Several teams are (or will) work on the integration of the hardwallet (talking about the javacard only here). This post is to launch a discussion on the user stories we want to implement, define what we want and prioritize !
This will help for sure UX teams and client teams that will be working on this integration.
For memo, the hardwallet is a javacard with no user interface (no screen, no button) communicating with our clients with NFC (native in Android, need a bluetooth/usb reader for iOS & desktop).
A target is to have a first batch of product ready with all or selected user stories implemented and tested for Devcon4 end of October.
Overall rationale of the hardwallet
Just to back up for one second: the overall rationale of the hardwallet is to increase security and convenience of the Status user experience.
- secret elements are separated (air gapped) from the status client on phone or PC. Thus eliminating the risk of malware intercepting some of these secrets.
- sensitive operations (login, signing transactions) need a proof of possession (i.e. the hardwallet) on top of proof of knowledge (e.g PIN)
- replace login with password by a tap of card + card PIN, assuming it’s easier to remember a pin than a password
Proposed user stories
For account set-up
0/ For an existing Status wallet and when user is logged into Status, the user can export its wallet into his hardwallet
The user can export the master key pair to the card. No need for the user to enter his mnemonic.
1/ For an existing BIP32 wallet (Status or not), the user can import its wallet in the hardwallet
The user is asked for its mnemonic
2/ Create a new Status wallet in the Javacard
Once the account is set-up
3/ The user sign transactions with card + PIN instead of entering the password
4/ the user login into status with card + PIN instead of input password
5/ export whisper keys to client RAM
the interest is to not store the whisper keys in the client flash. This is not really a user story since there is no UX associated, it’s more of a security feature of the hardwallet.
A specific question that has both technical and UX consequences
We need to clarify if the end user that has ported his wallet (or created a new one) to a hardwallet still needs to define and memorize his Status password or not.
From a usability point of view, it’s better to replace all use of the password by the hardwallet + PIN.
We should discuss how this is handled from technical standpoint : with which password the database will be encrypted? how can we generate it ?
Thanks for your feedbacks !