- Edited
Summary
Cosmic.link is the next-gen solution for signing Stellar transactions from various applications without granting them control over your account.
Cosmic.link is user-friendly, open-source, vendor-neutral, community-designed, and production-ready.
Goals
- Provide a user-friendly yet secure way to explore the Stellar ecosystem.
- Provide a standardized solution for passing transaction requests between applications and wallets.
- Provide useful open-source libraries to the community.
- Raise awareness around issues related to asymmetric cryptography & the cryptocurrency security model.
- More specifically, raise awareness around the one golden rule in crypto: "Never share your private key!".
At that time, those goals have been met − except of course the part about informing the community which is a never-ending task. Most of the work is currently focused on continuous improvement, communication, and partnerships.
Description
CosmicLink is a project made of several components: an open protocol, a web front-end and several open-source libraries.
Please keep in mind that the front-end (Cosmic.link) is only the emerged part of the iceberg.
What is Cosmic.link?
Cosmic.link is a solution for signing Stellar transactions from various applications without granting them control over your account.
Each CosmicLink contains a request that is displayed on your screen. Then, you can pass it to your wallet where the transaction can be double-checked & safely signed.
Your secret key never leaves your wallet, as it is meant to be.
Why Cosmic.link?
Before Cosmic.link, Stellar applications had two ways to have you sign transactions:
- Have you create and fund a new Stellar account, which they would control.
- Ask for your secret key.
Having as many accounts as applications is painful, and sharing secret keys is dangerous. Cosmic.link solved it all thanks to an innovative solution: transaction requests.
How does Cosmic.link work?
Transaction requests get encoded into what is called a query string
for the purpose of passing them into normal web links:
?type=payment&destination=tips*cosmic.link&amount=20
Transaction requests can then get passed to any compatible service by using their address:
https://cosmic.link/${tx_request}
${handler}${tx_request}
When applications generate those links, they choose which handler to use (it doesn't have to be Cosmic.link). Here's, for example, the request on the cosmic-lib demo interface.
In some cases, it is possible to pass the request directly to the users' wallets. For example, here's the same request pointed at Stellar Authenticator. (You can view it by clicking Guest Mode
)
In other cases, wallets don't use the same format for transaction requests, and conversion has to happen. Cosmic.link does it under the hood.
Which Services are Compatible?
Thanks to its open design, CosmicLinks can be implemented in any software, independently from any organization or service. There's a growing list of compatible services, some of them being well-known to the community:
Applications:
- Equilibre.io: Portfolio balancer.
- Cgig.app: Stellar marketplace.
- StellarPay.com: Shopify payment plugin.
- Lumenthropy.com: Donations to NGO.
- PublicNode.org: Community full nodes.
- r/stellar Photons: Reddit community points for Stellar.
- NiceTrade.co: Stellar Decentralized Exchange interface.
Wallets:
- Ledger Wallet
- Trezor
- Stellar Authenticator
- Keybase
- Lobstr*
- StellarTerm*
- Stellar Laboratory (dev tool)
*: For now, those wallets only support a subset of possible transactions.
Libraries
Cosmic.plus philosophy is to provide the community with as many reusable components as possible. Some of them are among the most downloaded Stellar libraries, which is greatly motivating!
The following libraries have been developed in the context of the CosmicLink project:
cosmic-lib
This is the JavaScript implementation of CosmicLinks. It features helpers to create transaction requests:
const { CosmicLink } = require("cosmic-lib")
// Create a request.
const txRequest = new CosmicLink({
network: "test",
memo: "Hello, World!",
maxTime: "+5"
}).addOperation("payment", {
destination: "tips*cosmic.plus",
amount: 20
})
// Open the signing interface.
txRequest.open()
It also provides helpers for wallets to receive and sign transactions:
const { CosmicLink } = require("cosmic-lib")
// Configuration.
const network = "public"
const source = keypair.publicKey()
// Parse, sign & send the transaction.
const txRequest = new CosmicLink(location.search)
await txRequest.lock({ network, source })
txRequest.sign(keypair)
const response = await txRequest.send()
@cosmic-plus/ledger-wallet, @cosmic-plus/trezor-wallet
Popular hardware wallets support, as simple as it can be:
const ledgerWallet = require("@cosmic-plus/ledger-wallet")
// Connect with the device.
await ledgerWallet.connect()
// Get the public key.
const pubkey = ledgerWallet.publicKey
// Sign a transaction.
await ledgerWallet.sign(transaction)
@cosmic-plus/tx-result
A convenient helper that tells you if a transaction has been validated, and if not, what went wrong:
const TxResult = require("@cosmic-plus/tx-result")
const result = new TxResult(horizonTxResponse)
// {
// validated: false,
// title: "The transaction has been rejected",
// errors: [
// "Operation 1: The destination account doesn't exist."
// ]
// }
Other Contributions
The very nature of CosmicLink is to make connections with other developers and open-source projects.
As the Cosmic.link maintainer, I'm constantly checking over projects such as stellar-sdk
, @ledgerhq
and trezor-connect
.
I'm writing bug reports and pull requests to them when necessary. Lately, this led to major improvements in Trezor wallet support. At that time, I'm working on getting the new Stellar operations into Ledger & Trezor firmware (manageBuyOffer
, pathPaymentStrictSend
). #Ledger #Trezor
I'm also cooperating with community projects that are looking into using Cosmic.link. For example, I've recently worked with StellarAuth
, StellarPay
, Lumenthropy
, PublicNode
, and r/stellar community
.
Future
The development of CosmicLink is centric to Cosmic.plus (hence the name). It's been continuously developed since two years, and there's more ahead. Here are the ongoing developments:
- Publish comprehensive, not-so-technical documentation.
Publish explanations about how to host an alternative CosmicLink relay.- Publish a library that makes high-level integration even easier.
Publish a TxRequest library that doesn't depend on StellarSdk (450kb).- Design a solution for applications to acquire user publicKey/wallet.
- Provide helpers for short-circuiting Cosmic.link (direct application-wallet communication).
Links
Application: Cosmic.link
Organization: Cosmic.plus | @GitHub | @NPM | @CodePen
Weekly updates: Reddit | Twitter
Your vote matters
Cosmic.link is an ambitious open-source project. Because it doesn't receive direct funding, community support is critical in financing its continuous development. Thank you!