the old Casa node to convert it into a myNode.
In the Casa site the Casa Node 2 is "sold out" ...

Can I turn on my LND server on MyNode to use FN as a lightning wallet in conjunction with an onchain wallet?

LND won’t work, And no, I won’t add it.

LND is written in Go code, which is owned by google, to talk to it remotely you need to use GRPC which also is also owned by google, you can not simply run a hidden service and speak to a LND node via http post request if i understand correctly, not great for ease of use.

Instead, c-lightning is built in C (an open language not owned by google), and is highly modular and flexible, super easy to build on top of with python plugins, very easy to talk to remotely and add powerful plugins to adapt to your needs. Fits into the Fully Noded architecture seamlessly.

Connection

Could not connect to the server... What to do?

Follow the steps here. Always remember you will have to brew services restart tor, you will have to force quit and reopen FN to connect again, for the authentication to take effect.

"The internet connection appears to be offline..." but I am online, what to do?

This response is often related to failing authentication. Have a look at this section in the Readme.md for an extensive guide and a double check section here

Can I connect FN to my node over local wifi?

FN only connects over Tor so its not possible in the app for now to connect over local wifi. It’s something that could be added fairly easily but is not there now (in July 2020).

Question : how risky is to open port 22 to connect from anywhere outside my local lan?

First off I am not a security expert. But from what I have read SSH is generally very secure. However there are some simple steps you can take to make it much more secure. You can read more from the Fully Noded github here

The goal of this app is to avoid SSH altogether and use Tor so you can keep your node firewalled off completely, its working if you build the app from source, We've got mobile fixed by now. Its also more secure if you use an RSA public key / private key to authenticate SSH which is also possible in Fully Noded I would just do your own research on SSH security and see what you come up with, let me know what you find.

Question : I get a channel alocation error when I try to add a Xpub. What could go wrong?

Means the ssh channel closed. Just go to home screen and pull to reconnect.
It takes around 20-30 seconds when you import an xpub, so just wait for it to finish

Question : In true airgapped situation: no need for a Coldcard? Just create signed TXs on the airgapped laptop?

Some people would argue that its more secure to create keys on the coldcard. Also getting software onto the airgapped laptop without compromising the security of it, is another factor.

Max: I wouldn’t be so worried about an air gapped laptop. As it’d only be handling transactions that had been signed.

Question : Do I have to be in the same network?

Best way to find out is try. FN over Tor v3 should allow you to access from anywhere.

Question : How do we get the rpc credentials on the nodl?

You have to log in like this link shows you. And open up the bitcoin.conf file. You need to add RPC credentials.
Is it on the UI?
Jamie Lim: Ssh into the nodl, The ssh host user should be “bitcoin”

Question : RPC credentials are mandatory. FN is forcing good behaviour?

Just keep it in mind because if you have not added RPC credentials: the node won't connect.
Honestly, just way better code wise. And allows you to connect over local network with no internet which is cool if you like doing stuff offline. Also should make connecting in general more robust and work on all systems even better.

Question : Do you use a terminal app in iOS on the iPhone that you ssh into your network with?

I use NMSSH framework in the app
There are apps though, i think iterm has an app that also uses the same framework ->
iTerminal - SSH Telnet Client by ComcSoft Corporation https://apps.apple.com/us/app/iterminal-ssh-telnet-client/id581455211

Question : How do I troubleshoot connection issues over Tor between FN and Bitcoin Core Nodes on a Mac?

Here are some common issues and fixes. You can troubleshoot Tor issues on the mac by opening a terminal and running open /usr/local/var/log/tor.log, read the Tor log and make sure there is nothing obvious going wrong there. Most Tor issues revolve around permissions. Ensure your HiddenServiceDir has the correct permissions by running chmod 700 <HiddenServiceDir> where <HiddenServiceDir> represents the path to your HiddenServiceDir as specified in your torrc file which can be found at /usr/local/etc/tor/torrc. The Bitcoin Core log can be helpful too, however you must have the debug=tor line added to your bitcoin.conf. You can run open ~/Library/Application\ Support/Bitcoin/debug.log

You are also better off launching Tor as a service

first ensure tor has stopped
then open a terminal and paste in brew services start tor, this will ensure Tor always launches automatically when your mac starts, if you want to stop tor run brew services stop tor

Possible problems during installation and configuration

It may just not have permissions to create directories which would explain the lib folder not existing.
Running without brew. You can defo do it without brew, its just more complicated.
You really should edit the file and save it too. Double checked?

