lightning-hsmtool

lightning-hsmtool -- Tool for working with software HSM secrets of lightningd

SYNOPSIS

lightning-hsmtool method [ARGUMENTS]...

DESCRIPTION

lightning-hsmtool performs various operations on the hsm_secret
file used by the software HSM component of lightningd.

This can be used to encrypt and decrypt the hsm_secret file,
as well as derive secrets used in channel commitments.

METHODS

encrypt hsm_secret_path password

Encrypt the hsm_secret_path file so that it can only be decrypted at
lightningd startup.
You must give the option --encrypted-hsm to lightningd.
The password of the hsm_secret_path file will be asked whenever you
start lightningd.

decrypt hsm_secret_path password

Decrypt the hsm_secret_path file that was encrypted with the encrypt
method.

dumpcommitments node_id channel_dbid depth hsm_secret_path [password]

Show the per-commitment secret and point of up to depth commitments,
of the specified channel with the specified peer,
identified by the channel database index.
Specify password if the hsm_secret_path is encrypted.

guesstoremote p2wpkh node_id max_channel_dbid hsm_secret_path [password]

Brute-force the private key to our funds from a remote unilateral close
of a channel, in a case where we have lost all database data except for
our hsm_secret_path.
The peer must be the one to close the channel (and the funds will remain
unrecoverable until the channel is closed).
max_channel_dbid is your own guess on what the channel_dbid was,
or at least the maximum possible value,
and is usually no greater than the number of channels that the node has
ever had.
Specify password if the hsm_secret_path is encrypted.

generatehsm hsm_secret_path [lang seed_phrase [passphrase]]
Generates a new hsm_secret using BIP39. If lang, seed_phrase and optional passphrase are not provided they will be prompted for. lang can be "en" (English), "es" (Spanish), "fr" (French), "it" ("Italian"), "jp" (Japanese), "zhs" (Chinese Simplified) or "zht" ("Chinese Traditional"). Note that the seed phrase consists of multiple words, so should be surrounded by quotes.

checkhsm hsm_secret_path
Checks that hsm_secret matches a BIP39 passphrase.

dumponchaindescriptors [--show-secrets] hsm_secret_path [network]
Dump output descriptors for our onchain wallet.
This command requires the path to the hsm_secret containing the wallet seed.
If the flag --show-secrets is set the command will show the BIP32 extended private
keys, otherwise the extended public keys will be shown.
The descriptors can be used by external services to be able to generate
addresses for our onchain wallet or to spend those funds
provided that the private keys are visible with --show-secrets.
The descriptors can be loaded into a bitcoin-core wallet for example,
using the importmulti or importdescriptors RPC calls.
If the hsm_secret was encrypted the command will prompt for a decryption
password.
To generate descriptors using testnet master keys, you may specify testnet as
the last parameter. By default, mainnet-encoded keys are generated.

makerune hsm_secret_path
Make a master rune for this node (with uniqueid 0)
This produces the same results as lightning-commando-rune(7) on a fresh node.
You will still need to create a rune once the node starts, if you want commando to work (as it is only activated once it has generated one).

getcodexsecret hsm_secret_path id
Print out the BIP-93 formatted HSM secret, for use with --recover. The id is any 4 character string you can use to identify this secret (e.g. ad00): it cannot contain i, o, or b, but can contain digits except 1.

getemergencyrecover emergency.recover_path
Print out the bech32 encoded emergency.recover file.

getnodeid hsm_secret_path
Print out the node id that a node using this hsm secret would have: useful for verifying that you are accessing the correct secret!

BUGS

You should report bugs on our github issues page, and maybe submit a fix
to gain our eternal gratitude!

AUTHOR

ZmnSCPxj <[email protected]> wrote the initial version of
this man page, but many others did the hard work of actually implementing
lightning-hsmtool.

SEE ALSO

lightningd(8), lightningd-config(5)

RESOURCES

Main web site: https://github.com/ElementsProject/lightning

COPYING

Note: the modules in the ccan/ directory have their own licenses, but
the rest of the code is covered by the BSD-style MIT license.
Main web site: https://github.com/ElementsProject/lightning

Core Lightning (previously c-lightning) is a lightweight, highly customizable and standard compliant implementation of the Lightning Network protocol.

© 2023 Core Lightning
All rights reserved.

Discussion Forum

The official Core Lightning forum is hosted at discuss.corelightning.org

BuildonL2 Community

The official BuildOnL2 community lives at community.corelightning.org. Join us and build the future of bitcoin on lightning.

Mailing List

For general discussions about CLN implementation, use [email protected]. For the Lightning Network, use [email protected]

Telegram

Community-driven telegram group where most of the node operators hang out. Go to https://t.me/lightningd to join.

Discord

Community-driven discord server where the devs flock together. Go to https://discord.gg/w27fMFESMN to join.

Internet Relay Chat

Don't hesitate to reach out to us on IRC at #lightning-dev @ libera.chat, #c-lightning @ libera.chat.