Ease of use is a primary requirement for the FIO web app. The goal is to reduce friction that comes with downloading applications or linking to external wallets, key management plugins, or other external tools. At the same time, there is a tradeoff between ease-of-use and security when it comes to key management.
Creating a web-based application that incorporates the entire key management and transaction signing workflow is considered a fundamental feature to accommodate the ease-of-use requirements.
This document summarizes the transaction signing and key management requirements associated with the development of a web-based application, identifies the risks and uncertainty regarding key management in a web app, summarizes different approaches development, and attempts to estimate the scope of the various approaches.
...
Third-party applications and development services organizations
Refer to the dApp research page for background on research performed regarding account creation/login and signing: dApp research
Technology / Organization | Info |
---|---|
Edge Security API | Notes from 2/4/21 Conversation with Paul
|
WebCrypto API | One direction is to use the Web Cryptography API for client-side cryptography in the web browser. Then, you can create a keypair using the webcrypto api, and store the CryptoKey object, containing the user's private key, with the .extractable property set to false, using Indexed DBstorage. This way the private key can only be used for decrypting and/or signing messages within the browser - but can not be read (even by client-side scripting in the browser). |
fido alliance | |
Oodles Blockchain (services) | |
Torus Labs |
|
...