feat: implement platform-managed custodial wallets#611
Open
Bigmehelen wants to merge 1 commit into
Open
Conversation
- Add CustodialWalletService with Argon2id + AES-256-GCM encryption for zero-knowledge key custody - Integrate custodial wallet generation into user registration - Update signup UI to allow choosing between custodial and self-custody wallets - Create ExportKeyModal for users to safely export their private keys - Add custodial_wallets table migration and wallet_type to users - Add security documentation for the custodial wallet architecture
|
@Bigmehelen is attempting to deploy a commit to the vic's projects Team on Vercel. A member of the Team first needs to authorize it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closed #1055
CustodialWalletService: Created to securely generate and encrypt Stellar keypairs on behalf of users.
Strong Encryption (Zero-Knowledge Custody):
Integrated Argon2id for robust key derivation from the user's plaintext password.
Implemented AES-256-GCM encryption for the Stellar secret key, generating a unique IV and Auth Tag for each encryption.
Mixed a server-side pepper (CUSTODIAL_WALLET_ENCRYPTION_PEPPER) into the salt, ensuring that even a complete database dump cannot be cracked without the environment variable.
Auth Flow Integration: Updated AuthService and RegisterDto to accept the use_custodial_wallet flag. If selected, the backend generates the wallet upon registration and associates the public key with the user.
Export Endpoint: Added a securely rate-limited endpoint (POST /api/v1/wallets/custodial/export-key) that decrypts and returns the user's private key when they supply their current plaintext password.
Database Schema:
Added the custodial_wallets table to store the encrypted key materials and Argon2 parameters.
Added the wallet_type enum (none, self-custody, custodial) to the users table to track wallet provisioning.
Frontend 🖥️
Signup Flow Update: Added a "Wallet Setup" step to the registration page (app/signup/page.tsx). Users can clearly choose between the beginner-friendly "Platform-Managed (Custodial)" option and the advanced "Self-Custody (Freighter)" option.
auth-store.ts Updates: Modified the signup action to include the wallet type and gracefully handle the conditional stellar_address requirement.
CustodialWalletBadge: A sleek UI badge component added to help users visually distinguish their custodial wallet status.
ExportKeyModal: An interactive modal that prompts the user for their password, securely fetches the decrypted Stellar secret key, and displays it in a hidden-by-default, copyable format with prominent security warnings.
Documentation 📄
docs/custodial-wallet-security.md: Added comprehensive documentation detailing the threat model, key derivation design, encryption parameters, export flow, and compliance notes.
Deployment Notes
WARNING
Environment Variables: You MUST set the CUSTODIAL_WALLET_ENCRYPTION_PEPPER environment variable in your production secrets manager. This must be a secure, 32-byte hex string. If not set, custodial wallets will fall back to an insecure hardcoded pepper and log errors.