Archethic Wallet: User vs Developer Perspective
Margarita Manzanera
Posted on October 3, 2022
What is the Archethic wallet?
Archethic has developed a fully decentralized and non-custodial cryptocurrency hot wallet that enables users to safely manage assets on Layer 1 Archethic blockchain.
No signup or KYC needed, users just control their services and access keychain, protected by different secure access methods like PIN Code, Password, YubiKey like devices and Biometrics.
What are the features of the Archethic wallet?
The user's perspective π©πΏ
Archethic Wallet has implemented the following features:
Main features
- Decentralized keychain management
- Multiple accounts' management
- Creation of Fungible Tokens
- Creation of NFTs
- Support for transactions (Sending and Receiving UCO Token, Fungible Tokens and NFTs)
- List of recent transactions
- List of acquired tokens
Security
- Security access with Password, PIN, Yubicloud OTP, Face ID, Touch ID, Uniris Biometrics (2023)
- Use of 24 Words Mnemonics
Customization
- Support for English and French Language
- Support for multiple Currencies (view only, not meant as multiple cryptocurrencies wallet)
- Multi themes (9 themes available)
- UI customization
Other features
- Local notifications
- Access to exchanges to buy ERC20 UCO
- Share address with QR Code or mobile share feature
- Address book
- UCO Price chart
- Access latest Archethic blog articles
How is the Archethic wallet developed?
The developer's perspective π¨π»βπ»
We developed the wallet using Flutter based on Dart language.
Flutter is an open-source mobile application development framework from Google. The main reason for its popularity is that it supports the creation of cross-platform applications. Flutter is also used to create interactive apps that run on web pages or on the desktop.
Here are some of Flutter's features*
Single code base for Android, iOS, Windows, Linux, macOS, Web, Extension: This approach simplifies and reduces the development time, cost, and maintenance is also an easy task. The Flutter-based user interface can be installed virtually on any platform. It has its own rendering engine that allows developers to keep the UI as it is while moving to another platform. As a result, application users can enjoy an excellent native-like experience on various platforms.
Open-source and made by Google: Flutter is a popular choice among developers because of the huge community support. Google designed the Flutter framework with all the security issues of modern applications in mind. One can find reliable and well-tested plugins in Flutter to mitigate security risks such as user authentication flaws, malicious code injections and data leaks.
Dart Programming: Flutter uses an easy to learn and implement programming language called Dart, which is Google's general purpose programming language.
Performance: As a cross-platform framework, Flutter offers unmatched performance compared to its competitors. Flutter compiles designs to native code. Unlike React Native, Flutter renders widgets directly from the native library rather than downloading libraries and components to the device before rendering.
*Source: https://mobiskill.fr/blog/conseils-emploi-tech/pourquoi-utiliser-flutter-en-2022/
On which platforms is the application available?
How to install the application and secure your funds?
The user's perspective π©
You can now download our wallet on the Google Play Store in beta for the Android mobile version and via the official website of Archethic for the macOs version (https://www.archethic.net/aewallet.html).
During the onboarding process, a screen invites you to create a new wallet or to restore a wallet you already own, from a series of 24 words (seed phrase).
In the case of a new wallet, a series of 24 words (seed phrase) is proposed in English or French. This allows you to generate your private and public keys for your wallet. These words are currently the only way to recover your funds in case of loss of your mobile or uninstallation of the wallet. It is therefore essential to keep this seed phrase hidden from view and on some medium other than your devices.
β οΈ Remember that Archethic will never ask you for your 24 words series.
Once the seed phrase is saved, you can fully enjoy your wallet.
In the case of a wallet restoration, you just have to enter the 24 words of your seed phrase in the right order and the application will find your keychain and associated accounts, from the information stored on the blockchain.
The developer's perspective π¨βπ»
When the wallet is created, a seed is randomly created from a cryptographically secure random number generator provided by Dart.
static String generateSeed() {
String result = '';
const String chars = 'abcdef0123456789';
final Random rng = Random.secure();
for (int i = 0; i < 64; i++) {
result += chars[rng.nextInt(chars.length)];
}
return result.toUpperCase();
}
In order to make the seed more accessible, BIP39 is used and aims to provide a method of simplifying the reading of the seed using a series of mnemonic words. BIP39 takes random words (usually from the English language, although they can be from another language) and creates a long phrase with them, usually 12 to 24 words. In the case of the Archethic wallet, we use 24 words because the higher the number of words, the greater the entropy and security attributable to the resulting sentence. These words are chosen from a dictionary of 2048 words. The flutter library bip39_mnemonic is thus used with English and French dictionaries.
In the case of wallet restoration, the library bip39_mnemonic allows to find the seed from the seed phrase.
How to secure the application?
The user's perspective π¨πΎβπ¦±
Access to the application and interactions with the blockchain are secured so that certain actions are not done beyond the user's control.
Following are the ways to access:
- by PIN code, comprising of 6 digits, with the possibility to mix the numbers of the keyboard to reduce the risks of access to your code by observation,
- by password,
- by using a YubiKey, it is an electronic authentication device to secure your access. Whether you are using NFC with your mobile or USB on your desktop, you can identify yourself with this key,
- by the touch ID or face ID system, depends on the capabilities of your device.
The developer's perspective π©π½βπ»
In the case of PIN and password, authentication information is stored locally (see "What data is stored in my device?").
