search

XRPL-Labs / Xaman-Issue-Tracker

Bugs, improvements, suggestions & release progress (Project boards)
https://xumm.app
14 stars 9 forks source link

[Feature] Support air gapped signing #201

Open WietseWind opened 4 years ago

WietseWind commented 4 years ago

https://twitter.com/galgitron/status/1267936709951533056?s=21

Feature

Support air gapped signing: if fully offline and TX template in qr format (supported by string Decode) so with sequence etc.: sign offline and instead of submit/finish screen: show signed blob qr.

Process

  1. User ideally wipes phone
  2. User installs XUMM (online)
  3. User takes phone offline (Airplane mode), never to connect ever again. No sim card (for accidental cellular data) and no WiFi network configured.
  4. User opens XUMM, configures one or more account(s)
  5. XUMM will not be able to fetch account data, so XUMM will think the account has not been activated and has no balance. That's OK. (XUMM will display the "offline" dialog every cold start, too bad: just tap OK)
  6. The QR scanner icon in the XUMM home screen allows you to scan a QR code with a payload to sign. This payload should contain all relevant info, like Account, Sequence, etc.
  7. The Account in the payload must be configured in XUMM as Read/Write - Regular Key won't work as XUMM needs internet to detect the primary account has a regular key configured.
  8. After signing a full transaction from QR in full offline mode, the end result of the signing will be a screen with a QR code with the signed TX blob, for QR reading & submit elsewhere.
josepi90 commented 4 years ago

Wietse.. not sure if the following is feasible, but it was one thing i found lacking in toasts implementation. If would be useful to be able to sign the offline transaction but not submit instantly to the XRPL . Imagine a large transaction that requires extra security, with a pre-known destination address/ammount.. ideally one would pre-prepare the transaction ie, be able to create the signed transaction in one location ( private & secure), then be in another location ( with the receiver for example), and be able to submit this pre-signed transaction at the required moment ( for example a contract signing event) - i think people would prefer not to have to carry both offline and online parts with them for security purposes. As long as seq does not increase, can the online part be "held" for a period ? hope this makes sense.

WietseWind commented 4 years ago

Good one @josepi90 - Thanks for this! We'll add a "Share" dialog, so the signed HEX can be exported for submission later on.

@N3TC4T Let's export with a prefix using the /detect path, picked up by the String decoder that link will then later trigger a deeplink for submission.