Storing private keys in our servers, cons and pros?


#1

Hi everyone, we in SAY team recently did some stuff with aeternity’s tools and SKDs. we are interested in contributing on aeternity’s gitHub projects as we believe that this community should be larger and more powerful. so we decided to dirty our hands with solving some basic issues of our project first, we developed an smart contract(with the help of aeternity online course at https://dacade.org/) that you can find it here and some python code with aeternity python SDK that we pushed it in our public repository here. first of all we will be happy to hear from our technical friends here about our work.
Second my question is that we want to create an aeternity account for every user that register in our mobile application, so is it a good way to generating aeternity account with our back-end (in Python) and store the user’s private key in our servers and send the public key to clients? in this scenario our back-end acts as a online wallet, and as you know, online wallets has their own risks. what are our alternatives?


#2

Hey @babak,

as you mentioned correctly storing managing private keys of users in a central backend is quite a high risk. I have written the æternity blockchain-provider for https://arkane.network/. This is a multi-chain wallet provider where users always need to provide their pin to sign transactions. They also provide the option to make the wallets recoverable in case you lose your pin. But it is the choice of the user to make the wallet recoverable or not.

I think this is quite a good way to solve that issue. Although it is still stored centralized.

æternity should be integrated and available very soon I hope. Maybe it is worth a look for you.

Regards,
Marco