Telegram Cloud Storage - Githubissues

ctrlsa / smart-contract-wallet-Ethereum-Account-Abstraction-Telegram

R&D of possibilities, limitations & solutions to natively integrate self-custodial EVM smart-contract wallet in Telegram messenger. Non-profit public goods project supported by Ethereum Foundation grant

10 stars 6 forks source link

Telegram Cloud Storage #5

Open av-hr opened 2 months ago

av-hr commented 2 months ago

Encrypted private key is stored in Telegram Cloud via Telegram Bot API

Security Level: Medium Self-Custodial: No Pluses: Accessible across devices. Persists through app reinstalls. Minuses: Requires online access. Slightly slower than local storage.

anthhub commented 1 month ago

It is feasible to store the encrypted string obtained after encrypting the private key in tg cloudstorage

anthhub commented 3 weeks ago

Do we need to have the user save a pincode to encrypt the mnemonic phrase?

anthhub commented 3 weeks ago

Do we need more security strategies?

DS-jr commented 3 weeks ago

Do we need to have the user save a pincode to encrypt the mnemonic phrase?

Yes, this is one of possible variants.

DS-jr commented 3 weeks ago

Do we need more security strategies?

@anthhub

Let's start with a simple prototype: encrypted mnemonic storage using Telegram user ID, user pincode and random salt to encrypt the mnemonic phrase, storing it in Telegram’s Cloud and decrypting it during signing transactions.

Later we can update this prototype to improve security level

DS-jr commented 2 weeks ago

@anthhub , take a look at these links, please:

https://github.com/UselessStudio/TeleOTP

https://github.com/UselessStudio/TeleOTP/blob/main/src/managers/encryption.tsx

May be useful for your task about Telegram Cloud Storage