Add an API option to export a seed phrase

[westonb7]

What problem are you trying to solve?
We're looking for ways to integrate SeedQuest (https://github.com/reputage/seedQuest) with MetaMask, and after exploring the options available through plugins, determined that a plugin wouldn't quite work for what we're trying to accomplish.

Describe the solution you'd like
We want to allow MetaMask users to export their seed phrase directly to an external Dapp or website, which could be used to allow the user to rehearse their seed phrase recovery in SeedQuest.

Additional context
Exporting a seed phrase to SeedQuest would ideally be an optional choice that would happen during the onboarding process. This would require an informing prompt, and would be a source of user friction.

We (the SeedQuest team) would be happy to collaborate and help out in any way we can.

[westonb7]

I'm looking into making a separate branch to add this functionality in via pull request, and am wondering what would be the best way to do this? After looking into the code it seems like the way to go is to add a new permission to allow retrieval of seed phrases, as well as adding a method to the middleware provider to retrieve a seed phrase on request from ethereum.send()

[westonb7]

I've gotten a proof of concept working for exporting a seed phrase - by adding a new method to the permissions controller at /app/scripts/permissions/index.js, and by adding a case ('wallet_requestSeed') to the switch statement in the middleware provider in /app/scripts/permissions/methodMiddleware.js. This can be called in a webpage using ethereum.send('wallet_requestSeed').

It seems like this isn't the best place to put these functions, but I'm not sure where would be a better place for them. Where would it be best to put these functions?

Also this can be accessed using the normal permissions requested using ethereum.send('eth_requestAccounts'); but due to the sensitive nature of exporting a seed phrase, this should ideally require the webpage to request a different permission, and warning the user when it does so. How can I add a custom permission for this functionality?

[westonb7]

I've made a fork with my proof-of-concept here: https://github.com/reputage/metamask-extension/tree/Seed-phrase-exporting

Again, it can export the seed phrase for a user's primary HD keyring, but I'd love to get some feedback on how to make it use a different permission so that it can't be accessed by default, and so that the user can be warned about the security risk.

[danfinlay]

Could you include a screen shot of your current seed-phrase exporting confirmation screen? The only way I could possibly entertain this API is if we had a strongly user-informing confirmation about the risks involved in exporting a seed phrase. It could help if you start with a proposal, but we may need to refine it.

One example:

The site at [X] would like your seed phrase.
This will allow the site to completely own and control all of your accounts and funds.
You should not accept this for any site you do not completely trust with all of your assets.

And couple this with some redundant confirmations. Maybe:

Are you sure? Please type "I trust this site completely" to proceed.

[westonb7]

I'm still working on creating a confirmation screen - I agree that there needs to be a strong user-informing confirmation, but I'm still trying to figure out where in the codebase to insert a confirmation screen.

I'm not familiar with proposals - where can I submit one?

[danfinlay]

You can open a design proposal here:
https://github.com/metamask/design/issues/new