Store xpubs unencrypted, remove password from viewing flow
All checks were successful
check / check (push) Successful in 12s
All checks were successful
check / check (push) Successful in 12s
Xpubs and derived addresses stored unencrypted in extension storage for instant read-only access without a password. Password will only be required for signing transactions (not yet implemented). Real addresses now derived from mnemonic via ethers HDNodeWallet at wallet creation time. Removed lock screen, password fields, and Lock button. BIP-39 mnemonic validation added. README updated with split storage model documentation.
This commit is contained in:
46
README.md
46
README.md
@@ -151,33 +151,29 @@ menus.
|
||||
|
||||
The popup has the following views, switched via simple show/hide:
|
||||
|
||||
1. **Lock**: Password input + Unlock button. Shown when the wallet is locked or
|
||||
on first open after browser restart.
|
||||
2. **Welcome**: Shown on first use. Two options: "Add wallet" (recovery phrase
|
||||
based) and "Import private key". Password is set during the first wallet
|
||||
addition.
|
||||
3. **Add wallet**: A unified view for both creating and importing recovery
|
||||
1. **Welcome**: Shown on first use. Single "Add wallet" button.
|
||||
2. **Add wallet**: A unified view for both creating and importing recovery
|
||||
phrase wallets. The recovery phrase text area starts empty. A clickable die
|
||||
button `[die]` generates a random 12-word phrase and fills it in. If the user
|
||||
already has a phrase, they paste it directly. When the die is clicked, a
|
||||
warning box appears reminding the user to write the phrase down. Password
|
||||
fields are shown only on first use.
|
||||
4. **Import private key**: Paste a private key. This creates a wallet with a
|
||||
single address. Password fields shown only on first use.
|
||||
5. **Main**: All wallets listed, each showing its addresses with truncated
|
||||
address and ETH balance. "+" next to recovery phrase wallets to add another
|
||||
address. "+ Add wallet" and "+ Import private key" buttons at the bottom.
|
||||
Settings and Lock buttons in the header. Future: a sub-heading showing total
|
||||
portfolio value in USD (and eventually other currencies).
|
||||
6. **Address detail**: Full address (click to copy), ETH balance, USD value
|
||||
warning box appears reminding the user to write the phrase down. No password
|
||||
required — the xpub is derived and stored for read-only access.
|
||||
3. **Import private key**: Paste a private key. This creates a wallet with a
|
||||
single address.
|
||||
4. **Main**: All wallets listed, each showing its addresses (full, untruncated)
|
||||
and ETH balance. "+" next to recovery phrase wallets to add another address.
|
||||
"+ Add wallet" at the bottom. Settings button in the header. Future: a
|
||||
sub-heading showing total portfolio value in USD (and eventually other
|
||||
currencies).
|
||||
5. **Address detail**: Full address (click to copy), ETH balance, USD value
|
||||
(future), Send/Receive buttons, token list with "+ Add" button.
|
||||
7. **Send**: Token selector, recipient address, amount. Cancel returns to
|
||||
6. **Send**: Token selector, recipient address, amount. Cancel returns to
|
||||
address detail.
|
||||
8. **Receive**: Full address displayed with "Copy address" button.
|
||||
9. **Add token**: Enter contract address. The extension looks up the token
|
||||
7. **Receive**: Full address displayed with "Copy address" button.
|
||||
8. **Add token**: Enter contract address. The extension looks up the token
|
||||
name/symbol automatically.
|
||||
10. **Settings**: Network (RPC endpoint URL) with explanatory text.
|
||||
11. **Approval**: When a website requests wallet access or a signature, shows
|
||||
9. **Settings**: Network (RPC endpoint URL) with explanatory text.
|
||||
10. **Approval**: When a website requests wallet access or a signature, shows
|
||||
the site origin, request details, and Allow/Deny buttons.
|
||||
|
||||
### External Services
|
||||
@@ -256,8 +252,12 @@ project owner.
|
||||
|
||||
- **No framework**: The popup UI is vanilla JS and HTML. The extension is small
|
||||
enough that a framework adds unnecessary complexity and attack surface.
|
||||
- **Encrypted storage**: Recovery phrases and private keys are encrypted at rest
|
||||
in the extension's local storage using libsodium. The encryption scheme:
|
||||
- **Split storage model**: Public data (xpubs, derived addresses, token lists,
|
||||
balances) is stored unencrypted in extension local storage so the user can
|
||||
view their wallets and balances at any time without entering a password.
|
||||
Private data (recovery phrases, private keys) will be encrypted at rest using
|
||||
libsodium — a password is only required when the user needs to sign a
|
||||
transaction or message. The encryption scheme for private data:
|
||||
- The user's password is run through Argon2id (`crypto_pwhash`) to derive a
|
||||
256-bit encryption key. Argon2id is memory-hard, making GPU/ASIC brute
|
||||
force attacks expensive.
|
||||
|
||||
Reference in New Issue
Block a user