Specify passphrase when signing instead of when storing a signer

[deepy420]

Is your feature request related to a problem? Please describe.

Even though the signer is encrypted in storage, I don't like that anyone who is able to get my FullyNoded app password will be able to view the passphrases of all of my signers.

Describe the solution you'd like

It would be better if the passphrase could optionally be left blank and instead provided each time at the time of signing.

Describe alternatives you've considered

An alternative is that it could indicate that a passphrase has been saved but not actually show it on the interface.

[Fonta1n3]

Hmm perhaps I will just hide it if one exists...

I am adding the ability to delete the seed words but keep the signer in public key format. This way the passphrase will be remembered but you would need to add the seed words in order to sign.

[deepy420]

For me at least, entering the seed words each time I want to sign would be extremely tedious. Instead, I'd prefer for the seed words to not be visible (no option to make them visible) and I'd like for the passphrase to not be remembered at all so that I need to enter that each time I sign.

With the current approach, if anyone gets my app password, they have all of the info for all of my signers. The passphrases and the seed. I'd prefer that there's no way to see all of that and that the pass phrase isn't stored or remembered at all. I have never seen the passphrase stored in any other wallet I've used (for example, electrum, sparrow, etc.) I consider it something that's only in my head, which protects the seed because even if anyone gets access to that, it's useless. Having them both there visible and together with just the app password makes me very uncomfortable.

[Fonta1n3]

Well the idea of a hot wallet is that it can automatically sign transactions... Sure I will add ability to delete it so that it can not automatically sign.

[Fonta1n3]

As a side note if someone getting your app password worries you I would recommend adding 2FA, that way they have no access to signing or wallets at all unless you are physically authenticating. settings > security center > enable 2FA. The next release refactors 2fa to make the UX a bit smarter, I would recommend giving it a try then.

[Fonta1n3]

I will add a setting which will then tell the app you want it to prompt you for a passphrase every time you go to sign a transaction 👍🏻

[deepy420]

Thank you!

The 2FA says that "it allows you to reset the app in case of lost passwords". Does that mean it can bypass the app password with the Apple sign in? I don't want that. It would be ok if it erases everything in the case of resetting the app because of a lost password.

Any chance of also not allowing all of the seed words to be seen? Maybe just giving the ability to see the first and last word and not the others? Perhaps that could be the default if the user chooses to enter a passphrase each time since that indicates that they want more of the info to be hidden.

[Fonta1n3]

The 2FA says that "it allows you to reset the app in case of lost passwords". Does that mean it can bypass the app password with the Apple sign in?

No. It only allows you to completely erase the app and its keychain incase you lost your password. This is different then deleting the app manually as keychain items (e.g.the password, encryption key etc) are not deleted then.

Any chance of also not allowing all of the seed words to be seen? Maybe just giving the ability to see the first and last word and not the others? Perhaps that could be the default if the user chooses to enter a passphrase each time since that indicates that they want more of the info to be hidden.

Ive added local authentication for showing seed words. I want to be able to see the seed words incase I lose a backup. Between 2FA, unlock password, biometrics, the new passphrase setting and the way I use encryption it is becoming Fort Knox. If that's not enough for you I suggest you try multisig as it fixes your concerns.

I have added the feature "prompt for passphrase" (v0.2.29 coming soon). You need to navigate to settings > security center > scroll to bottom and tap prompt for passphrase to enable and disable that setting.

When enabled it will always try to sign transactions as normal with whatever passphrase is saved to each signer. However if the transaction shows as unsigned at this point you can tap the sign button and it will prompt you for a passphrase, this passphrase will then overwrite all existing passphrases (or apply it to all existing seeds if no passphrase is saved at all) and attempt to sign the transaction with it in conjunction with your signers seed. It is a pretty cool feature.

[deepy420]

Perfect, thank you!!