zcash-android-wallet-sdk icon indicating copy to clipboard operation
zcash-android-wallet-sdk copied to clipboard

Published 20 hours ago verified publisher icon zcash

Consider using seed fingerprint for wallet alias

Open ccjernigan opened this issue 2 years ago • 4 comments

Is your feature request related to a problem? Please describe.

The SDK is technically capable of syncing multiple wallets, and client apps may be managing multiple seeds. Currently, clients must decide how to name each wallet which could lead to bugs.

Describe the solution you'd like

Use seed fingerprints to identify the wallet on disk instead of the alias. https://zips.z.cash/zip-0032#seed-fingerprints

This may go along with refactoring the initialization flow of the SDK as well

A wallet initialization API may look like this:

  1. First time creating a new wallet, use the seed and receive a fingerprint in response (along with the on disk datastructures being created). Do not receive a synchronizer.
  2. Clients store the fingerprint in private but unencrypted storage
  3. Clients create a Synchronizer with that fingerprint, as the SDK has stored the viewing keys necessary to start syncing. If an SDK migration is required, clients go back to step 1.

ccjernigan avatar Dec 27 '22 13:12 ccjernigan

Note: Viewing keys can also be fingerprinted 🎉 so view-only wallets would be covered by this approach as well. uhmm or may not...

pacu avatar Mar 14 '23 21:03 pacu

Note that it isn't currently possible to derive child viewing keys from a parent viewing key. You either need to have spend authority for the root, or someone who does has to derive the viewing keys for each account, and your wallet stores all of those.

daira avatar Mar 15 '23 20:03 daira

Note that it isn't currently possible to derive child viewing keys from a parent viewing key. You either need to have spend authority for the root, or someone who does has to derive the viewing keys for each account, and your wallet stores all of those.

Thanks for pointing this out. The toolkit we provide on librustzcash to support viewing-only wallets it's kind of half-baked. We have many scenarios where the seed or "spend authority" is required, so we basically support viewing-only friendly APIs that allow developers not to be having to get the seed out of secure storage every time the app launches but assuming that the user will be in custody of the seed if needed (either to spend or perform complex migrations)

pacu avatar Mar 15 '23 23:03 pacu

Also, if we have a viewing key wallet that supports more than one key, it's possible to sync all of those within a single synchronizer. The question is, which viewing key would you use the fingerprint from as the alias?

pacu avatar Mar 15 '23 23:03 pacu