Website https://stellar-authenticator.org Source-code https://github.com/MisterTicot/stellar-authenticator Previous SBC entry https://galactictalk.org/d/1130-stellar-authenticator-sign-transactions-securely-phone-app-web-app What is Stellar Authenticator Stellar Authenticator is a web application that can generate and store private keys on the user device. Its first purpose is to receive and sign transaction from external services, demonstrating how transaction can be passed over URI queries. With this software I'm aiming at simplicity, efficiency and security. This is part of the wider project of implementing cosmic links. More info is available at Understanding Cosmic Links What have been accomplished since last SBC The software have been totally rewritten and basically went from proof-of-concept to production-ready. Support for encrypted backups. The application stay consistent over multiple tabs. The whole code have been optimized and the application run smoothly even on low-end hardware. The application comply with latest web standard, in particular with the Progressive Web App standard. It means it can run offline after the first visit, and can be installed in most mobile environment directly from the website. Google is currently implementing a way to easily install those applications in desktop environment as well. The encrypted database have been carefully rewritten and optimized. The only runtime libraries are stellar-sdk, cosmic-lib (written by myself) and for encryption tweet-nacl (used in stellar-sdk as well) and scrypt-async (same author than nacl). All routines involving user interface / html handling / form handling have been written by myself to lower the probability of a security breach to be introduced by a runtime dependency. Those improvements have been implemented through cosmic-lib updates: Support for multi-operations transaction. Support for multi-signatures transaction/accounts. What's next The first round of features is now implemented. I'll release the first beta after re-working the graphical design. Then I'll start the second round of features implementation: Implement secure cloud syncing. Implement printed backups / encrypted paper wallets. Release the secure database as a npm package. Integration with external services (login interface). Make it easy to run the software locally. Anti-phishing protection. Those change will be implemented through next cosmic-lib updates: Support for SEP-0007. Support for DKIF & 2-FA with Stellar Guard. Support for ledger wallet. Support for signature/transaction sharing between accounts. A note about rebranding The Stellar Foundation did request that Stellar-related applications cease to put Stellar in their name to achieve clearer distinction between the Foundation itself and independent services. Changing domain is now difficult as the database where private keys are stored in the browser cache is domain-related. However, once cloud syncing is implemented this will be much easier and a rebranding will happens to comply with the foundation request.

Stellar Authenticator

MisterTicot

Website https://stellar-authenticator.org
Source-code https://github.com/MisterTicot/stellar-authenticator
Previous SBC entry https://galactictalk.org/d/1130-stellar-authenticator-sign-transactions-securely-phone-app-web-app

What is Stellar Authenticator

Stellar Authenticator is a web application that can generate and store private keys on the user device. Its first purpose is to receive and sign transaction from external services, demonstrating how transaction can be passed over URI queries. With this software I'm aiming at simplicity, efficiency and security.

This is part of the wider project of implementing cosmic links. More info is available at Understanding Cosmic Links

What have been accomplished since last SBC

The software have been totally rewritten and basically went from proof-of-concept to production-ready.

Support for encrypted backups.
The application stay consistent over multiple tabs.
The whole code have been optimized and the application run smoothly even on low-end hardware.
The application comply with latest web standard, in particular with the Progressive Web App standard. It means it can run offline after the first visit, and can be installed in most mobile environment directly from the website. Google is currently implementing a way to easily install those applications in desktop environment as well.
The encrypted database have been carefully rewritten and optimized.
The only runtime libraries are stellar-sdk, cosmic-lib (written by myself) and for encryption tweet-nacl (used in stellar-sdk as well) and scrypt-async (same author than nacl). All routines involving user interface / html handling / form handling have been written by myself to lower the probability of a security breach to be introduced by a runtime dependency.

Those improvements have been implemented through cosmic-lib updates:

Support for multi-operations transaction.
Support for multi-signatures transaction/accounts.

What's next

The first round of features is now implemented. I'll release the first beta after re-working the graphical design. Then I'll start the second round of features implementation:

Implement secure cloud syncing.
Implement printed backups / encrypted paper wallets.
Release the secure database as a npm package.
Integration with external services (login interface).
Make it easy to run the software locally.
Anti-phishing protection.

Those change will be implemented through next cosmic-lib updates:

Support for SEP-0007.
Support for DKIF & 2-FA with Stellar Guard.
Support for ledger wallet.
Support for signature/transaction sharing between accounts.

A note about rebranding

The Stellar Foundation did request that Stellar-related applications cease to
put Stellar in their name to achieve clearer distinction between the Foundation
itself and independent services. Changing domain is now difficult as the
database where private keys are stored in the browser cache is domain-related.
However, once cloud syncing is implemented this will be much easier and a
rebranding will happens to comply with the foundation request.