Before learning to use this hardware wallet (hww) or any hww, I suggest you go through the other general guide, “Bitcoin Hardware Wallets Guide” first. I will skim through some steps and focus primarily on what is specific to Jade here.
Full disclosure – I was given a Jade device for free by Blockstream to review and publish. The review/guide here is completely impartial, to my best ability.
The Jade hardware wallet is on par with the Ledger Nano wallet which I have also reviewed. I look at these devices from a Bitcoiner’s perspective and do not concern myself with other tokens that may be supported. For example, Jade supports the Liquid network which itself supports multiple tokens.
My first impressions using the device were good. It does what it’s supposed to and seems to be well built and feels nice. My number one issue with it is that Blockstream forces you to connect to their own software, Blockstream Green. Despite the software being very nice and user-friendly, I do prefer to have flexibility, and unfortunately, I was not able to connect the device to other software such as Electrum or Sparrow – the device would simply not get recognised unless I was using the Green Wallet:
There might be a work-around but it wasn’t obvious to me. If it’s ever brought to my attention that there is a work around, I’ll adjust this guide.
Only ever buy a hardware wallet device directly from the manufacturer, Blockstream:
This is mandatory; don’t buy from an online reseller like Amazon, nor used.
This is my unboxing collage:
The card instructs you to navigate to Blockstream’s website to download the software wallet which pairs with the hardware device:
For simple (and less secure) installation, just click on the operating system link seen above; the download will begin and then you can install the program. For more secure installation using gpg, see Appendix A.
Setting up the Jade
Restore or create a new wallet, 12 words is secure enough, but you can find a 24-word option in the advanced menu.
Once done, you’ll be forced to connect the device to the Green Wallet.
When I installed Green, it reported that the device was “not initialised”. You may get this error too. It’s not immediately obvious, but you actually need to click the “Blockstream” tab on the left, and then “Setup Jade” beside the Bitcoin Singlesig icon to make it work.
You can then click “Go to wallet”:
You’ll then see the Accounts you have. The Main account is a Legacy account for some reason (addresses that start with “1”), and the preferable Segwit Account (addresses that start with “bc1q”) is listed separately.
Verifying the download means to check that the file you downloaded has not been modified since being released by the developer.
We do this by checking that the signature (produced by the developers private key) together with the file downloaded and the developers public key return a TRUE result when passing through the gpg –verify function. I’ll show you how to do that next. If you want to learn the background to this, I have this guide and this one.
First, we get the signing key:
For Linux, open the terminal, and run this command (you should just copy and paste the text, and include the quotation marks):
gpg --keyserver keyserver.ubuntu.com --recv-keys "04BE BF2E 35A2 AF2F FDF1 FA5D E7F0 54AA 2E76 E792"
For Mac, you do the same thing, except you’ll need to download and install GPG Suite first.
For Windows, you do the same thing, except you’ll need to download and install GPG4Win first.
You’ll get an ouput saying the public key has been imported.
Next, we need to get the file containing the hash of the software. It’s stored on Blockstream’s GitHub page. First go to their info page here, and click on the link for “desktop”. It will take to to the latest release page on GitHub and there you’ll see a link to the SHA256SUMS.asc file, which is a text document containing Blockstream’s published hash of the program we downloaded.
It’s not necessary, but after saving to disk, I renamed “SHA256SUMS.asc” to “SHA256.txt” to more easily open the file on the Mac using the text editor. This was the content of the file:
The text we are after is at the top. Depending on which file we downloaded, there is a corresponding hash output which we’ll be comparing against later.
The bottom part of the document contains the signature made on the message above – it’s a two in one file.
The order doesn’t matter, but before checking the hash, we’re going to check that the hash message is genuine (ie hasn’t been tampered with).
Open terminal. You need to be in the correct directory where the SHA256SUMS.asc file was downloaded. Assuming you downloaded it to the “Downloads” directory, for Linux and Mac, change to the directory like this (case sensitive):
Of course, you have to hit <enter> after these commends. For Windows, open CMD (command prompt), and type the same thing (although it’s not case sensitive).
