People often ask us how do we keep keys safe and how can they actually trust we won’t steal their keys, this is a good question and can be answered in two ways, a short version which is: We can’t steal your keys because they never leave your device and a longer version with more details:
Some subjects here are advanced topics, we do our best to explain everything in a way everybody understand it but if you have any question reach us on Twitter
Custodial vs Non-Custodial
Before starting with the explanation we need to understand the differences between a custodial and a non-custodial wallet:
- Custodial: A custodial wallet is a wallet where you don’t hold your keys, these kind of wallets have their own pros and cons. Most of them are used by Exchanges and services that need to sign operations for you and so because of that they keep the private keys on their end.
- Non-Custodial: This type of wallet (
xBull Wallet is a Non-Custodial wallet) keeps your keys locally on your device and they don’t share it with any other party, there are many examples of this type of wallet but two famous ones are
Trust Wallet(mobile) and
A Wallet, not a service to keep your keys
The first thing we need to understand is the nature of xBull, xBull is a Wallet and only a Wallet, it is not a service and it does not try to be one. A wallet is an app where your keys are stored and it’s the one who is in charge of signing transactions, on top of that some wallets add features and help you in the interaction with the Blockchain like xBull does.
This doesn’t mean a wallet can not have services on top of it, non-custodial wallets can include services which users can use and at the same time not needing to hold your keys so they continue being non-custodial.
Here at Creit Tech we have our own businesses and some of them use the Stellar Blockchain, we didn’t want to keep customers keys and that’s why we created xBull Wallet so they own their keys and don’t need to trust us (that’s why the code is also public).
Your keys, your coins
xBull is a non-custodial wallet which means it keeps your keys locally. You will probably ask
"Where does it keep them?" and the answer will depend on the type of platform being used. The extension version keeps the keys on your browser in an isolated store which is managed by the browser itself, this means the storage is isolated from websites and the browser does not allow them to check the storage xBull uses.
When using the mobile version these are kept inside your device’s secured storage, this storage is provided by the device itself so Google and Apple are the ones who designed it and developed it… We just consume it.
Lastly, the webapp version will use your browser storage (depending on the browser it will use a different type of storage). This storage, like in the extension case is an isolated storage where others websites or apps can’t see it.
How are the keys generated?
xBull uses the standard
BIP44 which are listed in Bitcoin’s Github repository here and here we follow the Stellar protocol
SEP-0005 which explains how to implement
BIP39/BIP44 with the Stellar Blockchain, you can read about this proposal here. From this standard we follow the rule to use 24 words because it gives 256 bits of entropy (more secure).
This is why when you open xBull for the first time and generate a new wallet, it picks 24 words randomly from the
BIP39 English list (which you can check in Bitcoin’s Github here) and it requires you to write them again to make sure you saved it.
From this list of words we generate a seed and with a derivation path we can generate a Keypair (the derivation path used is also an standard), this is how you can restore all your accounts only using those 24 words (and that’s the reason why you MUST save it)… Do you want to test it yourself? Get the list of words mentioned in the
SEP-0005 proposal here and you will get the same accounts (make sure you pick the 24 words option).
Ok, I get it… What about security?
Now that we understand how xBull generates your Keypairs locally, how does it keep them secured? First what we need to know is how storage on xBull works:
The extension way
- An extension has it’s own storage in the browser where only the user and the extension has access
- An extension has two “helpers”, a
content script. The content script is the one that has access to the website but it does not has access to the storage, the background has access to the storage but it can’t touch the website
- Communication between the website and the extension needs to go from these two “helpers” so website does not have direct access to this storage
The website way
Browsers have their own storage, this storage is managed by the browser and they make it isolated for each website domain and sub domain (for example, google.com can’t directly see what is in your storage when visiting youtube.com). This storage could be different even in the same browser because browsers can have multiple types of storages technologies and the browser tries its best to avoid others apps to access this data.
Our Wallet picks the available storage offered from the browser following this order:
The mobile way
Both Android and iOS apps have their own way to keep data, in our case we use two places:
SharedPreferences which are places where apps can keep simple data they use. When using features like fingerprints or face recognition those storages are also managed by the phone system itself.
Each platform has its own storage technology, there is no best solution and instead we use the tech available on each platform that suits our requirements in the best way.
A place to keep it is not enough
Once we have a place to keep the data, it is not enough because a malicious app on your phone could search where our data is saved and try to steal it, an infected browser could send what is in your storage to a third party server or a bug in the platform you are using could leak this data too…
Here comes the
password. When you first configure the wallet it will asks you to write a password, this password will be used to encrypt your seed and your private keys using
AES, it’s really important that you never forget this password because without it you won’t be able to decrypt the seed or keys. The password needs to be at least 8 digits and we suggest you using a strong combination with letters, numbers and symbols (using a weak password is not recommended because hackers could guess it).
For this reason xBull always requires the password before signing a transaction (for keys that are saved in the storage), it’s because xBull can’t decrypt them without your consent.
Want to know more?
If you want to dig into more details the best way is to read the source code here. In the code you can see how the encryption/decryption process work and all the places where this happens. From generating your seeds and private keys until how the encryption/decryption of sensible data works.