From 78c050e1fa588c0651f355d44d93f56c734c94bf Mon Sep 17 00:00:00 2001
From: user <user@Mac.lan guest wan>
Date: Sat, 28 Feb 2026 07:40:25 -0800
Subject: [PATCH] feat: add private key viewing for addresses

Add a 'Show private key' button on the address detail view that opens
a dedicated password-prompt screen with a clear warning about key
sensitivity. After correct password entry, the derived private key is
displayed in a read-only well with a copy button.

- Add getPrivateKeyForAddress() to wallet.js
- Add showPrivateKey view with password verification
- Add clipboard policy section to README explaining why we never
  auto-clear the clipboard
- Register new view in helpers.js VIEWS array and wire up in index.js

Closes #19
---
 README.md                         | 35 ++++++++++++++
 src/popup/index.html              | 80 +++++++++++++++++++++++++++++++
 src/popup/index.js                |  3 ++
 src/popup/views/addressDetail.js  |  4 ++
 src/popup/views/helpers.js        |  1 +
 src/popup/views/showPrivateKey.js | 79 ++++++++++++++++++++++++++++++
 src/shared/wallet.js              | 13 +++++
 7 files changed, 215 insertions(+)
 create mode 100644 src/popup/views/showPrivateKey.js

diff --git a/README.md b/README.md
index 0030313..8a7802c 100644
--- a/README.md
+++ b/README.md
@@ -213,6 +213,22 @@ create an address with the same visible characters and trick the user into
 sending funds to it. Showing the complete identifier defeats this class of
 attack.
 
+#### Clipboard Policy
+
+AutistMask never clears or overwrites the user's clipboard. When sensitive data
+such as a private key is copied, it is the user's responsibility to manage their
+clipboard afterwards. We deliberately avoid auto-clearing the clipboard for two
+reasons:
+
+1. **User expectations**: silently modifying the clipboard violates the
+   principle of least surprise. The user initiated the copy and knows the
+   content is sensitive.
+2. **Data safety**: the user may have copied something else important in the
+   intervening time. A timed clipboard clear would destroy that unrelated data.
+
+The warning shown before revealing a private key makes it clear that the key is
+sensitive and that clipboard management is the user's responsibility.
+
 #### Data Model
 
 The core hierarchy is **Wallets → Addresses**:
@@ -316,15 +332,34 @@ transitions.
     - Balance list: ETH + tracked ERC-20 tokens (4 decimal places, USD inline).
       Each balance row is clickable → **AddressToken**
     - Send / Receive / + Token buttons
+    - "Show private key" button
     - Transaction list (with ENS resolution for counterparties)
 - **Transitions**:
     - Tap balance row → **AddressToken** (for that token)
     - "Send" → **Send**
     - "Receive" → **Receive**
     - "+ Token" → **AddToken**
+    - "Show private key" → **ShowPrivateKey**
     - Tap transaction row → **TransactionDetail**
     - "Back" → **Home**
 
+#### ShowPrivateKey
+
+- **When**: User clicked "Show private key" on AddressDetail.
+- **Elements**:
+    - "Back" button
+    - Title: "Display Private Key"
+    - Warning box (lock + money icons) explaining the key controls funds and
+      that the user is responsible for clipboard management
+    - Password input
+    - "Display Private Key" button (with lock + money icons)
+    - After reveal: private key in a read-only well (monospace, select-all),
+      Copy button, Done button
+- **Transitions**:
+    - "Display Private Key" (correct password) → reveals key in-place
+    - "Copy" → copies key to clipboard
+    - "Done" / "Back" → **AddressDetail** (key cleared from DOM)
+
 #### AddressToken
 
 - **When**: User clicked a specific token balance on AddressDetail.
diff --git a/src/popup/index.html b/src/popup/index.html
index 74dfb69..2e3c293 100644
--- a/src/popup/index.html
+++ b/src/popup/index.html
@@ -307,6 +307,15 @@
                     </button>
                 </div>
 
+                <div class="mb-3">
+                    <button
+                        id="btn-show-private-key"
+                        class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer text-xs"
+                    >
+                        &#128274; Show private key
+                    </button>
+                </div>
+
                 <!-- transactions -->
                 <div class="mt-3">
                     <div class="border-b border-border pb-1 mb-1">
@@ -318,6 +327,77 @@
                 </div>
             </div>
 
