Ae safety problem, whether feasible

Hello, everyone
We all know that the private key and mnemonic should be kept on the client. If the TX is built, it should be placed on the server, and then sent to the client for confirmation before signing? Is it safe?

Clients shall not rely on a server to build a transaction for them - all transactions shall be build client side and approved there. AFAIK this is already the case, maybe with the only exception of call data production - this shall be accommodated client side as well.

Isn’t it the case that some wallet apps are signed after TX is generated by the server and confirmed by the client?

They shouldn’t be. I summon @milenradkov.chain who is the authority there :smiley:

2 Likes

As @dimitar.chain already said - they shouldn’t be signed after generated by 3rd party (server or else).

You can request transactions to be signed and boradcasted by the wallet (client side) from your app interface, by adapting it to use the AEX2 communication protocol for connectivity with user wallets. This will allow your clients to use the daepp without sharing their private keys (while keeping those in their wallets) or trusting 3rd party for TX creation.

3 Likes

@milenradkov.chain
Hi, brother, I have seen the agreement of AEX and I think it is great. But at present, if I want to make a wallet, I still have some problems.

  1. What should the wallet itself do? Did the authorities provide any examples?
  2. Are there any examples if AEPP is connected to the wallet?
  3. If the development language is not JS, SDK, such as object-C iOS system or Java Android system, can’t be used. What should I do at this time?

Here are examples for integrating an app with a wallet: https://github.com/aeternity/aepp-sdk-js/tree/develop/examples#vuejs-maintained-examples-to-run-in-the-browser

If you are using objective C or swift or something else for mobile development you can use deeplinks to interface to the user’s wallet app or remote connection to the wallet. https://github.com/aeternity/superhero-wallet/blob/develop/tests/pages/index.html

1 Like

@milenradkov.chain

Thank you for your patient answer
I am currently working on an eco-wallet similar to Base, which does not need to be connected to the wallet
What I mean is that as a wallet, how can other AEPPs connect to me? In the case that the wallet does not use JS-SDK itself, if JS-SDK is necessary, how can other AEPPs access it?