Currently, the xGov tool looks like it’s only supporting a limited range of wallets. Currently, I use My Algo wallet with a hardware wallet. Will I have to use one of the alternative wallets to vote this xGov session? Is Pera the only option?
Hi @zara, we will be adding more wallets, but not in time for this voting session. HW users have been voting with Defly or Pera.
If a new x-gov 108 proposal gies ahead this woukd be by far the best hard ware wallet i cant beleive i use it and prefer it thsn my other hsrd ware wallets KEYSTONE E PRO , D,cent and ledger. This has git by far the best security . No blind signing, multi-sig, multi seeds . Bip39 25th word phrase . Choose your own fault to embe your vault if your a paranoid fk het all the open schematics google , Samsung both hardwate aod software nos opens then airvap os open. Its alsl multichain and has workinm dapps with tezoz … just bote it in… Airgap team is waiting with so ausit after completion. Its a win win for all
AWallet supports the multisig, it supports ledger, it supports ARC76 accounts, 2FA accounts, has feature to export account using shamir backup, and recently 12 themes were added and ARC200 tokens support. When people are swapping they can visually see if better quote is deflex or folks router.
AWallet is AVM multichain and people can setup their own AVM nodes.
Currently work is being done on the payment scheduler.
What do you mean airgapped?
If you mean that you can run it without internet, you need to access somehow algod and indexer nodes…
So if you want you can run algod and indexer on your computer (for this you need internet) (or some other computer at your network) and run the AWallet from docker image localy and this way it does not connect the internet (unless you initiate the wallet connect connection).
And for the record if you want to print out the shamir phrases you can work offline to do this. The AWallet does not connect to internet by it self (the only exception is the wallet connect, images loaded from wallet connect, wallet connect accounts, and algod and indexer nodes apis, and two factor accounts setup and signing).
Airgapped simply means what ever holds the private keys which is required to sign and finalise a transaction never has had contact with the internet. So basically half of the transaction is created with the front facing Web wallet a qr code is then produced which you can view to make sure everything is good. If the application is not hacked and your 100% sure you don’t need to view the raw qr details this is only if you are paranoid due to a large transfer or you may just want to quickly check if the correct send address is still there. Now that this is. Checked… you take out your hardware device and switch on , you can decide how much security you must go through just to even have access to this application otherwise you can make it appear like nothing is even installed on I personally have it installed in the secure section of the phone which is separated almost sandboxed within the phone and you can choose the security measures just to open the app. I use biometric fingerr print and have large 8 digit pin also the beauty of using a phone purely as a hardware device is because they are built for security and are the most battle tested devices out there and used from banking to practically securing data . So imagine the security already installed with WiFi enabled now let’s say we completely shut off WiFi, I can even go as far as turn off every sensor on the phone and only switch on for the second you sign the tx and then turn off after.
So the Web app or the actual companion app which is the app that interacts with the blockchain and views your balances and public key history etc… when you choose to send a tx it creates the first half of the tx a partially signed tx spits out a QR CODE once done… it then requests that you scan this qr code with your vault , once this is done it then creates a new qr code which is basically a qr code which is a finalised tx ready to rebroadcasted. Now you use the front face app to re-scan the finalised tx and broadcast.
I have security even before you finish signing so even if a miricale occurred and youn some how found this device powered it on passed Ll security, then found the application which requires more security and then to access the application again security now to finally sign the transaction i have a final passphrase which is requirer just to sign the tx …
Anyway that’s beauty of being airgapped… I can log into metamask and walk away knowing even if u had remote access to my computer and the password to metamask you can get excited and go as far as creating a send transaction but then it wont go any further until you sign this tx.
This is for multiple coins your entire portfolio should be airgapped if possible. From btc eth to algo and whatever else.
Kind Regards
1 Like
Sounds easy to be implemented…
The current state is that there is ARC for how to generate QR payment, however it is not very good as it does not have all info there such network, first and last block and it allows only axfer or pay txs and does not support app calls and it does not support grouped txs. AWallet at the moment supports this qr payment as it is standardized. However currently the only way how to proceed is to send it to the network.
In the work is however new standard which will allow also sign bytes and more features.
But easy to code on the input side is if all apps would agree on data structure like array of base64url of unsigned transactions to be put in the qr code, it can be easily signed.
On the other side the output may be something like array of base64url of signed or unsigned (where person does not have private key) transactions and if the processing application could process this qr code it would be fine… At the moment in AWallet person has to confirm “Send back to dAPP or Send to the network” so there may be just option show QR.
But to standardize this, it would be much better if there is some common standard how it is done, something added to the payload like the version of meta strustructure, version of the protocol, or some encoding…
Do you know how other blockchains or bank applications, or some other devices with private keys handle it? Are there some standards already in place?
I have added this to AWallet backlog as the feature request - Airgap feature · Issue #84 · scholtz/wallet · GitHub
Yeh good stuff, the more the better so far Only tangem is your safest option for storing your algo … soon airgap will also have it… yes add this feature
If you want to know more about it just goto airgap.it
Think of it like a much more configurable trezor… trezor has 2 parts … 1 part installed on your phone and then you have the actual trezor hardware with software installed on it separate.
Kind Regards
That is not true.
The most secure way is to store algo or algo assets using multisig with different random number generators and better some hw devices… I dont think tangem currently supports much from algorand (eg the multisig or perhaps app calls), but i dont have their device so i cannot tell.
If you have a hardware wallet, there is little reason to need a multisig as well unless you are a project and want to make it so that nobody relies on one person but rather you rely on a subset of a trusted group to sign transactions.
we have a plan to integrate algorand to airgap wallet
I believe this is not correct.
All hardware devices have the recovery methods. In ledger you have 24 words and in the case you do not secure this mnemonic correctly someone can steal it and even without the physical device he can sign transactions.
If some hardware device does not have the recovery option, it is even bigger reason to have it in the multisig… Imagine the device which will get broken in physical form and no option to sign. For example government id cards usually have ed25529 functionality, so when you return the gov card back to government or it gets stolen, you would not have option to sign the transactions. In this case only the multisig will save you as you could rekey your account with rest of the singing threshold.
Multisig keys can be stolen too. What you are describing is a failure of security around the storage/security of seed phrases. That’s a user issue. If you can’t trust yourself to store one set of keys, then you aren’t fixing that issue it by storing additional sets.
At a certain point, enough security is enough. Telling people that they need both HW and multisig is silly and probably just turns people off to the idea of messing with crypto at all.
There are no multisig keys…
Its keys to multisig accounts.
If you have in multisig multiple people ledgers, tangem, arc76 account and two factor account, it is the highest security.
I am not saying that gneral public should go for highest security. I am saying that the highest security can be achieved only with the multisig.