search

bithyve / bitcoin-keeper

Secure today, plan for tomorrow. BIP 85 hot wallets, buy bitcoin, tor privacy.
https://bitcoinkeeper.app
MIT License
37 stars 12 forks source link

Remote Key sharing and signing #4938

Open antuz123 opened 1 month ago

antuz123 commented 1 month ago

Simplified Explanation and Detailed Flow for Remote Key Sharing and Signing

Objective: To implement a feature that allows users to share keys (External Keys or Advisor Keys) and sign transactions remotely using a 6-letter Key Sharing Code (KSC). Additionally, ensure that all non-server-based keys have the option for key sharing and signing.

Key Features:

  1. Remote Key Sharing:

    • Users can share their keys using a 6-letter Key Sharing Code.
    • The xPub of the key is stored on the relay encrypted with the KSC.
    • The receiver can enter the KSC to retrieve and decrypt the key.

  2. Remote Transaction Signing:

    • Users can sign external PSBTs using their keys.
    • The flow for signing will be similar to the key-sharing process.

  3. Adding Sharing and Signing Options for All Non-Server-Based Keys:

    • Ensure that all non-server-based keys have options for key sharing and signing.

Detailed Flow:

1. Remote Key Sharing

Step 1: Initiating Key Sharing

UI:

Step 2: Generating and Sharing the Code

UI:

Step 3: Entering the Code on the Receiving Device

UI:

Step 4: Retrieving and Decrypting the Key

Error Handling:

Security Consideration:

2. Remote Transaction Signing

Step 1: Initiating Transaction Signing

UI:

Step 2: Generating and Sharing the Code

UI:

Step 3: Entering the Code on the Signing Device

UI:

Step 4: Retrieving and Decrypting the Transaction

Step 5: Signing the Transaction

Step 6: Completing the Transaction

Error Handling:

Questions for Development:

  1. Is a 6-letter code with a 5-minute validity sufficient for security, or should we consider extending it to 8 or 12 letters?
  2. What are the best practices for securely generating, storing, and handling these codes to ensure maximum security and usability?

This approach ensures secure remote key sharing and transaction signing, enhancing the flexibility and security of the Bitcoin Keeper app. Additionally, by adding sharing and signing options for all non-server-based keys, we ensure a consistent and comprehensive user experience.

AreejKhalid21 commented 1 month ago

Screens/flow Completed for both transaction and Remote Key sharing Flow . Need some Content for the modal @ASN-BitHyve . Please provide content what text to display on alert in case of time out and user cannot receive the Remote Key because of it and also for transaction that if user clicks URL late and he is timed out and can't sign for transaction

https://www.figma.com/design/m5eMFTKD391AiJAXaEzgxB/Bitcoin-Keeper?node-id=209-1651&t=vLzfLsM4wBCRpQgE-1

Remote Key Sharing Receiving Flow Remote Transaction Flow modal

AreejKhalid21 commented 1 month ago

The flow is completed with all the required Content Now https://www.figma.com/design/m5eMFTKD391AiJAXaEzgxB/Bitcoin-Keeper?node-id=209-1651&t=mehzmGtxBmAIkysa-1

Suggestion: (Abhilash and me had a meeting last Friday and this point was highlighted) We should have a Notification Screen as well which will let users know if transaction has been signed or denied. Notification bar will be In App thing which will keep the users know about this important detail. @antuz123 , If its good to go and implementable then Let me know so I can work on this important Aspect as well.

AreejKhalid21 commented 3 weeks ago

The flow is ready to be picked up by Dev: https://www.figma.com/design/m5eMFTKD391AiJAXaEzgxB/Bitcoin-Keeper?node-id=209-1651&t=Ro4Mqs1Vth9S0ThR-1

Raheel1258 commented 3 days ago

@antuz123 The updated Flow and Ui is implemented in private repo.