xGov-182: Integrating Algorand to Airgap vault & wallet via isolated modules


id: 182

period: 4

title: Airgap vault & wallet integration via isolated modules

author: AP (@Vidhyanandcs)

email: vidhyanandcs@gmail.com

discussions-to: xGov-108-Airgap vault & wallet integration via isolated modules

company_name: Securecerts Technologies

category: Tools

focus_area: Deployment

open_source: Yes

funding_type: Proactive

amount_requested: 84530

delivery_date: 2024-08-01

status: Draft


Abstract

Airgap vault is an open-source vault that helps algorand community to convert their old mobile phone to a cold storage for generation and management of private keys. Airgap wallet is an open-source wallet with web, android, iOS, mac, windows and linux support. It currently supports BTC, ETH, XTZ, DOT, GLMR, ATOM, ICP, RBTC & more. Unlike other wallet ecosystems, your private key (seed phrase) is never stored in the wallet app but in the vault. We are proposing a plan to integrate airgap vault and wallet via isolated modules to algorand.

Team

AP - CEO. I have 7 years of experience in sales and marketing. I have been an active member in the Algorand community since August 2021 and is involved with the Notiboy project.

Deepak -CTO. Deepak has a Masters in computer science and has worked in product design & development for leading payment companies in the world. He is well versed in the Algorand smart contracts and SDKs and has been leading the design and development of Notiboy project.

Experience with Algorand

We have been building notiboy project which is a notification and web3 chat application on algorand.

Present Proposal

As My Algo Wallet announced sunset, we were looking for an alternative multi-chain wallet that can be used by community to operate hardware wallet. We stumbled upon airgap which was recommended to us by a community member. It has two features. Airgap vault and Airgap wallet.

The AirGap Vault is responsible for secure secret recovery phrase generation and storage, as well as air-gapped transaction signing through QR codes. The Vault is installed on a dedicated device with no network connection, thereby protecting your secret recovery phrase from attackers. Even if you choose to install the Vault on a device with network connectivity, the Vault application still stays offline.

The AirGap Wallet creates transactions, broadcasts transactions and shows a portfolio overview. The Wallet is installed on your everyday smartphone with network access. The wallet stores public information. The secret recovery phrase is only stored and used in the AirGap Vault, which does not have access to the internet at any time, thus making it inherently more secure than your regular software wallet with internet access.

We intend to integrate airgap vault and airgap wallet to algorand via isolated modules.

Future Blueprint

Update the isolated modules wrt updates in the ecosystem.

Benefits for the community

  1. New members joining crypto and algorand ecosystem may not be willing to buy a hardware wallet as their crypto investments may be lower. But using a hot wallet has its own risks. Airgap vault shall be a viable alternative for newer community members with old phones as they can be converted into cold storage to securly store ASAs.

2)Airgap web wallet has support for ledger.

  1. Airgap has support for desktop wallets (Mac, windows and Linux) which algorand has been missing.

  2. Airgap has multi-chain presence and code is open-source. This means developers from multiple ecosystem is looking into the code which ensures better security.

  3. Access to algorad for more than 20,000 users of airgap.

Additional information

Airgap Introduction video : https://youtu.be/OaYiXsD2sQ8?si=qWxI85RqHHUd6nyI

AirGap Docs: https://support.airgap.it/

Keeping your seed phrase cold is important: Why keeping your seed phrase cold is important | by AirGap | AirGap | Medium

3 Likes

In-depth discussion has happened during xGov session 3. In-case u have missed it, please check the below link.

1 Like

I liked this proposal before and I still do. I hope you have better success this time around.

2 Likes

I will be voting in support of this proposal! I have an slightly older Android device that I’d love to use as an Air-gapped hardware wallet. I think it’s a great alternative to being forced to buy a Ledger or Trezor wallet for example, this is more inclusive to those who can’t afford the name-brand hardware wallets. The kicker for me is, in addition to it being open-source, “Airgap has support for desktop wallets (Mac, windows and Linux) which algorand has been missing” that is HUGE!!! It’s definitely been a barrier for adoption imo

1 Like

Hi, do you have some standard in mind what will be in the qr code?

I assume the qr code between the wallet and airgap device should be array of base64 algorand not signed txs or signed multisig txs. The airgap device should be able to decode those transactions and show to users, sign them and generate new array of base64 of signed txs.

Or do you want there some metadata or control hashes to put in the transfer objects?

Also, do you think that qr code max length 2953 bytes minus the ECL may be the issue? I can imagine few txs that may go beyound this limit.

Have a look at the docs.

i did, but did not found it… can you link some exact messages or examples how you believe it should work? or are you going to research it during the dev phase?

I really enjoy this idea of turning all phones into cold storage wallets. Much more convenient and efficient. Hopefully there is some traction

2 Likes

A code audit seems like a must have for anything that touches private keys. Does this proposal include an audit from a professional third-party?

Audits will be taken care by airgap team