Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
LIGHTNING-HSMTOOL(8)					  LIGHTNING-HSMTOOL(8)

NAME
       lightning-hsmtool  --  Tool  for	 working  with software	HSM secrets of
       lightningd

SYNOPSIS
       lightning-hsmtool method	[ARGUMENTS]...

DESCRIPTION
       lightning-hsmtool performs various operations on	 the  hsm_secret  file
       used by the software HSM	component of lightningd.

       This can	be used	to encrypt and decrypt the hsm_secret file, as well as
       derive secrets used in channel commitments.

METHODS
       encrypt hsm_secret_path password

       Encrypt	the  hsm_secret_path  file so that it can only be decrypted at
       lightningd startup.  You	must give the option --encrypted-hsm to	light-
       ningd.  The password of the hsm_secret_path file	will be	asked whenever
       you start lightningd.

       decrypt hsm_secret_path password

       Decrypt the hsm_secret_path file	that was encrypted  with  the  encrypt
       method.

       dumpcommitments node_id channel_dbid depth hsm_secret_path [password]

       Show the	per-commitment secret and point	of up to depth commitments, of
       the  specified channel with the specified peer, identified by the chan-
       nel database index.  Specify password if	 the  hsm_secret_path  is  en-
       crypted.

       guesstoremote  p2wpkh  node_id  max_channel_dbid	hsm_secret_path	[pass-
       word]

       Brute-force the private key to our funds	from a remote unilateral close
       of a channel, in	a case where we	have lost all database data except for
       our hsm_secret_path.  The peer must be the one  to  close  the  channel
       (and  the funds will remain unrecoverable until the channel is closed).
       max_channel_dbid	is your	own guess on what the channel_dbid was,	or  at
       least  the  maximum  possible value, and	is usually no greater than the
       number of channels that the node	has ever had.  Specify password	if the
       hsm_secret_path is encrypted.

       generatehsm hsm_secret_path [lang seed_phrase  [passphrase]]  Generates
       a  new  hsm_secret  using  BIP39.   If  lang,  seed_phrase and optional
       passphrase are not provided they	will be	prompted  for.	 lang  can  be
       "en"  (English),	 "es" (Spanish), "fr" (French),	"it" ("Italian"), "jp"
       (Japanese),  "zhs"  (Chinese  Simplified)  or  "zht"  ("Chinese	Tradi-
       tional").  Note	that  the  seed	 phrase	consists of multiple words, so
       should be surrounded by quotes.

       checkhsm	 hsm_secret_path  Checks  that	hsm_secret  matches  a	 BIP39
       passphrase.

       dumponchaindescriptors  [--show-secrets]	hsm_secret_path	[network] Dump
       output descriptors for our onchain wallet.  This	command	 requires  the
       path to the hsm_secret containing the wallet seed.  If the flag --show-
       secrets	is  set	the command will show the BIP32	extended private keys,
       otherwise the extended public keys will be shown.  The descriptors  can
       be  used	 by external services to be able to generate addresses for our
       onchain wallet or to spend those	funds provided that the	 private  keys
       are  visible with --show-secrets.  The descriptors can be loaded	into a
       bitcoin-core wallet for example,	using  the  importmulti	 or  importde-
       scriptors  RPC calls.  If the hsm_secret	was encrypted the command will
       prompt for a decryption password.  To generate descriptors using	 test-
       net  master keys, you may specify testnet as the	last parameter.	By de-
       fault, mainnet-encoded keys are generated.

       makerune	hsm_secret_path	 Make  a  master  rune	for  this  node	 (with
       uniqueid	 0)  This  produces  the  same	results	as lightning-commando-
       rune(7) on a fresh node.	 You will still	need to	create a rune once the
       node starts, if you want	commando to work (as it	is only	activated once
       it has generated	one).

       getcodexsecret hsm_secret_path id Print out the	BIP-93	formatted  HSM
       secret,	for  use with --recover.  The id is any	4 character string you
       can use to identify this	secret (e.g. ad00): it cannot contain i, o, or
       b, but can contain digits except	1.

       getemergencyrecover emergency.recover_path Print	out the	bech32 encoded
       emergency.recover file.

       getnodeid hsm_secret_path Print out the node id that a node using  this
       hsm  secret would have: useful for verifying that you are accessing the
       correct secret!

BUGS
       You should report bugs on our github issues page, and  maybe  submit  a
       fix to gain our eternal gratitude!

AUTHOR
       ZmnSCPxj	 <<ZmnSCPxj@protonmail.com>> wrote the initial version of this
       man page, but many others did the hard work  of	actually  implementing
       lightning-hsmtool.

SEE ALSO
       lightningd(8), lightningd-config(5)

RESOURCES
       Main web	site: <https://github.com/ElementsProject/lightning>

COPYING
       Note:  the  modules in the ccan/	directory have their own licenses, but
       the rest	of the code is covered by the BSD-style	MIT license.  Main web
       site: <https://github.com/ElementsProject/lightning>

Core Lightning v25.02					  LIGHTNING-HSMTOOL(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=lightning-hsmtool&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help