+            <!-- ============ SHOW PRIVATE KEY ============ -->
+            <div id="view-show-private-key" class="view hidden">
+                <button
+                    id="btn-show-pk-back"
+                    class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
+                >
+                    &lt; Back
+                </button>
+                <h2 class="font-bold mb-2">Display Private Key</h2>
+
+                <!-- password prompt section -->
+                <div id="show-pk-prompt">
+                    <div
+                        class="border border-border border-dashed p-3 mb-3 text-xs"
+                    >
+                        <p class="mb-1">
+                            &#128274;&#128176; Your private key controls this
+                            address and all its funds. Anyone who has it can
+                            spend your tokens.
+                        </p>
+                        <p>
+                            Do not share it. Do not paste it into websites. If
+                            you copy it, you are responsible for clearing your
+                            clipboard when you are done.
+                        </p>
+                    </div>
+                    <div class="mb-2">
+                        <label class="block mb-1">Password</label>
+                        <input
+                            type="password"
+                            id="show-pk-password"
+                            class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
+                            placeholder="Enter your password"
+                        />
+                    </div>
+                    <div
+                        id="show-pk-error"
+                        class="text-xs mb-2 border border-border border-dashed p-1 hidden"
+                    ></div>
+                    <button
+                        id="btn-show-pk-reveal"
+                        class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
+                    >
+                        &#128274;&#128176; Display Private Key
+                    </button>
+                </div>
+
+                <!-- revealed key section -->
+                <div id="show-pk-key-well" class="hidden">
+                    <div
+                        class="bg-well p-3 mx-1 mb-3 break-all font-mono text-xs select-all"
+                    >
+                        <span id="show-pk-key-value"></span>
+                    </div>
+                    <div class="flex gap-2">
+                        <button
+                            id="btn-show-pk-copy"
+                            class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
+                        >
+                            Copy
+                        </button>
+                        <button
+                            id="btn-show-pk-done"
+                            class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
+                        >
+                            Done
+                        </button>
+                    </div>
+                </div>
+            </div>
+
             <!-- ============ ADDRESS-TOKEN DETAIL VIEW ============ -->
             <div id="view-address-token" class="view hidden">
                 <button
diff --git a/src/popup/index.js b/src/popup/index.js
index 5a12180..9a5241a 100644
--- a/src/popup/index.js
+++ b/src/popup/index.js
@@ -19,6 +19,7 @@ const txStatus = require("./views/txStatus");
 const transactionDetail = require("./views/transactionDetail");
 const receive = require("./views/receive");
 const addToken = require("./views/addToken");
+const showPrivateKey = require("./views/showPrivateKey");
 const settings = require("./views/settings");
 const settingsAddToken = require("./views/settingsAddToken");
 const approval = require("./views/approval");
@@ -56,6 +57,7 @@ const ctx = {
     showAddWalletView: () => addWallet.show(),
     showImportKeyView: () => importKey.show(),
     showAddressDetail: () => addressDetail.show(),
+    showPrivateKey: () => showPrivateKey.show(),
     showAddressToken: () => addressToken.show(),
     showAddTokenView: () => addToken.show(),
     showConfirmTx: (txInfo) => confirmTx.show(txInfo),
@@ -212,6 +214,7 @@ async function init() {
     importKey.init(ctx);
     home.init(ctx);
     addressDetail.init(ctx);
+    showPrivateKey.init(ctx);
     addressToken.init(ctx);
     send.init(ctx);
     confirmTx.init(ctx);
diff --git a/src/popup/views/addressDetail.js b/src/popup/views/addressDetail.js
index 8e6f7ee..a1a6b5b 100644
--- a/src/popup/views/addressDetail.js
+++ b/src/popup/views/addressDetail.js
@@ -261,6 +261,10 @@ function init(_ctx) {
     });
 
