In this post, we’ll explain how to connect your Blockstream Jade to a blind oracle on your own Umbrel node. This setup allows you to avoid relying on Blockstream’s servers and gives you complete independence. Follow here our blind oracle blockstream jade guide.
Blind Oracle Blockstream Jade
The Blockstream Jade hardware wallet doesn’t include a secure element, unlike some other hardware wallets, as part of its design philosophy focusing on transparency and security via open-source components. Blockstream emphasizes that the absence of a secure element allows Jade’s hardware and firmware to be fully open-source, making it auditable by anyone. Secure elements, although commonly used in hardware wallets for their secure storage capabilities, often come with proprietary firmware and black-box limitations, restricting users’ and developers’ ability to verify the security independently.
In place of a secure element, Jade relies on a PIN-protected blind oracle system. The blind oracle can be hosted by Blockstream or set up on a user’s own server, making it possible to secure the device even without a secure element. This approach balances transparency with security, allowing users the option of full control if they set up their oracle server and can thereby ensure Jade’s firmware behaves as intended.
Using Blockstream Jade, you are automatically connected to Blockstream’s blind oracle, a service that secures your PIN by isolating it from direct hardware access. However, if you’d like added autonomy or don’t fully trust external servers, you can set up your own blind oracle server on a local Umbrel node. This process lets you control your PIN security, allowing Jade to securely interact with your own server through a Tor or Tailscale network connection.
Blockstream provides its own guide here, which will help you to configure your own blind oracle. We have added some extra tips and details, so you get the setup without any errors.
Initial Requirements
To set up a personal blind oracle with Umbrel and Blockstream Jade, you have to take into account the following requirements:
- A device running Umbrel, it could be a raspberry Pi, a mini PC, etc…
- A Blockstream device that hasn’t been initialized (if already set up, you’ll need to perform a factory reset). To perform a factory reset, turn on Jade and access the boot menu by clicking (not holding) the select button once while the logo screen is showing. Select Factory Reset and enter the confirmation number to erase all data from Jade.
- At the blockstream guide, it is suggested that Tailscale shall be used, but it is only required if you are using your Jade with a companion app different that Blockstream Green (i.e. Sparrow, Electrum…). We recommend installing Tailscale app on umbrel, and registering with a GitHub account.
- If you are not using Tailscale, you should enable Remote Tor Access in Umbrel. You’ll also need to activate Tor on the device with the companion app you plan to use to unlock Jade.
Blind Oracle Blockstream Jade Setup
Once the requirements are met, we are going to set up a personal blind oracle with Umbrel and Blockstream Jade, following these steps:
- Install and Access the Blind Oracle App on Umbrel. Open your Umbrel dashboard, go to the App Store, and install the “Blockstream Blind Oracle” app.
- Power up your Blockstream Jade wallet and access its boot menu by clicking (not holding) the select button once while the logo screen is showing. Select Blind Oracle from the main options.
- Choose Scan Oracle QR, then use the QR code generated by the Umbrel app. Note that there are two options here, you can set up the blind oracle with the QR provided at: http://umbrel.local:3344/ (which would set up the Tor connection), or using the QR provided at: http://umbrel.local:3344/?urla=http://umbrel&urlb=http://[insert your onion address] (you can get your onion address from umbrel settings, as explained above). This second option would set up the blind oracle using Tailscale. Theoretically, if you are using a companion app different than Blockstream Green, Tailscale is the recommended option. In our case we have obtained better results with the Tor option and blockstream Green companion app.
- Confirm settings on the Jade device, which will link your wallet to the blind oracle on Umbrel.
- Connect your Jade to Green companion app, make sure that Tor connection is enabled if you are using the Tor QR code.
- You will get a warning message stating that you are not using the default blind oracle. Select the “Advanced” option and “Allow Non-Default Connection”. Once your Jade is connected, you will be able to set up your wallet it will receive price information and other verifiable data.
Now your device will be connected using your own blind oracle. If you want to learn how to get the most out of your hardware wallet, check out our guides.