For Windows and Mac, you needed to have already downloaded GPG4Win and GPG Suite, respectively, as instructed earlier. For Linux, gpg comes with the Operating System. From Terminal (or CMD for Windows), type this command:
gpg --verify SHA256SUMS.asc
The exact spelling of the file name (in red) may be different on the day you fetch the file, so make sure the command matches with the filename as downloaded. You should get this output, and ignore the warning about the trusted signature – that just means you haven’t manually told the computer you trust the public key we imported earlier.
This ouput confirms the signature is good, and we are confident the private key of “email@example.com” signed the data (the hash report).
Now we should hash our downloaded zip file and compare the output as published. Note that in the SHA256SUMS.asc file, there is a bit of text that says “Hash: SHA512” which confuses me, as the file clearly has SHA256 outputs within, so I’m going to ignore that.
For Mac and Linux, open terminal, navigate to where the zip file was downloaded (probably you’ll need to type “cd Downloads” again, unless you haven’t closed the terminal since). By the way you can always check what directory you are in by typing PWD (“print working directory), and if this is all foreign, it’s useful to watch a quick YouTube video by searching “how to navigate the Linux/Mac/Windows file system”.
To has the file, type this:
shasum -a 256 BlockstreamGreen_MacOS_x86_64.zip
You should check what your file is called exactly, and modify the text in blue above if needed.
You’ll get an output like this (yours will differ if the file is different to mine):
Next, visually compare the hash output with what is in the SHA256SUMS.asc file. If they match, then –> SUCCESS! Congratulations.
Appendix B – About passphrases
A “wallet” has several meanings. Here I’m using it to describe the unique collection of 2^32 addresses that belong to the
- seed phrase (words)
- plus passphrase (your choice of text up to 100 characters)
- plus derivation path
Those 3 things, when combined, create a “wallet” –> roughly 4.3 billion receiving addresses each with a private key (and the same number of change addresses).
Don’t worry too much about the derivation path; in a way, it acts like a 2nd passphrase, and users should just leave this as a default, usually, m/84’/0’/0′; even advanced users shouldn’t edit these in my opinion. If during any wallet creation process, the derivation path is presented to you, it is good practice to write it down, although if lost and you never changed it, it won’t be too difficult to recover the “default” numbers.
Every time you turn on the Jade, you will have access to the 4.3 billion addresses that belong to the seed (no passphrase).
You can apply any passphrase you want (100 character limit) and when you do, the Jade forgets the original 4.3 billion address from its temporary memory (it only holds 1 collection of addresses at a time), and you get a fresh new set of addresses (a wallet) that belong to the original seed phrase plus the passphrase you chose.
When you turn off the device, all wallets disappear from memory (but not the seed of course). When you turn it on, you’ll be back to the original wallet with seed plus no passphrase. To get your passphrase wallet back, you have to apply the passphrase again. In this way, you can have limitless wallets (each with 4.3 billion addresses) that are derived from a single seed phrase (which you backed up.).
If you ever lose the device, you can simply buy another, or a different branded one if you choose, restore the seed you have kept safe, and you’ll get your original wallet back. You can then apply any passphrase to get your passphrase wallets back (and the bitcoin in them of course). Your bitcoin is not bound to the Jade device, it is bound to the BIP-39 (Bitcoin Improvement Proposal 39) protocol. You can learn more about this protocol by following the instructions in this fun exercise.
You can apply the passphrase when you first turn on the Jade device – it will give you a prompt to do so.
Remember if you ever want to “export” a wallet from the device to make a watching wallet (don’t worry if you don’t know what that means for now), you need to have the correct wallet in memory at the time you make the export; either the wallet with no passphrase or a wallet from one of your passphrases.
Static Lightning Address: firstname.lastname@example.org