1lightning-hsmtool -- Tool for working with software HSM secrets of lightningd 2============================================================================= 3 4SYNOPSIS 5-------- 6```bash 7lightning-hsmtool method [ARGUMENTS]... 8``` 9 10DESCRIPTION 11----------- 12 13**lightning-hsmtool** performs various operations on the `hsm_secret` 14file used by the software HSM component of **lightningd**. 15 16This can be used to encrypt and decrypt the `hsm_secret` file, 17as well as derive secrets used in channel commitments. 18 19METHODS 20------- 21 22 **encrypt** *hsm\_secret* *password* 23Encrypt the `hsm_secret` file so that it can only be decrypted at 24**lightningd** startup. 25You must give the option **--encrypted-hsm** to **lightningd**. 26The password of the `hsm_secret` file will be asked whenever you 27start **lightningd**. 28 29 **decrypt** *hsm\_secret* *password* 30Decrypt the `hsm_secret` file that was encrypted with the **encrypt** 31method. 32 33 **dumpcommitments** *node\_id* *channel\_dbid* *depth* *hsm\_secret* \[*password*\] 34Show the per-commitment secret and point of up to *depth* commitments, 35of the specified channel with the specified peer, 36identified by the channel database index. 37Specify *password* if the `hsm_secret` is encrypted. 38 39 **guesstoremote** *p2wpkh* *node\_id* *max\_channel\_dbid* *hsm\_secret* \[*password*\] 40Brute-force the private key to our funds from a remote unilateral close 41of a channel, in a case where we have lost all database data except for 42our `hsm_secret`. 43The peer must be the one to close the channel (and the funds will remain 44unrecoverable until the channel is closed). 45*max\_channel\_dbid* is your own guess on what the *channel\_dbid* was, 46or at least the maximum possible value, 47and is usually no greater than the number of channels that the node has 48ever had. 49Specify *password* if the `hsm_secret` is encrypted. 50 51**generatehsm** *hsm\_secret\_path* 52Generates a new hsm_secret using BIP39. 53 54 **dumponchaindescriptors** *hsm_secret* \[*password*\] \[*network*\] 55Dump output descriptors for our onchain wallet. 56The descriptors can be used by external services to be able to generate 57addresses for our onchain wallet. (for example on `bitcoind` using the 58`importmulti` or `importdescriptors` RPC calls) 59We need the path to the hsm_secret containing the wallet seed, and an optional 60(skip using `""`) password if it was encrypted. 61To generate descriptors using testnet master keys, you may specify *testnet* as 62the last parameter. By default, mainnet-encoded keys are generated. 63 64BUGS 65---- 66 67You should report bugs on our github issues page, and maybe submit a fix 68to gain our eternal gratitude! 69 70AUTHOR 71------ 72ZmnSCPxj <<ZmnSCPxj@protonmail.com>> wrote the initial version of 73this man page, but many others did the hard work of actually implementing 74**lightning-hsmtool**. 75 76SEE ALSO 77-------- 78 79lightningd(8), lightningd-config(5) 80 81RESOURCES 82--------- 83 84Main web site: <https://github.com/ElementsProject/lightning> 85 86COPYING 87------- 88 89Note: the modules in the ccan/ directory have their own licenses, but 90the rest of the code is covered by the BSD-style MIT license. 91Main web site: <https://github.com/ElementsProject/lightning> 92 93