SubWallet Interactive with Cold Wallet

[hieudd]

Basic knowledge

Overview

Signer with manage account and keep private key and allow to create signature for any transaction. Most of signer require passphase to unlock private key before create signature. DApp, Extension Wallet, Hardware Wallet, Mobile Signer can become signer if it keep private key of an account.

There are some signing data usecase depend on which object contain private key:

1. DApp keep private key
   a. This is most simplest case. DApp will create transaction and sign transaction with private key that it own.
2. Extension Wallet keep private key, this case is very popular key
   a. Some Wallet Extension like SubWallet have some features like a DApp. When user perform some features that required signature, this case will be the same with 1a.
   b. DApp will create transaction and keyring on DApp will request signature from Extension via extension signature.
   c. DApp on mobile can be import account from QR code. Anytime required signature DApp need to push data to Extension Wallet and get signature result by QR.
3. Hardware Wallet keep private key, this is nearly the most security
   a. DApp direct connect to hardware wallet via usb connection and it need to import account from hardware wallet. Whenver imported account request signature, it required Hardware Wallet connect and sign data with its passphase.
   b. DApp use injected account from Extension and Extension import account from hardware. With DApp this case is same with 2a but with Extension it need to import account from Hardware and connect to this device to get transaction signature.
4. Mobile Signer keep private key. This case near the same with Hardware Wallet but Mobile Signature will use QR code to interact with extension or DApp
   a. DApp direct connect to hardware wallet via usb connection and it need to import account from QR code. Whenver imported account request signature DApp with send and get payload via QR code.
   b. DApp use injected account from Extension and Extension import account from hardware. With DApp this case is same with 2a but with Extension it need to import account from and request signature by send and get data via QR code.

Use QR with signer

• Import account via QR:
  • Data: AccountType:Address:PublicKey:AccountName
  • Example: substrate:5HL6xpAbHnxCwW2uUqQ5dmev2wo2FQkpUEfmXrzmzTFkWMRo:0xe143f23803ac50e8f6f8e62695d1ce9e4e1d68aa36c1cd2cfd15340213f3423e:Westend root
• Import ETH Account:
  • Data: ethereum:(details = address | address "@" chainid | address "@" chainid ":" name)
  • EG: ethereum:0x4f604e0FECf7F78B64a564C343b870bB4608700c@1284:EVM-Account-001
• Signature request: createSignPayload(address, cmd, payload, genesisHash) in package @polkadot/react-qr
• Signature: Sign result eg: 01d6b5a7d39598c76c5754448e0e55a258088cb03a573dd04db06e16be3eafb854285407903b8ce551255011e0ae52226f52ab7a31d38f1f3fd1f0a09349e2b989
• Research Mindmap
  
• Standard: folllow this article

Requirements

SubWallet now work ok with case 2a, 2b It hold private key and can sign for these transaction.

• We need to test does our wallet work well with case 3a.
• We also compitable with case 2c, 4b

Todo List

These step will help us response for all requiredment

Research

• How to hardware wallet work?
• How to mobile signer work?

Test again

• Sign Transactions with hardware wallet
• Create Account via Ledger
• Send / Receive Assets

Implement

Can use 2 lib @polkadot/react-singer & @polkadot/react-qr with these component QrDisplayPayload and QrScanSignature

• QR display / QR Scan #316
• (2c) Sign with the extension via QR: Add method sign via QR with extension #317
• (4b) Sign with mobile signer via QR: Support Parity Signer/ Style to sign transaction or send funds transaction of account imported via QR #315

Staking

• Stake
• UnStake
• Withdraw

[sokol142]

Pls check some issues:

• Account imported via QR-Signed still enable Export Private Key button on the Receive screen
  

• Can't cancel "Scan signature via camera" action
  

• Do not showing error message when user entered wrong password on the Scan QR screen
  

• Still showing Scan QR screen when re-open popup extension
  Steps:

1. Open the extension
2. Go to Scan QR screen
3. On the Scan to publish screen, user click on "Home" button/ click on Scan another QR
4. Close the popup
5. Re-open the popup
   Actual:

• Still showing Scan QR screen if user click on Home button

• Still showing information of the previous transaction if user click on Scan another QR
  

• Bug UI
  

• Showing incorrect screen when user perform resend tokens (see file attachment below)

• Actual: Showing the Authorize Step 2 (Scan to publish transaction)

• Expect: Showing the Authorize Step 1 (Scan to send request)

• Note: Reproduce both Send Fund & XCM Transfer feature
  

• Do not navigate to the previous screen when user click on "Previous Step" button
  

• The transaction of the EVM account imported via QR cannot be found on the subscan page
  

• Check case import account via QR that already exists on the wallet (with private key on the wallet)

• Actual: Replace by account imported via QR so some features are limited.

• Expected: Keep the original account

• Do not remember password after signed successfully:
  

Improve:

• After imported via QR-Signed successfully, switch to this account

• Add the checkbox "Auto connect to all DApp after creating" (refer the Create Account/Import Acc/Restore Acc screen)
  

• Display message warning when user scan invalid QR