Question : How can I test the network connection between them (FN and Node)?

Big Disclaimer:

This is not great for security, so I would refresh your HS hostname after trouble shooting this and change your rpcpassword. All you have to do is delete the ‘HiddenServiceDir’ folder and restart tor and you'll get a brand new url.

Before doing the below, try rebooting Tor on the node server side, force quitting FN and see if it connects, double check you added your tor v3 url correctly with the right port at the end, typically :8332 for mainnet.

Recreate your hidden service url like so: http://rpcuser:rpcpassword@xxx.onion:8332, paste it in to a Tor browser as if you were visiting a website, if your connection is alive and functioning properly you will get a server only responds to POST requests error or JSONRPC server handles only POST requests error in the Tor browser. If you do not get that error then something is wrong, again check the Tor and Bitcoin Core logs to debug the issue.

Question: What is the best of breed desktop wallet to connect to your node?

Specter, to build from source use following commands in a terminal:

git clone https://github.com/cryptoadvance/specter-desktop.git
cd specter-desktop
virtualenv --python=python3 .env
source .env/bin/activate
pip3 install -r requirements.txt
pip3 install -e .
python3 -m cryptoadvance.specter server

That will install and launch Specter, once installed the only commands you need to launch it:

cd specter-desktop
virtualenv --python=python3 .env
source .env/bin/activate
python3 -m cryptoadvance.specter server

See this for instructions on exporting a wallet from Specter to FN.

Question : Can't seem to locate the torrc file to connect via Tor using Nano. What's wrong?

I did try directly entering the nano in cmd but it is blank. Okay, I realised that the file name is torrc.sample instead. Weird. nothing inside this nano as well.

When you make the nano command what exactly are you typing? the torrc.sample is just that a sample, it's possible when Tor has not yet been started that it does not auto generate the torrc? You can always use the torrc.sample to create a torrc, just copy and paste it and delete the .sample extension and then follow the guide to edit it.

When you use nano you either need to be in the directory of the file you are trying to use nano on or include the path nano /usr/local/etc/tor/torcc.sample for example. If nano is not working just use whatever text editor youd like to. Try starting Tor, it'll generate the torrc then.

brew services start tor

To be honest this makes it really easy and works with your existing node: Gordian

You can download the dmg right on the link, just open it and it does everything for you.

If you want to do it manually that works too :)

Question : Looks like I'm connected. But no homescreen, what's wrong?

It says it connects successfully but no matter how long i let the app run it never looks like your pic.

It says successfully added. Actually connecting is only successful when the home screen has loaded.
Are you absolutely sure the rpc password and username and onion are 100% correct?
Have you tried rebooting the node?
Are there any special characters in the RPC password? Only alphanumeric is allowed but the app should warn you about that now..
Generally rebooting Tor on the node would solve this issue if everything else is correct

I definitely need to reboot tor on my MacBook sometimes but only after it is asleep... servers should not have that issue, occasionally I’ve had users (and myself) need to reboot tor on the initial connection attempt.
W is there any possibility your isp is blocking tor? That has also been an issue before. (On your phone i mean)

For starters ensure you are connected to your node, can you confirm it successfully connects?

If your connection is successful you’ll see the home screen look like this:

Question : what's this about Tor V3 Authentication Public key in settings > security center > Tor V3 Authentication?

Tor V3 hidden services have the ability for “out of band” authentication. Meaning you FullyNoded can create a private key offline and you can export the pub key to your node to authorize your device. It makes the connection super secure and in the words of the tor devs “superencrypted”
It means only your device can ever access your node even if someone go that RPC QR code. Highly recommended to do that.

In order to add the auth key you need to use the following command:
sudo nano /var/lib/tor/theNodlTorDirectoryName/authorized_clients/fullynoded.auth
Then paste the pubkey and save the file (type ctrl X and enter)

StandUp.app makes it super easy if you have a mac or the StandUp scripts also make it incredibly easy.

Wallets

Question : How I can erase a wallet in Fullynoded? or modify a name?

