-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to sign transaction manually #5640
Comments
Is this a dup of #4861? |
Actually, yes, it's only now there are more apps such as Parity Signer. And they support BTC, too, so maybe we need some protocol or interface for these flows. |
I want to implement this feature into Metamask as I think it is quite important to do. I base my stuff on develop branch. The way I plan it: External accounts can be imported, meaning you have to enter manually the account name. For those accounts when you want to sign something a window pops up with a QR code of the transaction json, and a place where you can insert the signed raw transaction to be sent to the system. The challenge is that we might need multiple qr codes for the raw transaction since the size of it can vary a lot. I am unfortunately not an expert in react, but will try hard. The trick with these accounts that we can not store their private keys, since the whole point of external account is separation of signing. I'm still investigating the code. |
@r001 nice, I would be happy to help!
I have tested, and QR can fit a lot of data. You just use smaller squares. I works well on smartphone cameras or on recent Macbook webcams. Moreover, we can respond not with signed tx, but pass only the signature itself.
Metamask supports Ledger, right? We can use this logic. |
|
@r001 https://ethereum.stackexchange.com/questions/1990/what-is-the-ethereum-transaction-data-structure
Thus, we only need to pass v,r,s |
Apparently you can save some space by using alphanumeric mode for 5.5 bits per character (rather than normal binary at 8 bits per char). I think error correction will also be an important consideration. QR codes can use built in Reed-Solomon correction but there is still a chance for the signing device to sign the wrong tx. I think the user interface needs a way for the user to be able to check the tx data (and not just by visually inspecting the individual bytes, this is too error prone because only a single byte needs to be off to have serious consequences). I think a checksum/hash on both sides (on the tx generator and the tx signer), and possibly an image representation of the hash (like some apps use to display addresses) is necessary. |
I'm done with importing the external account. Now Metamask sees the newly imported address nicely, all seems to work fine, except of course transferring anything. I had to make some modification to @charles-cooper Thanks for the idea! It is really important to have the right data to come through QR codes. If I have time for that, I will add that feature too. @caffeinum Thanks for the info. I will double check it in the yellow paper. BTW There is and incredible work behind Metamask, congrats to the devs! |
@r001 nice work! By the way, I'm starting to realize this is broader than just pertaining to metamask since it requires coordination between tx generators and tx signers (and tx broadcasters, if they are not the same as the tx generator). Perhaps there should be a discussion about standards around QR code signing flow. Would this be a good candidate for a standards track EIP? |
@charles-cooper I actually wrote already a very simple offline signer for android (that took the transaction to sign from parity) where the challenge was that the length of an ethereum transaction is arbitrary. I solved it by simply sending multiple QR codes and checked the sequence number. So in any case we might need to transfer multiple qr codes to the signer in case the data is too long, and of course there is the way back with the signed transaction: you can send the entire raw signed tx, or as @caffeinum has suggested, only the signature, which actually makes more sense, since it is a fixed length data. Yes, it makes sense to standardize it, since there is a clear protocol that must be made between tx creator and signer, so that multiple solutions can work together. |
We do that in our iOS demo app! It’s at https://flightwallet.org.
Do you want to cooperate on that and put our apps into the same place? We have a frontend for that, too. https://github.com/flightwallet |
@caffeinum I've just tested your flightwallet.org and recorded some demonstration of the working prototype. Transaction was signed successfully. I've transferred some tesnet BTC to the address that was generated by the app. |
I have a question rgarding implementation, maybe the devs can help me. As far as I see, there is two strategies to implement this:
I need a confirm from devs that in case of 1. and 2. I am on the right track. |
I'm still working on the code, hopefully finish soon. Please see transaction encoding document for efficient QR transmission. Note: there is no protocol for sending multiple QR codes. In the first version there will be only single QR code to send. |
@r001 I am not sure if we better continue the discussion here or move to your repo's issues section.
Also, to the payment protocol EIP: It would be a good idea to check up with BIP70. It's a similar thing for bitcoin, but without QRs. Probably, we can take something out of these. P.S. @r001 I put a star on your repo! 😬 |
@caffeinum: or just ‘ethereum:’ |
@caffeinum @charles-cooper The encoder and decoder has been created. Please find it at: The external signing feature is implemented into Metamask. I will do some more testing, and css tweeeking, and also have to rebase the code. |
Created the pull request here: |
@caffeinum @ohld @charles-cooper I was thinking to rename eths (as of Ethereum Signature Protocol) to ethq (Ethereum QR Code Transmission Protocol). The latter one makes more sense. |
@r001 I have some general comments on your protocol.
As I understand, URI scheme should say, which app you should launch, and not what's inside the link (e.g. Microsoft Office links, https://docs.microsoft.com/en-us/office/client-developer/office-uri-schemes). If it's so,
P.S. I will duplicate this to issues P.P.S. Found useful reference: ethereum/EIPs#831 |
Can anyone tell me how can i do transaction without asking user private key, as i am developing in my mobile app so no option for metmask |
I am writng the code in C# using netherium of microsoft, Any kind of help is deeply appreciated |
@RAFI-006 you should look into Ethereum docs, more specifically, into netherium docs. This issue is a wrong place to look for an answers. Basically, you'll need to know a sender address and you can build a raw transaction manually, but you still need to sign it with user private key afterwards. See example for |
@r001 As I understand it, you are working on this feature in #6267, right? Also it seems that the majority of the work is handling the data transfer / offline-signing part. Would it make sense to try and merge just the "watch-only account" part initially, while finalising the signing? At least for me, having watch-only addresses (even if I can't transact with them through MetaMask) would already be a huge feature improvement. |
@domob1812 Hi, thank you for the interest in this feature. Actually I have been using this feature for more than a year, it works perfectly. Since for some reason (EDIT: actually the reason was partly that I was very new with node, and some concepts I just did not know about :) ) it still did not get merged I have to rebase the code for the newer versions all the time. I think I have done at least 3 updates. Maybe I will do some rebase in the coming months, so you can actually use it for signing, and of course you can do the watch-only too. |
I'm also interested in this feature! Can I beta test it? :) |
If you can build it yourself, then you can already use this code at #6267. I have just rebased it to v8.0.9 of Metamask. As it is not even included into official code as of yet, you need to use it with extreme caution, and NOT in production environment. |
just checking in on the status of this. Higher security options are relevant in this bull market as investors' assets appreciate. |
We would also be very interested to see this feature added to MetaMask so we can add support for it in AirGap Vault. I did not give @r001's version a try yet, but something like this is definitely needed to provide users with more secure options of storing their private keys. @r001 Which wallet are you currently using to do the air-gap? EDIT: After reading the other thread, I assume it's airsign :) |
Any news on this? I would love to be able to use my raspberry pi for cold private key storage. |
A few weeks ago, MetaMask added QR signing capabilities. Keystone and AirGap Vault have added support for this. AirGap Vault can be installed on any device and it should also run in a Raspberry Pi (It just requires Chrome), but of course you can also build your own implementation instead if you prefer. |
What problem are you trying to solve?
I don't want to store keys in browser, but I don't want to buy/use Ledger.
Describe the solution you'd like
I'd like metamask could import my addresses without private keys, and only ask for signing, which I would do myself.
There are apps that allow you to sign arbitrary transactions using QR codes on the device with no internet access.
It works like Ledger, only on your phone. An example: https://flightwallet.org
Additional context
So one of the solutions would be to:
The text was updated successfully, but these errors were encountered: