Stellar has a great set of APIs which make it easy for people to write web-based tools such as online wallets and interfaces to the distributed exchange. However, this requires a lot of trust when giving your private seed: 1. The person who wrote the tool is acting in good faith 2. The infrastructure that hosts the tool is secure 3. The path between you and the tool is secure 4. No one has injected malware / malicious code into the website, one of its dependencies, or a CDN My solution to this is a Chrome extension (eventually an extension for all browsers) that stores your seed and gives information to websites only after you've approved it. This reduces the ways that your key can be leaked and reduces the amount of people you have to trust: The code will be open source, so you can validate that the extension does what it claims and build/install it yourself The extension uses the minimum amount of privileges and DOES NOT have access to all websites. Chrome's security model requires that you enable the extension on a domain before it can access any information. The extension will sign transactions that the website you're using generates and your private seed will never be given out Here's how it would work from a user's perspective: They go to http://example.com/fancy-stellar-exchange The user enables the extension for example.com and it is now able to communicate with the website The website requests the user's public address so it can check their balances and allow them to submit offers. The user is shown a dialog to approve giving their public address out. When the website needs to do something with the user's private key, it sends a transaction to the chrome extension for the user to sign. The user is shown the details of the transaction and can approve or reject it. The private key is never directly given to the website. I'm far enough along on this project that I'd like feedback from people who are writing websites and tools for the Stellar network. Planned high-priority features 1. Javascript API for easy integration with websites 2. Ability to share public address 3. Ability to sign any type of transaction Longer-term features 1. Hardware wallet support (Trezor, Ledger Nano) If you're a developer, my questions are: Would you consider accepting a PR for integration with this extension or adding it to your project? Are there any other high priority features you would need in order to integrate it? Thanks for reading and please comment with any other questions or suggestions!

Comments requested: secure browser extension

zcc

Stellar has a great set of APIs which make it easy for people to write web-based tools such as online wallets and interfaces to the distributed exchange.

However, this requires a lot of trust when giving your private seed:
1. The person who wrote the tool is acting in good faith
2. The infrastructure that hosts the tool is secure
3. The path between you and the tool is secure
4. No one has injected malware / malicious code into the website, one of its dependencies, or a CDN

My solution to this is a Chrome extension (eventually an extension for all browsers) that stores your seed and gives information to websites only after you've approved it.

This reduces the ways that your key can be leaked and reduces the amount of people you have to trust:

The code will be open source, so you can validate that the extension does what it claims and build/install it yourself
The extension uses the minimum amount of privileges and DOES NOT have access to all websites. Chrome's security model requires that you enable the extension on a domain before it can access any information.
The extension will sign transactions that the website you're using generates and your private seed will never be given out

Here's how it would work from a user's perspective:

They go to http://example.com/fancy-stellar-exchange
The user enables the extension for example.com and it is now able to communicate with the website
The website requests the user's public address so it can check their balances and allow them to submit offers. The user is shown a dialog to approve giving their public address out.
When the website needs to do something with the user's private key, it sends a transaction to the chrome extension for the user to sign.
The user is shown the details of the transaction and can approve or reject it. The private key is never directly given to the website.

I'm far enough along on this project that I'd like feedback from people who are writing websites and tools for the Stellar network.

Planned high-priority features
1. Javascript API for easy integration with websites
2. Ability to share public address
3. Ability to sign any type of transaction

Longer-term features
1. Hardware wallet support (Trezor, Ledger Nano)

If you're a developer, my questions are:

Would you consider accepting a PR for integration with this extension or adding it to your project?
Are there any other high priority features you would need in order to integrate it?

Thanks for reading and please comment with any other questions or suggestions!

umbrel

Looks good and as long as it doesn't require access to all websites I'd use it and happy to integrate into all my projects.
I'm trying to tackle it from another side, making an app for users to keep keys and sign transactions. but I can see how browser extension can be better if it shares my stellar address with a website. But to do that 2. in your list, doesn't it require permission to view all website content?

dzham

umbrel I'm trying to tackle it from another side, making an app for users to keep keys and sign transactions.

A wallet? ?

zcc

umbrel Great, thanks for the response!

Yes, once you give it access to a domain then it would be able to read any information from pages on that domain.

umbrel

dzham lol, yes. I'm just saying from payment links handling perspective

istrau2

@zcc Can you describe the extension/website communication in more detail? Will the extension inject an API into the page? Are you planning on having some sample integration code?

zcc

istrau2 As a website developer, you include a javascript file that allows you to easily detect when someone has the extension (which I'm calling StellarVault) installed.

If it is enabled, the extension injects an API into the web page that the javascript wrapper uses, so as a developer you only need to worry about a single file.

As an example for lupoex, this is some rough code for adding support to the login button:

// When the user visits the login page
if (StellarVault.isEnabled()) {
    // show a "Login with StellarVault" button
} else {
    // show the existing login form
}

/*
 * When the user clicks the "login with stellar vault button" make a call to
 * requstPublicKey(). At this point, the user is shown a prompt for which key
 * to share with lupoex.com
 */
StellarVault.requestPublicKey().then(function (success, publicKey) {
    if (success) {
        // user granted access, publicKey holds their public key
    } else {
        // user denied access, show an error message or fall back to a text box
    }
}

There will definitely be sample code and I plan to submit PRs to the more popular Stellar projects since I plan to use them as test cases while developing the extension's API.

istrau2

@zcc Ok, thanks.