In the case of touch ID or Face ID, the Flutter Local Auth library provides the means to authenticate on devices supporting fingerprint or facial recognition authentication.
Finally, for OTP via Yubicloud: Yubico OTP is a simple yet strong authentication mechanism that is supported by all YubiKeys out of the box. Yubico OTP can be used as the second factor in a 2-factor authentication scheme or on its own, providing 1-factor authentication. YubiCloud is the name of Yubicoβs web service for verifying OTPs. Before using YubiCloud, you need to get an API key from here -βit is quick, free and helps us in preventing misuse of YubiCloud.
I developed a Yubico dart library for Dart/Flutter to interact with Yubicloud in my personal GitHub repository.
What data is stored in my device?
The user's perspective π¨
We store a set of information so that the application is functional in both online and offline mode.
The first group of information represents the globally available user preferences:
- First Launch: Allows to know if this is the first launch of the application in order to clear the keystore for iOS. Indeed, iOS key store is persistent, so if this is first launch then we will clear the keystore.
- Authentification Method: Allows to know which authentication mode is used (PIN, password, YubiKey, biometrics).
- Current Currency: Allows you to know what currency is used in the application.
- Current Language: Allows you to know which language is used in the application.
- Current Primary Setting: Allows to know if the currency displayed in priority is Fiat or Crypto.
- Current Network: Allows to know if the wallet is connected to mainnet, testnet or to a local node whose endpoint is recorded in the following information.
- Current Network Endpoint: Allows to know the address of the local node.
- Current Theme: Allows to know which theme is used in the application.
- Lock: Allows to know if it is necessary to authenticate at the launching of the application.
- Lock Timeout: Allows to know after how long the application requires authentication at its launch if the user has left the application open to browse for another one for example.
- Pin Pad Shuffle: Allows you to determine whether the PIN code keyboard should be shuffled when entering.
- Show Balances: Allows you to determine if the financial information should be displayed.
- Show Blog: Allows you to know which blog articles should be displayed.
- Show Price Chart: Allows you to determine whether the graph and indicators of the UCO price chart should be displayed.
- Active Vibrations: Allows to know if at each action, a small vibration is emitted on the mobiles.
- Active Notifications: Allows to know if the notifications of reception of UCO are active or not.
- Language Seed: Allows to know if the seed phrase is composed of French or English words.
The second group of information represents the sensitive elements related to security:
- Seed: Allows to store the wallet seed needed to perform transactions on the Archethic blockchain.
- PIN: Allows to store the PIN code in case this authentication method has been chosen.
- Password: Allows to keep the password in case this authentication method has been chosen.
- Yubicloud ID and API Key: Allows to keep the authentication information for the management of the OTP with the YubiKey in case this authentication method has been chosen.
This information is stored securely.
And finally, a secure 256-bit (32 bytes) encryption key to secure data on the disk.
β οΈ Remember that Archethic will never pass on your data to a third party or use your data in any other way than that offered by the application.
The privacy policy is available on our website.
The developer's perspective π¨π»βπ»
In the case of user preference data, we made the choice to store it in a local database Hive rather than the Flutter object SharedPreferences for performance reasons. All the information is available in this medium article.
These data are stored in clear text because they are not sensitive.
On the other hand, the information related to security management must be protected. Here again, Hive is used but the stored values are encrypted. Hive provides a helper function to generate a secure encryption key using the Fortuna random number generator.
The key is stored base 64 encoded in a secure space via the FlutterSecureStorage library.
static Future<Vault> getInstance() async {
try {
const FlutterSecureStorage secureStorage = FlutterSecureStorage();
final Uint8List encryptionKey;
String? secureKey =
await secureStorage.read(key: 'archethic_wallet_secure_key');
if (secureKey == null || secureKey.isEmpty) {
final List<int> key = Hive.generateSecureKey();
encryptionKey = Uint8List.fromList(key);
secureKey = base64UrlEncode(key);
await secureStorage.write(
key: 'archethic_wallet_secure_key', value: secureKey);
} else {
encryptionKey = base64Url.decode(secureKey);
}
final Box<dynamic> encryptedBox = await Hive.openBox<dynamic>(_vaultBox,
encryptionCipher: HiveAesCipher(encryptionKey));
return Vault._(encryptedBox);
} catch (e) {
throw Exception();
}
}
How does the wallet interact with the Archethic blockchain?
The developer's perspective π©βπ»
Based on the Archethic JS SDK, a SDK has been developed in dart and is maintained by the Archethic teams in order to offer internal or community-developed Flutter DApps to interact with the Archethic Blockchain.
This open-source SDK "archethic_lib_dart", available on GitHub, can be added as dependencies in Dart or Flutter projects via the Flutter libraries and packages sharing site Pub.dev.
The available functions are:
- Cryptographic functions,
- Transaction building,
- Remote endpoint calls,
- Keychain / Wallet management,
- CoinGecko functions.
All the documentation is available in the readme of the library.
Wallet timeline
Some elements of the SDK and wallet history are shown here:
The author's perspective π·
Until now, the Archethic community has always been involved in the development of the wallet to improve both the technical aspects and the user experience. The wallet has the vocation to be accessible to all to simplify and secure the uses.
You can follow or contribute to the development of the application via the dedicated repository on GitHub or via the official page of the application.
Author: Sylvain SΓ©ramy, Head of Front-End Department at Archethic Technologies
Posted on October 3, 2022
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.