If your node is on a mac you will need to navigate to

⁨Root ▸ Users⁩ ▸ ⁨Arkad ▸ ⁨Library⁩ ▸ ⁨Application Support⁩ ▸ ⁨Bitcoin⁩ ▸ Wallets

BUT as Satoshi says, you should never delete a wallet, instead much better to move it, just incase.

On your nodl I am not 100% sure of the path to find the wallets, but it is in the main bitcoin directory, shouldnt be too difficult to find. To modify the name just right click the wallet on your mac and rename, in nodl you have to find the path to your wallet and use mv command, heres an example:

mv /home/user/oldname /home/user/newname

Question : what is the recovery wallet?

Read the manual here

Question : can fullynoded recover mycelium wallets?

Mycelium on iOs is not maintained. But yes, FN should be able to recover your wallets. According to walletsrecovery.org they are bip44/49/84, if thats correct then it certainly will

Question : Which faucet works the most reliable for testnet:

https://bitcoinfaucet.uo1.net/; accepts bech32 multisig

Question : So where is the private key stored then? On disk somewhere?

If you create a “Fully Noded Wallet” the words are encrypted and stored on the devices keychain which is yet again encrypted Then we derive the child. Private key on the fly everytime you go to send or sign a tx from the words

Further elaboration on the question: and since everything on iOS is sandboxed its pretty difficult for a different process or thread to peek at the contents of fully noded; right?

Further elaboration on the answer : Should be “impossible “ The worst malware i can find are adware where an app gets you to click invisible ads.

Question : The keychain encryption key is stored on the secure enclave?

So its very hard to crack that open once you have the device, which bricks itself without the icloud password?

On FN its stored on the local keychain (secure enclave) only, no icloud support. FN2 account xprv can be synced to icloud. But again its encrypted three times by then.

Question : What’s the diff in importing Xpub and import descriptor under wallet?

Descriptor has the derivation, address range, path and address format in it, can also specify multisig and bip67 A descriptor can hold an xpub and derive specific addresses

An xpub is very generic and you need more info to go with it <to do what? - TBW> Descriptor is a very specific way of telling a wallet to derive these very specific keys, xpub is not specific at all and up for lots of interpretation with possibility of really messing it up.

The coldcard export and the txt file are basically descriptors.... when you import an xpub into FN it gets converted onto a descriptor. When you create a multisig wallet it creates a descriptor for you and the wallet uses the descriptor to derive keys.

Question : how to create a 2 of 2 multisig wallet with my Coldcard and FullyNoded?

Video on how to easily create a 2 of 2 multisig wallet with your Coldcard and FullyNoded: https://m.youtube.com/watch?v=daXvAcHy8H0

Question : In `wallet - invoice`: Is there a way I can go back to a previous receive wallet address?

Not really... its possible if you imported multisig descriptors manually though.
We should discourage the re-use of receiving addresses for the sake of privacy protection.

Question : I recovered from Greenwallet and didn't get a balance, Iim wondering if FN scans all the BIP lines?

Green is a compatibility wallet in default. Am I missing some between BIP 32 and 49?

Green wallet is a 2 of 2.The recovery wallet is for single sig. You can recover any multisig with the FN multisig wallet “creator” just add your own seeds or xpubs.

Further question : So the wallet I recovered is a single sig based on same multi seed? Given that fact...best to create a fresh FN wallet and go from there? I don't want to confuse myself any further. I like the privacy of FN. I basically want to switch from Green Wallet to FN for my daily driver.

Yes, i think you are very locked into their wallet (Green Wallet) and can only really recover with them? Not sure though.
Also, you can not recover any multisig with the multisig creator, currently it keeps the derivation hard coded. We will definitely update that in the future. It is a start for now.
Nice that you want to use Fn on a dally bases, yea for simplicity id recommend the single sig!

Question : Are wallets enabled on the config page of bitcoin in the Embassy App?

FN works with walletdisabled=1, home screen doesn’t include any wallet rpc calls.

Question : I clicked on the file again and now I have 2 cold cars records in the FN app. Would I see 2 wallets in FN that showed the same exact info?

Each is appended with some sort of unique code. I would think that they should say the same thing, but one "has" the 10 bucks i sent to it and the other has nothing. shouldn't they match exactly since they are the same?

