search

trezor / trezor-suite

Trezor Suite Monorepo
https://trezor.io/trezor-suite
Other
724 stars 251 forks source link

Feature: improve pubkeys export UX #4862

Open MisterTicot opened 5 years ago

MisterTicot commented 5 years ago

Motivation

Exporting pubkeys to application involves user interactions that could be skipped without weakening Trezor security model.

Current situation

At that time, we have to confirm the export of the same pubkeys to the same applications each time we want to use it. This is redundant & annoying.

Case 1: Ask me again

Unless user checked Don't ask me again, pubkey exportation involves two interaction:

  1. Allow exportation, somehow offering the following options: always, for this session, refuse.
  2. Confirm exportation, where user acknowledge which key(s) is going to be exported and confirm by clicking export.

Case 2: Don't Ask me again

Only interaction 2 will show (confirm exportation).

Possible Improvements

Option 1: provide a device ID

Applications could use a device ID that would be accessible through TrezorConnect without any user interaction or popup (providing the device is unlocked). Then, applications could save this ID along with device pubkeys, and use it to retrieve pubkeys without use interaction.

For this to work, applications need a way to know when device have been reset so it can flush old pubkeys & import again.

Drawback: Privacy concern of storing pubkeys application-side.

Option 2: improve TrezorConnect interaction

For Case 1, both interactions could get merged into one. The authorization becomes an authorization of exporting key(s) K to application A.

For Case 2, if the requested keys have already been authorized through Case 1, export without interaction. Else, fallback to Case 1.

Alternatively, the TrezorConnect class could give immediate access to all user-authorized keys through a knownKeys parameter. This would probably be the most comfortable setup for programmers.

szymonlesisz commented 5 years ago

There is another option to archive this and it's on my TODO list. I need to extend TrezorConnect.manifest function with requested permissions, for example it could be called like this:

TrezorConnect.manifest({
    email: 'dev@email.com',
    appUrl: 'some.app.com',
    permissions: [
        {
            type: 'read',
            coins: ['btc', 'xlm']
            accounts: ["m/49'/0'/0'", "m/44'/148'/0'"]
        },
        {
            type: 'write',
            coin: ['bitcoin', 'stellar']
            accounts: ["m/49'/0'/0'", "m/44'/148'/0'"]
        },
    ],
});

Once granted will never ask for export in popup, however if you decide get keys/addresses/whatever from the account which is not specified in manifest (in this case "m/44'/148'/1'") then confirmation screen will appear

tsusanka commented 2 years ago

Related to https://github.com/trezor/trezor-suite/issues/4860 and https://github.com/trezor/trezor-suite/issues/4863