feat: view private key for addresses (closes #19)
All checks were successful
check / check (push) Successful in 22s
All checks were successful
check / check (push) Successful in 22s
- Add 'Show Private Key' button to address detail view - Create dedicated password verification modal with warning text - Derive private key from HD wallet mnemonic or use directly for imported keys - Display key in read-only well with copy button - Add getPrivateKeyForAddress() to shared/wallet.js - Never log, cache, or auto-clear the private key - Document clipboard non-clearing policy in README
This commit is contained in:
19
README.md
19
README.md
@@ -835,6 +835,25 @@ Currently supported:
|
||||
- [ ] Multi-currency fiat display (EUR, GBP, etc.)
|
||||
- [ ] Security audit of key management
|
||||
|
||||
## Private Key Export
|
||||
|
||||
The address detail view includes a "Show Private Key" button. After entering the
|
||||
wallet password, the raw hex private key is displayed and can be copied to the
|
||||
clipboard.
|
||||
|
||||
We intentionally **do not clear the clipboard** after copying a private key:
|
||||
|
||||
1. **User expectations**: Clipboard clearing violates the principle of least
|
||||
surprise. Users expect their clipboard to contain what they last copied until
|
||||
they copy something else.
|
||||
2. **Data safety**: The user may copy something else important moments later. An
|
||||
auto-clear timer could destroy that unrelated clipboard content, causing data
|
||||
loss far worse than the theoretical risk it was meant to mitigate.
|
||||
|
||||
If a user chooses to display their private key, they have already been warned
|
||||
that it controls all funds at the address. Managing sensitive data on their own
|
||||
clipboard is their responsibility.
|
||||
|
||||
## Policies
|
||||
|
||||
- We don't mention "the other wallet" by name in code or documentation. We're
|
||||
|
||||
Reference in New Issue
Block a user