No. When you import a wallet it first creates a new wallet on your node with a random string at the end, if that import fails as yours did (it happens rarely) the wallet.dat filename in your nodes.
.bitcoin directory will hold different wallets, also if it fails you can not have any idea what was actually imported.

So you should tap the "squares" and only ever work with that wallet.
If the wallet is there in the "Fully Noded Wallets" section then you know it is all good.

Further Answer:

You should really completely ignore your "Bitcoin Core Wallets", unless you are a bitcoin-cli expert and know exactly what you are doing and why.

It's really just there to help people recover wallets that exist on their node. Really need to make some tutorials and add an "advanced" button in settings that shows and hides some features, like accessing non Fully Noded Wallets.

By far the best way to use the app is stick 100% with FN wallets.

Aka use these two buttons to create and switch between wallets

FN wallets will always show as COLD because your node never holds a private key

Question : Does fully noded need the wallet from bitcoin core?

It should work with it disabled. But it’s been awhile since i tested that.

Standup

Question : where can I download this?

here is the notarized and pgp signed dmg Just click download and then open it

Question : what kind of compromises would standup have to make in order to be distributed via the mac app store?

Need to look into it more, not an expert. Standup is the first macos app i ever made... the app itself would probably need to run everything. I mean as it is its a notarized dmg, we can just add it as a link on any website and it downloads no problem.

Question : If I allready have a full node running on my Mac. Can I use the standup app with it?

Standup app is fully compatible with existing nodes, but you can not specify a datadir or a network in your bitcoin.conf You do not need to delete anything, generally speaking.

Question : I am about to start a full node on mac. Can I change the directory to an External SSD with the standApp?

yes, in settings youll see a datadir box where you can "choose" a new folder. I would recommend just pruning and adding prune=550 to the bitcoin.conf then it will only ever take up 550mb of spcae but you still get full validation.

the benefit of that is you do not need an external drive, you can just use the external to back everything up. i think doing an initial block download (IBD) to an external drive slows it down quite a bit
Henk van Cann: it depends on the speed of the external drive, some can reach up to 500 Mbit/sec, cheapies or oldies won't go beyond 50 Mbit/sec which will be a pain.

Transactions

Question : How do I specify a fee rate in FN?

You can just set the min relay fee (smallest possible amount) and if the transaction doesn't get confirmed, you can "bump" it, i.e. use Replace By Fee transaction. That is a new transaction with a higher fee using the same UTXOs as an input.

Question : Can I create transactions in USD?

Yes, you can create transactions which are denominated in USD, this video shows the new look for the transaction builder, how to switch to fiat denominations and then how to confirm the transaction before you broadcast it:

Node

Question : I changed bitcoin.conf according to guideline, why is it still not working?

Did you restart your node? If you change config file you need to restart bitcoind.

Question : how to create a Tor V3 hidden service to control your node?

I have updated the github with easy to follow instructions on how to create a Tor V3 hidden service to connect to and control your node with on a mac here.

Question : Anyway to connect node via bitcoin core QT? Can't get to find any QR code from the QT core on Mac OS.

This is a good guide this is a good guide : https://github.com/Fonta1n3/FullyNoded#connecting-over-tor-mac

Question : Is there currently a way to execute bitcoin-cli rescanblockchain with the start/stop height parameters from within fully Noded?

especially with some slick autocomplete for commands and parameters. rpc syntax can be a pain sometimes.

No, I need to add that to FN app. It should automatically rescan from prune height though if your pruned.
Anyway, doing it the way Fully Noded does it adds a layer of complexity too. Extra need for escaping characters, absolutely stuff that’s not needed, if doing it straight via terminal.

Definitely something to be said about a cool UX where it autosuggests the rpc call and then shows a UI for the params with explainers.

Question : Is there an ability to add peers and remove peers?

Not yet, but I think it is an important thing to add as far as "direct rpc calls" are concerned.
There’s a cool project that lists a bunch of trusted tor nodes, so you can add them if you want to use your node 100% behind tor without getting attacked by chain analysis.

Would need to start simple and expand... sigh so much to do so little time. Wish there were other swift devs who would help out.

Question : So the order of fully noded is 1. Node 2. Wallet? Correct? Without a node, you can't scan in a wallet?

You can not do anything in FN without connecting to your node first.

Files

QandA.md

Latest commit

History