Stellar has a great set of APIs which make it easy for people to write web-based tools such as online wallets and interfaces to the distributed exchange.
However, this requires a lot of trust when giving your private seed:
1. The person who wrote the tool is acting in good faith
2. The infrastructure that hosts the tool is secure
3. The path between you and the tool is secure
4. No one has injected malware / malicious code into the website, one of its dependencies, or a CDN
My solution to this is a Chrome extension (eventually an extension for all browsers) that stores your seed and gives information to websites only after you've approved it.
This reduces the ways that your key can be leaked and reduces the amount of people you have to trust:
- The code will be open source, so you can validate that the extension does what it claims and build/install it yourself
- The extension uses the minimum amount of privileges and DOES NOT have access to all websites. Chrome's security model requires that you enable the extension on a domain before it can access any information.
- The extension will sign transactions that the website you're using generates and your private seed will never be given out
Here's how it would work from a user's perspective:
- They go to http://example.com/fancy-stellar-exchange
- The user enables the extension for example.com and it is now able to communicate with the website
- The website requests the user's public address so it can check their balances and allow them to submit offers. The user is shown a dialog to approve giving their public address out.
- When the website needs to do something with the user's private key, it sends a transaction to the chrome extension for the user to sign.
- The user is shown the details of the transaction and can approve or reject it. The private key is never directly given to the website.
I'm far enough along on this project that I'd like feedback from people who are writing websites and tools for the Stellar network.
Planned high-priority features
2. Ability to share public address
3. Ability to sign any type of transaction
1. Hardware wallet support (Trezor, Ledger Nano)
If you're a developer, my questions are:
- Would you consider accepting a PR for integration with this extension or adding it to your project?
- Are there any other high priority features you would need in order to integrate it?
Thanks for reading and please comment with any other questions or suggestions!