xGov-182: Integrating Algorand to Airgap vault & wallet via isolated modules

id: 182

period: 4

title: Airgap vault & wallet integration via isolated modules

author: AP (@Vidhyanandcs)

email: vidhyanandcs@gmail.com

discussions-to: xGov-108-Airgap vault & wallet integration via isolated modules

company_name: Securecerts Technologies

category: Tools

focus_area: Deployment

open_source: Yes

funding_type: Proactive

amount_requested: 84530

delivery_date: 2024-08-01

status: Draft

Abstract

Airgap vault is an open-source vault that helps algorand community to convert their old mobile phone to a cold storage for generation and management of private keys. Airgap wallet is an open-source wallet with web, android, iOS, mac, windows and linux support. It currently supports BTC, ETH, XTZ, DOT, GLMR, ATOM, ICP, RBTC & more. Unlike other wallet ecosystems, your private key (seed phrase) is never stored in the wallet app but in the vault. We are proposing a plan to integrate airgap vault and wallet via isolated modules to algorand.

Team

AP - CEO. I have 7 years of experience in sales and marketing. I have been an active member in the Algorand community since August 2021 and is involved with the Notiboy project.

Deepak -CTO. Deepak has a Masters in computer science and has worked in product design & development for leading payment companies in the world. He is well versed in the Algorand smart contracts and SDKs and has been leading the design and development of Notiboy project.

Experience with Algorand

We have been building notiboy project which is a notification and web3 chat application on algorand.

Present Proposal

As My Algo Wallet announced sunset, we were looking for an alternative multi-chain wallet that can be used by community to operate hardware wallet. We stumbled upon airgap which was recommended to us by a community member. It has two features. Airgap vault and Airgap wallet.

The AirGap Vault is responsible for secure secret recovery phrase generation and storage, as well as air-gapped transaction signing through QR codes. The Vault is installed on a dedicated device with no network connection, thereby protecting your secret recovery phrase from attackers. Even if you choose to install the Vault on a device with network connectivity, the Vault application still stays offline.

The AirGap Wallet creates transactions, broadcasts transactions and shows a portfolio overview. The Wallet is installed on your everyday smartphone with network access. The wallet stores public information. The secret recovery phrase is only stored and used in the AirGap Vault, which does not have access to the internet at any time, thus making it inherently more secure than your regular software wallet with internet access.

We intend to integrate airgap vault and airgap wallet to algorand via isolated modules.

Future Blueprint

Update the isolated modules wrt updates in the ecosystem.

Benefits for the community

1. New members joining crypto and algorand ecosystem may not be willing to buy a hardware wallet as their crypto investments may be lower. But using a hot wallet has its own risks. Airgap vault shall be a viable alternative for newer community members with old phones as they can be converted into cold storage to securly store ASAs.

2)Airgap web wallet has support for ledger.

3. Airgap has support for desktop wallets (Mac, windows and Linux) which algorand has been missing.

4. Airgap has multi-chain presence and code is open-source. This means developers from multiple ecosystem is looking into the code which ensures better security.

5. Access to algorad for more than 20,000 users of airgap.

Additional information

Airgap Introduction video : https://youtu.be/OaYiXsD2sQ8?si=qWxI85RqHHUd6nyI

AirGap Docs: https://support.airgap.it/

Keeping your seed phrase cold is important: Why keeping your seed phrase cold is important | by AirGap | AirGap | Medium

In-depth discussion has happened during xGov session 3. In-case u have missed it, please check the below link.

I liked this proposal before and I still do. I hope you have better success this time around.

I will be voting in support of this proposal! I have an slightly older Android device that I’d love to use as an Air-gapped hardware wallet. I think it’s a great alternative to being forced to buy a Ledger or Trezor wallet for example, this is more inclusive to those who can’t afford the name-brand hardware wallets. The kicker for me is, in addition to it being open-source, “Airgap has support for desktop wallets (Mac, windows and Linux) which algorand has been missing” that is HUGE!!! It’s definitely been a barrier for adoption imo

Hi, do you have some standard in mind what will be in the qr code?

I assume the qr code between the wallet and airgap device should be array of base64 algorand not signed txs or signed multisig txs. The airgap device should be able to decode those transactions and show to users, sign them and generate new array of base64 of signed txs.

Or do you want there some metadata or control hashes to put in the transfer objects?

Also, do you think that qr code max length 2953 bytes minus the ECL may be the issue? I can imagine few txs that may go beyound this limit.

Have a look at the docs.

i did, but did not found it… can you link some exact messages or examples how you believe it should work? or are you going to research it during the dev phase?

I really enjoy this idea of turning all phones into cold storage wallets. Much more convenient and efficient. Hopefully there is some traction

A code audit seems like a must have for anything that touches private keys. Does this proposal include an audit from a professional third-party?

Audits will be taken care by airgap team

Congrats on Passing your proposal!

Hi @vidhyanand congrats on your proposal passing!

We will be doing an open development at the following repo.
Once tested, this will be submitted to airgap team for audit and merging.
You can see the development in real-time here.

i think you misunderstood the workflow. Airgap vault will not sign the transaction. As per my understanding airgap wallet will create a transaction which will be signed by scanning a QR code in the airgap vault. Airgap vault is never connected to internet and is always offline.

I think Awallet can provide support for airgap vault (just like metamask which support airgap vault). This will make sure that any user who has airgap vault installed can directly use AWallet for algorand. Already airgap vault has 10k downloads in android and i think they will have more in iOS. You can attract these users to Awallet by just providing support to airgap vault.

I think you contradicts yourself in this two sentences.

1. Airgap vault will not sign the transaction.
2. You sign txs (by qrcode) in airgap vault.

To my understanding the “airgap vault” is where the key is stored and this part is offline and communicates using qrcodes.

So you must have some specification on what is encoded on the way to the vault and what is encoded in the qr code from the vault.

I just tried to suggest what should be in those qr codes, so that you dont come to the state where each tx in the group must be exchanged by the qr code.

Feel free to create pull request.

I meant the wallet has to scan a QR code from vault to sign a transaction. Signing process happens in wallet.

You can go through the docs to understand the process.

Once we finish the integration and it is live on algorand you can add support for vaults if you feel the need. I am not associated with airgap team

Signing usually happens there where the private key is… The place where private key is is usually called vault. So you are saying they export the private key from the vault in qr code so that the wallet can sign the tx?

Check this out.

I checked the docs once more.

Serialization is an important part of the communication between AirGap applications. Every transaction that your online protocol creates in AirGap Wallet will be serialized before it’s sent to AirGap Vault and every transaction signed by your offline protocol in AirGap Vault will be serialized before it’s returned to AirGap Wallet.

You are right i think. Transactions are sent to the vault for signing (offline mode).

But we are looking for implementing the online mode + offline mode.

In case of grouped transactions there may be limitations in sending them via QR code