search

superhero-com / superhero-wallet

Superhero Wallet – More than just a way to receive, store & send tokens on the æternity blockchain
https://wallet.superhero.com
ISC License
39 stars 38 forks source link

allow importing/exporting private keys #2291

Open nikita-fuchs opened 1 year ago

nikita-fuchs commented 1 year ago

Hey guys, I still can't import my dev account from automated testing to manually test the application in the frontend. Also I can't export a privat key I've used in communicating with my app through the frontend in order to do some programmatic debugging through scripts.

I know this is all due to everything only relying on mnemonic and account derivation, but maybe it's time to support regular private keys, too.

subhod-i commented 1 year ago

I know this is all due to everything only relying on mnemonic and account derivation, but maybe it's time to support regular private keys, too.

Interesting. IMO, This is a risky option for regular users(even developers). In the SH wallet we don't store private keys, The Mnemonic is the ultimate source of truth and the private keys are generated on demand whenever needed. If an advanced developer wants to export private keys from an open-source wallet, I assume they can clone the repository and export the keys.

davidyuk commented 1 year ago

Maybe this feature can be enabled in settings, or available only in non-mainnet, or have a special "developer" build of SW.

This is a risky option for developers.

Not at all because most of developers store the mnemonic phrase in a digital way in Notes app (or Telegram Saved Messages 😁). If they would store private keys this would be the same safe. Also, you already expose the mnemonic phrase in settings so the ability to export private keys separately won't make it less safe.

In the SH wallet we don't store private keys

But it stores unencrypted mnemonic phrase that is basically the same

As a workaround, Nikita can restructure test architecture, e.g. to use the same mnemonic phrase to generate accounts for testing.

For the record: several years ago we had team members who were strongly against private key importing because neither mnemonic phrases nor private keys should be in digital form, to keep wallet recovery simple. This also poorly working (with warnings/not supported) in other crypto wallets.

nikita-fuchs commented 1 year ago

Hey everyone, Metamask has been doing this since its inception, and it never showed any drawbacks. Let's not rediscuss proven best practices but get this obstacle out of the way 👌