Skip to content
This repository has been archived by the owner on Mar 11, 2024. It is now read-only.

Easy wallet export to mobile (first gen.) #437

Closed
mvaivre opened this issue Nov 23, 2022 · 3 comments
Closed

Easy wallet export to mobile (first gen.) #437

mvaivre opened this issue Nov 23, 2022 · 3 comments
Assignees
@nop33
Milestone
v2.0 - WalletConn...

Comments

@mvaivre
Copy link
Member

mvaivre commented Nov 23, 2022

Linked to #183.

Idea : we could encrypt the mnemonic and encode the resulting string in a QR code. Scanning this on the mobile wallet would ask the user for the same password used on the desktop wallet to encrypt the key.
If the password is correct, the wallet is recovered.

We could experiment with adding the metadata in the QR Code as well.

Let's see if we could ship this in 2.0.
@nop33
Copy link
Member

nop33 commented Nov 23, 2022

Since the password is not stored anywhere, the user would need to enter their password in order to encrypt the mnemonic and show the QR code. Actually, it won't have to be the same password. As long as the same password is used to encrypt the unencrypted mnemonic on the desktop wallet side, and the same password is used on the mobile wallet on the decrypting side, it will work. It could just be a temporary password, just for the transfer of the mnemonic. I like this approach more, personally, so that the user doesn't have to add their desktop wallet password on the mobile wallet (in principal, a password should not be used in more than 1 place, and for one purpose).

On a second note, do you think it's really necessary to encrypt the mnemonic before showing it in the QR code?

@mvaivre
Copy link
Member Author

mvaivre commented Nov 23, 2022
edited
Loading

  1. On the "temporary password" idea : it may be hard to explain the concept to the user. The less passwords the better. But let me clarify what I'm suggesting here:
  • User shows the "export QR code" on the desktop by entering their usual password, as they do when they want to display the mnemonic or simply enter the wallet.
  • On the mobile, the user scan the code and enter the password used on the desktop only once to allow decrypting the mnemonic and restoring the wallet. The password isn't stored nor used on the mobile. It's used only when restoring.

On a second note, do you think it's really necessary to encrypt the mnemonic before showing it in the QR code?

Yes. If for whatever reason a user displays the qr code in a public place (this can happen easily when playing with the app in a train or in a coffee...), anyone could snap a picture from afar and get the mnemonic. So easy.

@nop33 nop33 self-assigned this Nov 24, 2022
nop33 added a commit that referenced this issue Nov 24, 2022
@nop33
Export encrypted mnemonic via QR code
d1a6c66 
Related to #437
nop33 added a commit that referenced this issue Nov 24, 2022
@nop33
Export encrypted mnemonic via QR code
bae3878 
Related to #437
@nop33 nop33 mentioned this issue Nov 24, 2022
Merged
nop33 added a commit that referenced this issue Nov 26, 2022
@nop33
Export encrypted mnemonic via QR code
ac8d5e1 
Related to #437
@nop33
Copy link
Member

nop33 commented Dec 23, 2022

This was implemented in #440 and merged into the v2.0 branch, it can be closed.

@mvaivre mvaivre closed this as completed Jan 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nop33 nop33

Labels
None yet
Projects
None yet
Milestone
v2.0 - WalletConnect, dApps, tokens, ...
Development

No branches or pull requests
2 participants
@nop33 @mvaivre