Ae safety problem, whether feasible

Baixin.chain · November 2, 2020, 8:23am

Hello, everyone
We all know that the private key and mnemonic should be kept on the client. If the TX is built, it should be placed on the server, and then sent to the client for confirmation before signing? Is it safe?

dimitar.chain · November 2, 2020, 8:56am

Clients shall not rely on a server to build a transaction for them - all transactions shall be build client side and approved there. AFAIK this is already the case, maybe with the only exception of call data production - this shall be accommodated client side as well.

Baixin.chain · November 2, 2020, 9:33am

Isn’t it the case that some wallet apps are signed after TX is generated by the server and confirmed by the client?

dimitar.chain · November 2, 2020, 9:44am

They shouldn’t be. I summon @bruteforce.chain who is the authority there

bruteforce.chain · November 2, 2020, 10:23am

As @dimitar.chain already said - they shouldn’t be signed after generated by 3rd party (server or else).

You can request transactions to be signed and boradcasted by the wallet (client side) from your app interface, by adapting it to use the AEX2 communication protocol for connectivity with user wallets. This will allow your clients to use the daepp without sharing their private keys (while keeping those in their wallets) or trusting 3rd party for TX creation.

Baixin.chain · November 3, 2020, 12:52am

@bruteforce.chain
Hi, brother, I have seen the agreement of AEX and I think it is great. But at present, if I want to make a wallet, I still have some problems.

What should the wallet itself do? Did the authorities provide any examples?
Are there any examples if AEPP is connected to the wallet?
If the development language is not JS, SDK, such as object-C iOS system or Java Android system, can’t be used. What should I do at this time?

bruteforce.chain · November 3, 2020, 8:22am

Here are examples for integrating an app with a wallet: aepp-sdk-js/examples at develop · aeternity/aepp-sdk-js · GitHub

If you are using objective C or swift or something else for mobile development you can use deeplinks to interface to the user’s wallet app or remote connection to the wallet. superhero-wallet/index.html at develop · aeternity/superhero-wallet · GitHub

Baixin.chain · November 4, 2020, 12:41am

@bruteforce.chain

Thank you for your patient answer
I am currently working on an eco-wallet similar to Base, which does not need to be connected to the wallet
What I mean is that as a wallet, how can other AEPPs connect to me? In the case that the wallet does not use JS-SDK itself, if JS-SDK is necessary, how can other AEPPs access it?