How do we keep your keys safe?
We were talking about
xBull Wallet in the Stellar Keybase group and a user pointed out something important: How do consumers know we won't do an exit scam or steal their coins? That was a really good question so here we explain how that's not possible with our wallet.
Some subjects here are advanced topics, we do our best to explain everything in a way everybody understand it but if you have any question reach us on Twitter
Custodial vs Non-Custodial
Before starting we need to understand the differences between a custodial and a non-custodial wallet:
- Custodial: A custodial wallet is a wallet where you don't hold your keys, these kind of wallets have their own pros and cons. Most of them are used by Exchanges and services that need to sign operations for you.
- Non-Custodial: This kind of wallets (
xBull Wallet is a Non-Custodial wallet) keeps your keys locally and they don't share it with any other party, examples of this kind of wallets are
Trust Wallet(mobile) and
First thing first: A Wallet, not a service
The first thing we need to understand is the nature of xBull, xBull is a Wallet and only a Wallet, it is not a service and it does not try to be one. A wallet is an app where your keys are stored and it's the one who is in charge of signing transactions, on top of that some wallets add features and help you in the interaction with the Blockchain like xBull does.
Here at Creit Tech we have our own businesses and some of them use the Stellar Blockchain, we didn't want to keep customers keys and that's why we created xBull Wallet so they own their keys and don't need to trust us (that's why the code is also public).
Your keys, your coins
xBull is a non-custodial wallet which means it keeps your keys locally. Because it's also an extension wallet it means it keeps the keys on your browser in an isolated store which is managed by the browser itself, this means the storage is isolated from websites and the browser does not allow them to check the storage xBull uses.
So you might be wondering... How are the keys generated?
xBull uses the standard
BIP39 which is listed in Bitcoin's Github repository here and we follow the Stellar protocol
SEP-0005 which explains how to implement
BIP39 with the Stellar Blockchain, you can read about this proposal here.
This is why when you open xBull for the first time, it picks 24 words randomly from the
BIP39 English list (which you can check in Bitcoin's Github here) and it requires you to write them again to make sure you saved it.
From this list of words we generate a seed key and with a path we can generate a Keypair, this is how you can restore all your accounts only using those 24 words (and that's the reason why you MUST save it)... Do you want to test it yourself? Get the list of words mentioned in the
SEP-0005 proposal here and you will get the same accounts.
Ok, I get it... What about security?
Now that we understand how xBull generates your Keypairs locally, how does it keep them secured? First what we need to know is how does an isolated extension work:
- An extension has it's own storage in the browser where only the user and the extension has access
- An extension has two "helpers", a
content script. The content script is the one that has access to the website but it does not has access to the storage, the background has access to the storage but it can't touch the website
- Communication between the website and the extension needs to go from these two "helpers" so website does not have direct access to this storage
If you see the flow of how an isolated extension talks with a website you will see that websites can't touch the storage where your keys are saved... But what if they could?
Because tech can have bugs we add an extra step:
When you first configure the wallet it will asks you to write a password, this password will be used to encrypt your seed and your private keys using
AES, it's really important that you never forget this password because without it you won't be able to decrypt the seed or keys. The password needs to be at least 8 digits and you should use an strong combination.
For this reason xBull always requires the password before signing a transaction (for keys that are saved in the storage), it's because xBull can't decrypt them without your consent.
Want to know more?
If you want to dig into more details the best way is to read the source code, here is a list of the places you can audit how the encryption process work:
- Encrypting private key before saving it
- Encrypting the Mnemonic phrase before saving it
- Decrypting private key to sign a transaction
- Decrypting seed to generate a new account