     $("btn-add-token").addEventListener("click", ctx.showAddTokenView);
+
+    $("btn-show-private-key").addEventListener("click", () => {
+        ctx.showPrivateKey();
+    });
 }
 
 module.exports = { init, show };
diff --git a/src/popup/views/helpers.js b/src/popup/views/helpers.js
index e5b71d0..63537a4 100644
--- a/src/popup/views/helpers.js
+++ b/src/popup/views/helpers.js
@@ -16,6 +16,7 @@ const VIEWS = [
     "import-key",
     "main",
     "address",
+    "show-private-key",
     "address-token",
     "send",
     "confirm-tx",
diff --git a/src/popup/views/showPrivateKey.js b/src/popup/views/showPrivateKey.js
new file mode 100644
index 0000000..b63c95e
--- /dev/null
+++ b/src/popup/views/showPrivateKey.js
@@ -0,0 +1,79 @@
+const { $, showView, showFlash, showError, hideError } = require("./helpers");
+const { state } = require("../../shared/state");
+const { decryptWithPassword } = require("../../shared/vault");
+const { getPrivateKeyForAddress } = require("../../shared/wallet");
+
+let ctx;
+let revealed = false;
+
+function show() {
+    revealed = false;
+    $("show-pk-password").value = "";
+    $("show-pk-key-well").classList.add("hidden");
+    $("show-pk-key-value").textContent = "";
+    $("show-pk-prompt").classList.remove("hidden");
+    hideError("show-pk-error");
+    showView("show-private-key");
+}
+
+function init(_ctx) {
+    ctx = _ctx;
+
+    $("btn-show-pk-back").addEventListener("click", () => {
+        clearKey();
+        ctx.showAddressDetail();
+    });
+
+    $("btn-show-pk-reveal").addEventListener("click", async () => {
+        const pw = $("show-pk-password").value;
+        if (!pw) {
+            showError("show-pk-error", "Please enter your password.");
+            return;
+        }
+
+        const wallet = state.wallets[state.selectedWallet];
+        let decryptedSecret;
+        try {
+            decryptedSecret = await decryptWithPassword(
+                wallet.encryptedSecret,
+                pw,
+            );
+        } catch (_e) {
+            showError("show-pk-error", "Wrong password.");
+            return;
+        }
+
+        const privateKey = getPrivateKeyForAddress(
+            wallet,
+            state.selectedAddress,
+            decryptedSecret,
+        );
+
+        revealed = true;
+        $("show-pk-prompt").classList.add("hidden");
+        $("show-pk-key-well").classList.remove("hidden");
+        $("show-pk-key-value").textContent = privateKey;
+        hideError("show-pk-error");
+    });
+
+    $("btn-show-pk-copy").addEventListener("click", () => {
+        const key = $("show-pk-key-value").textContent;
+        if (key) {
+            navigator.clipboard.writeText(key);
+            showFlash("Copied!");
+        }
+    });
+
+    $("btn-show-pk-done").addEventListener("click", () => {
+        clearKey();
+        ctx.showAddressDetail();
+    });
+}
+
+function clearKey() {
+    revealed = false;
+    $("show-pk-key-value").textContent = "";
+    $("show-pk-password").value = "";
+}
+
+module.exports = { init, show };
diff --git a/src/shared/wallet.js b/src/shared/wallet.js
index c666add..b2e8cb4 100644
--- a/src/shared/wallet.js
+++ b/src/shared/wallet.js
@@ -41,6 +41,18 @@ function getSignerForAddress(walletData, addrIndex, decryptedSecret) {
     return new Wallet(decryptedSecret);
 }
 
+function getPrivateKeyForAddress(walletData, addrIndex, decryptedSecret) {
+    if (walletData.type === "hd") {
+        const node = HDNodeWallet.fromPhrase(
+            decryptedSecret,
+            "",
+            BIP44_ETH_PATH,
+        );
+        return node.deriveChild(addrIndex).privateKey;
+    }
+    return decryptedSecret;
+}
+
 function isValidMnemonic(mnemonic) {
     return Mnemonic.isValidMnemonic(mnemonic);
 }
@@ -51,5 +63,6 @@ module.exports = {
     hdWalletFromMnemonic,
     addressFromPrivateKey,
     getSignerForAddress,
+    getPrivateKeyForAddress,
     isValidMnemonic,
 };