Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Flow Providers: Non-custodial wallets #28 - Milestone 3 - Zay Codes Submission #88

Merged
merged 3 commits into from
Nov 4, 2021

Conversation

aishairzay
Copy link
Contributor

Flow Providers: Non-custodial wallets #28 - Milestone 3

Example: CLI Feature: State management - Milestone 1

Description

This PR is for issue #28 .

Previous milestone submissions here: #54 #84

  • We have completed functionality for milestone 3 of the non-custodial wallet.
  • For milestone 3 (this PR), we have created a fully functioning wallet Chrome extension with secure key management in the Chrome browser which supports end-to-end authentication and authorization functionality.

Submission Links & Documents

How keys are stored and used
When a user imports a new private key for their flow account, the wallet will prompt for the user's password. The password is required and used to encrypt the private key. The private key is then stored in chrome.storage.local (persistent browser storage limited to the scope of the installed extension. The stored keyVault looks like the following:
encrypted({ pubKey1: privKey1, pubKey2: privKey2 })

When a user would like to use the wallet, they must unlock the wallet. Unlocking requires the same password that was previously set on the first run at importing a Flow account to the wallet. The password provided was used as the encryption key to the aforementioned keyVault, and so password validity is checked against the ability to decrypt that object. If decryption is successful, the wallet is considered unlocked and the decrypted keyVault is stored in chrome.storage.session for temporary storage, or until the wallet is manually locked.

Also, a separate flow account is held in local storage unencrypted, and may have many public keys attached to it. The publickey to privatekey mapping is separate to the flow accounts. When running a transaction with a flow account, the wallet accesses the flow account, gets the first >=1000 weight public key, retrieves its corresponding private key, and then makes the needed signature.

Some GIFs of the extension working:

Authn + Preauthz + Authz
Popups are ugly right now, because we can not modify them per FCL. Currently using FCL's pop-up for the service type, but plan to use the new extension one when it is more ready, which we can then customize to look better:
https://gyazo.com/a0a2e39ad5fa474ee95fa97692ddd157

Popup UI
https://gyazo.com/99421332be463db4dcfa1ea133b2101c

Source and readme with information is here: https://github.com/Zay-Codes-Lab/zay-wallet <- Currently private, will be opened up later. Ping me on discord for fastest permission add (amit#4491)

Requirements Check

  • Have have you met the milestone requirements? Yes
  • Have you included tests (if applicable)? Yes - testing for all key storage related code can be run with npm run test
  • Have you met the contribution guidelines of the repos you have submitted code to (if applicable)? N/A

Other Details

  • Is there anything specific you'd like the PoC to know or review for?
    Same info as last milestone - the extension is currently reassigning chrome.storage.session to chrome.storage.local because FCL is unable to support Manifest V3 at this time. We have not yet, but will either expire the chrome.storage.local storage of unlocked keyVaults, or wait for chrome.storage.session to work prior to considering releasing anything publicly.

@gregsantos
Copy link

Reviewed as part of previous PR. Nice job team!

Copy link

@gregsantos gregsantos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀🚀🚀

@kerrywei
Copy link

kerrywei commented Nov 4, 2021

merge in the PR per Greg's comment. Congratulations team!

@kerrywei kerrywei merged commit 719dd3f into onflow:main Nov 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants