cf
commented
2 weeks ago Any progress on this? Would be happy to have some team members draft a PR if maintainers indicate that there is a chance of getting merged.
Open alexgleason opened 5 months ago
cf
commented
2 weeks ago Any progress on this? Would be happy to have some team members draft a PR if maintainers indicate that there is a chance of getting merged.
There is a need to store keys in the browser in a secure way, avoiding plaintext options like
localStorage.Brave Wallet supports only Ethereum signing options. But there is more potential, eg: https://github.com/nostr-protocol/nips/discussions/1045
The Web Crypto API is very powerful for one reason:
CryptoKeycan prevent access of the key data by settingextractable: false. Actually two reasons: you can store it like that in IndexedDB!This enables a flow were you can show a user their private key to copy down exactly once, and afterwards store their key in the browser so it can ONLY be used to sign. The result is almost as secure as a browser extension, except for the initial point of exposure.
It would enable the creation of much more secure in-browser wallets and sign-in mechanisms.
This has been raised to the W3C, which they closed because "Chrome doesn't want to support it": https://github.com/w3c/webcrypto/issues/82
I see Brave's role in the ecosystem as partly to advance the internet, but also to correct the behavior of Chrome. And since work is already being done with secp256k1, it might make sense to do it.