Sharing the dcrd

Sharing a device that stores a digital wallet is only for people who have a trust relationship, regardless of whether they share the dcrd server or not.

Sharing the dcrd
Sharing the dcrd

By Marcelo Martins - January 03, 2019

Sharing a dcrd with other devices is useful for those who:

a) intend to use a blockchain server on the local network so that the blockchain will be copied from the Internet only once;

b) for any compatibility or test reason need to run a different dcrd than the one that comes with Decrediton.

Warning: Sharing a device that stores a digital wallet is only for people who have a trust relationship, regardless of whether they share the dcrd server or not. The root user can read any file stored in Linux file system. In Windows, the Administrator can take ownership of any folder. In the end, only the wallet password or folder encryption protects the user.

Furthermore, security configuration errors, vulnerabilities introduced by users, and malicious code locally executed, such as a keylogger, can affect all users.

This article shows that it is possible to make such a configuration (figures 2 and 3), not that they are recommended.
Figure 1 - Only the dcrd installed in a network server is shared


Figure 1 - Only the dcrd installed in a network server is shared

Figure 2 - Two users sharing a device, with dcrd installed in a local network server


Figure 2 - Two users sharing a device, with dcrd installed in a local network server

Figure 3 - Two users, dcrd installed locally


Figure 3 - Two users, dcrd installed locally

Until this moment there is no Decrediton for ARM or ARM64 platforms.

The following steps were performed on a Debian 9 64-bit.

dcrd must be separately installed on the local device or on a remote device. To learn more about it, read Installing dcrd.

If you already installed Decrediton on the device, before you begin, back up ~/.config/decrediton folder and make sure you have the wallet seed written down in a safe place.

If you don’t have Decrediton installed, read Verifying digital signatures prior to the its installation.

Learn more about Digital certificates for RPC connections.

For dcrd to accept connections from dcrwallet and dcrctl on other hosts, it will be necessary to change the rpclistenparameter in dcrd.conf file or to run dcrd with rpclisten option informing the IP addresses of the network interfaces where dcrd will be available (or 0.0.0.0 for all network interfaces):

$ ./dcrd --rpclisten=0.0.0.0 [--testnet]

The execution of Decrediton starts two internal processes: a dcrd and a dcrwallet. It is necessary to configure Decrediton so that dcrd process is no longer started. This configuration takes place in ~/.config/decrediton/config.json file:

"daemon_start_advanced": true,

Or using the graphical user interface, accessing menu Settings and changing the parameter “Advanced Daemon Startup” to “Enabled”:

Figure 4 - Decrediton Settings


Figure 4 - Decrediton Settings

Decrediton will start with the following screen, which shows the first tab, “Remote Daemon”, in which Decrediton expects the address of a dcrd that is running on another device. This way, there is no need to wait for dcrd to start every time you start Decrediton. It is also useful for those who want to use dcrwallet on the same device.

Figure 5 - Network parameters and credential to connect to the remote dcrd


Figure 5 - Network parameters and credential to connect to the remote dcrd

You can enter the remote dcrd connection settings in /wallets/[mainnet|testnet]/$WALLET_NAME/config.json file in Decrediton configuration directory. It is also possible to change this configuration at runtime:

"remote_credentials": {
   rpc_user: [user on dcrd server (dcrd.conf)]
   rpc_password: [password dcrd server (dcrd.conf)]
   rpc_cert: [certificate generated on dcrd server]
   rpc_host: [dcrd server IP address or 127.0.0.1]
   rpc_port: 9109 [or 19109 for Testnet]
}

Select the blue button “Use Remote Daemon”. Decrediton should start normally.

To inform Decrediton that dcrd is running on the same device, use the second tab, “Different Local Daemon Location”, as shown in the next figure.

Figure 6 - The location of dcrd directory on the same device


Figure 6 - The location of dcrd directory on the same device

To connect dcrwallet to a remote dcrd server, you need to copy the digital certificate from the RPC Server, which in this case is the dcrd server, to a folder accessible to dcrwallet. This way, no other dcrd can impersonate the dcrd the user expects to connect to.

$ ./dcrwallet -c $DCRD_IP -u $DCRD_USER -P $DCRD_PASS --cafile $DCRD_CERT [--testnet]

To connect dcrctl to a remote dcrd server, you need to copy the digital certificate from the RPC Server, which in this case is the dcrd server, to a folder accessible to dcrctl. This way, no other dcrd can impersonate the dcrd the user expects to connect to.

$ ./dcrctl [--testnet] -s $DCRD_IP -u $DCRD_USER -P $DCRD_PASS -c $DCRD_CERT [command]