search

htczion / ZKMA

Zion Key Management Api
Other
38 stars 15 forks source link

Clarifying accounts/keys question #4

Open mikeshultz opened 4 years ago

mikeshultz commented 4 years ago

Doesn't look like I'm getting the same address derived from getReceivePublicKey(60, 0) as is displayed in the Ethereum wallet of the Zion mobile app. Should apps built using ZKMA/ZKMS share the same keys as the Zion mobile app? Or does the unique ID/sha256 params given when registering change the derived private key used for that instance?

I think for my use case, I'd prefer to use the same account users already have (via the Zion mobile app) so the app doesn't have to deal with generating accounts and funding them to onboard users. Is that doable or not intended functionality? Any clarification on this would be appreciated.

htczion commented 4 years ago

Hi Mike,

In general, the app which use the ZKMA/ZKMS has responsibility to own the private key by itself.

Due to they are individual App instance, so it can't get the same public key as Zion Vault from getReceviePublicKey() even if you register the wallet by passing the same register parameters.

If you want to leverage the same account between Zion Vault and your App, there are two ways can do it.

  1. Request user to restore the same seed (12 key recovery phase) to both Zion vault and you App.

  2. Require the wallet information (ex : public key .. ) from Zion Vault directly. (https://github.com/htczion/ZionVaultSDK/wiki#3-application-based-integration) BTW, for highly trusted operation (ex : sign transaction ...), let your App becomes the trusted partner App of Zion Vault is required. (https://github.com/htczion/ZionVaultSDK/wiki#35-getting-zion-vault-wallet-id), But it is not suggested for Independent developer because some security process needs to be done first( ex: contact Zion team to sign the NDA ... )

I hope it helps you.

mikeshultz commented 4 years ago

Some questions regarding the second option:

Is the walletId returned by IZionWalletServiceAPIs.getZionWalletId() the same as unique_id as you'd get with register() in ZKMA? Trying to figure out how these two relate since IZionWalletServiceAPIs doesn't appear to be able to sign transactions?

getZionWalletId is a high risk API, and requires you to provide the SHA-256 hash of the key used to sign your app to HTC

Is there a way to test this before going through the NDA and key sharing process?

joshfraser commented 4 years ago

Who's the best contact at Zion for kicking off the NDA and key-sharing process?

htczion commented 4 years ago

Hi Mike,

The unique wallet id is the important key entry for accessing seed(private key) on TEE.

For example :

Zion Vault acquires the unique wallet Id (0x123456) via ZKMA register method, if your app is the partner app of Zion Vault, use IZionWalletServiceAPIs.getZionWalletId() could let you to retrieve the same unique wallet Id (0x123456) from Zion Vault.

Once your app got the Zion Vault's unique id, you can use it to sign the transacion (TUI for user confirm is needed) mZKMA.signTransaction(unique_id... ) or other operations related to Zion Vault's unique_id. (unfortunately, it is not allow to test before sign the NDA)

Due to it is the violent way to touch the secret from Zion Vault, generally we would not recommend 3rd-party App use it.

Alternatively, if your App is just want to do signTransaction (ex : pay ethereum to buy something), you might consider to create the DApp (web3 API concept), Zion Vault has ability to interactive the operation with DApps via web3 API.

htczion commented 4 years ago

Who's the best contact at Zion for kicking off the NDA and key-sharing process?

Hi Josh, Please help to list and send your requirements to zion@htc.com We will review it and feedback to you.