-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an API option to export a seed phrase #7364
Comments
I'm looking into making a separate branch to add this functionality in via pull request, and am wondering what would be the best way to do this? After looking into the code it seems like the way to go is to add a new permission to allow retrieval of seed phrases, as well as adding a method to the middleware provider to retrieve a seed phrase on request from ethereum.send() |
I've gotten a proof of concept working for exporting a seed phrase - by adding a new method to the permissions controller at /app/scripts/permissions/index.js, and by adding a case ('wallet_requestSeed') to the switch statement in the middleware provider in /app/scripts/permissions/methodMiddleware.js. This can be called in a webpage using ethereum.send('wallet_requestSeed'). It seems like this isn't the best place to put these functions, but I'm not sure where would be a better place for them. Where would it be best to put these functions? Also this can be accessed using the normal permissions requested using ethereum.send('eth_requestAccounts'); but due to the sensitive nature of exporting a seed phrase, this should ideally require the webpage to request a different permission, and warning the user when it does so. How can I add a custom permission for this functionality? |
I've made a fork with my proof-of-concept here: https://github.com/reputage/metamask-extension/tree/Seed-phrase-exporting Again, it can export the seed phrase for a user's primary HD keyring, but I'd love to get some feedback on how to make it use a different permission so that it can't be accessed by default, and so that the user can be warned about the security risk. |
Could you include a screen shot of your current seed-phrase exporting confirmation screen? The only way I could possibly entertain this API is if we had a strongly user-informing confirmation about the risks involved in exporting a seed phrase. It could help if you start with a proposal, but we may need to refine it. One example:
And couple this with some redundant confirmations. Maybe:
|
I'm still working on creating a confirmation screen - I agree that there needs to be a strong user-informing confirmation, but I'm still trying to figure out where in the codebase to insert a confirmation screen. I'm not familiar with proposals - where can I submit one? |
You can open a design proposal here: |
What problem are you trying to solve?
We're looking for ways to integrate SeedQuest (https://github.com/reputage/seedQuest) with MetaMask, and after exploring the options available through plugins, determined that a plugin wouldn't quite work for what we're trying to accomplish.
Describe the solution you'd like
We want to allow MetaMask users to export their seed phrase directly to an external Dapp or website, which could be used to allow the user to rehearse their seed phrase recovery in SeedQuest.
Additional context
Exporting a seed phrase to SeedQuest would ideally be an optional choice that would happen during the onboarding process. This would require an informing prompt, and would be a source of user friction.
We (the SeedQuest team) would be happy to collaborate and help out in any way we can.
The text was updated successfully, but these errors were encountered: