Sharing the dcrd
Sharing a device that stores a digital wallet is only for people who have a trust relationship, regardless of whether they share the dcrd server or not.
By Marcelo Martins - January 03, 2019
1. Introduction Permalink
Sharing a dcrd with other devices is useful for those who:
a) intend to use a blockchain server on the local network so that the blockchain will be copied from the Internet only once;
b) for any compatibility or test reason need to run a different dcrd than the one that comes with Decrediton.
Warning: Sharing a device that stores a digital wallet is only for people who have a trust relationship, regardless of whether they share the dcrd server or not. The root user can read any file stored in Linux file system. In Windows, the Administrator can take ownership of any folder. In the end, only the wallet password or folder encryption protects the user.
Furthermore, security configuration errors, vulnerabilities introduced by users, and malicious code locally executed, such as a keylogger, can affect all users.
This article shows that it is possible to make such a configuration (figures 2 and 3), not that they are recommended.
2. Architecture Permalink
Figure 1 - Only the dcrd installed in a network server is shared
Figure 2 - Two users sharing a device, with dcrd installed in a local network server
Figure 3 - Two users, dcrd installed locally
Until this moment there is no Decrediton for ARM or ARM64 platforms.
3. Configuration Permalink
The following steps were performed on a Debian 9 64-bit.
Prerequisites Permalink
dcrd must be separately installed on the local device or on a remote device. To learn more about it, read Installing dcrd.
If you already installed Decrediton on the device, before you begin, back up ~/.config/decrediton folder and make sure you have the wallet seed written down in a safe place.
If you don’t have Decrediton installed, read Verifying digital signatures prior to the its installation.
Learn more about Digital certificates for RPC connections.
3.1. dcrd configuration Permalink
For dcrd to accept connections from dcrwallet and dcrctl on other hosts, it will be necessary to change the rpclistenparameter in dcrd.conf file or to run dcrd with rpclisten option informing the IP addresses of the network interfaces where dcrd will be available (or 0.0.0.0 for all network interfaces):
$ ./dcrd --rpclisten=0.0.0.0 [--testnet]
3.2. Decrediton configuration Permalink
The execution of Decrediton starts two internal processes: a dcrd and a dcrwallet. It is necessary to configure Decrediton so that dcrd process is no longer started. This configuration takes place in ~/.config/decrediton/config.json file:
"daemon_start_advanced": true,
Or using the graphical user interface, accessing menu Settings and changing the parameter “Advanced Daemon Startup” to “Enabled”:
Figure 4 - Decrediton Settings
3.2.1. dcrd remotely executed Permalink
Decrediton will start with the following screen, which shows the first tab, “Remote Daemon”, in which Decrediton expects the address of a dcrd that is running on another device. This way, there is no need to wait for dcrd to start every time you start Decrediton. It is also useful for those who want to use dcrwallet on the same device.
Figure 5 - Network parameters and credential to connect to the remote dcrd
You can enter the remote dcrd connection settings in /wallets/[mainnet|testnet]/$WALLET_NAME/config.json file in Decrediton configuration directory. It is also possible to change this configuration at runtime:
"remote_credentials": {
rpc_user: [user on dcrd server (dcrd.conf)]
rpc_password: [password dcrd server (dcrd.conf)]
rpc_cert: [certificate generated on dcrd server]
rpc_host: [dcrd server IP address or 127.0.0.1]
rpc_port: 9109 [or 19109 for Testnet]
}
Select the blue button “Use Remote Daemon”. Decrediton should start normally.
3.2.2. dcrd as a separate process Permalink
To inform Decrediton that dcrd is running on the same device, use the second tab, “Different Local Daemon Location”, as shown in the next figure.
Figure 6 - The location of dcrd directory on the same device
3.3. dcrwallet configuration Permalink
To connect dcrwallet to a remote dcrd server, you need to copy the digital certificate from the RPC Server, which in this case is the dcrd server, to a folder accessible to dcrwallet. This way, no other dcrd can impersonate the dcrd the user expects to connect to.
$ ./dcrwallet -c $DCRD_IP -u $DCRD_USER -P $DCRD_PASS --cafile $DCRD_CERT [--testnet]
3.4. dcrctl configuration Permalink
To connect dcrctl to a remote dcrd server, you need to copy the digital certificate from the RPC Server, which in this case is the dcrd server, to a folder accessible to dcrctl. This way, no other dcrd can impersonate the dcrd the user expects to connect to.
$ ./dcrctl [--testnet] -s $DCRD_IP -u $DCRD_USER -P $DCRD_PASS -c $DCRD_CERT [command]
Comments ()