From 5cf0bae13b12ca42492f82631374de083265b931 Mon Sep 17 00:00:00 2001 From: Olemis Lang Date: Sun, 8 Dec 2019 11:48:20 -0500 Subject: [PATCH] [guides] refs #130 - Wallet encryption explained. Signing-only wallets documented --- content/dev-docs/guides/v2.wallet.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/content/dev-docs/guides/v2.wallet.md b/content/dev-docs/guides/v2.wallet.md index 853a513..ae6facf 100644 --- a/content/dev-docs/guides/v2.wallet.md +++ b/content/dev-docs/guides/v2.wallet.md @@ -17,7 +17,7 @@ Wallet also need to interact with the peer-to-peer network to get information fr This leaves us with four necessary, but separable, parts of a wallet system: a public key distribution subsystem, a set of signing strategies, a blockchain aware visor, and a networked component. In the subsections below, we will describe specific contracts and possible relations between them. -In most cases, wallet contracts are obliged to implement generic operations like setting and reading a human readable label. All wallets shall have an identifier. The wallet instance should facilitate a way to calculate balances of the addresses it owns or manages. +In most cases, wallet contracts are obliged to implement generic operations like setting and reading a human readable label. All wallets shall have an identifier. The wallet instance should facilitate a way to calculate balances of the addresses it owns or manages. `Wallet` interface defines this generic contract. To help protect against theft, the system offers users the option of encrypting the wallet files which contain the private keys. In order to provide support for multiple encryption strategies, this feature is betond wallet contract. @@ -29,11 +29,17 @@ Every altcoin plugin must provide a way to broadcast transactions for further co #### Full-Service Wallets -This kind of wallets perform three of the four main functions: it generates private keys, derives the corresponding public keys, helps distribute those public keys as necessary, monitors for outputs spent to those public keys, creates and signs transactions spending those outputs. It does not broadcast the signed transactions though. +This kind of wallets perform three of the four main functions: it generates private keys, derives the corresponding public keys, helps distribute those public keys as necessary, monitors for outputs spent to those public keys, creates and signs transactions spending those outputs. It does not broadcast the signed transactions though. Full-service wallets shall implement `FullWallet` interface contract. The main advantage of full-service wallets is that they are easy to implement. A single instance does everything the user needs to receive and spend coins. The main disadvantage of full-service wallets is that they store the private keys on a device connected to the Internet. The compromise of such devices is a common occurrence, and an Internet connection makes it easy to transmit private keys from a compromised device to an attacker. Encryption is not enough since that approach protects the private keys when they aren’t being used, but it cannot protect against an attack designed to capture the encryption key or to read the decrypted keys from memory. +#### Signing-Only Wallets + +To increase security, private keys can be generated and stored by a separate wallet strategy operating in a more secure environment. These signing-only wallets work in conjunction with the PEX subsystem which interacts with the peer-to-peer network. `TxnSigner` establishes the contract these wallets shall satisfy. + +Signing-only wallets programs typically use deterministic key creation (described in a later subsection) to create parent private and public keys which can create child private and public keys. At first, the signing-only wallet creates a parent private key and transfers the corresponding parent public key to the networked wallet. The later does the rest. Often, users are given a chance to review the unsigned transactions’ details (particularly the output details) using the signing-only wallet. After the optional review step, the signing-only wallet uses the parent private key to derive the appropriate child private keys and signs the transactions, giving the signed transactions back to the PEX for subsequent broadcast. +