How It Works
The developer-controlled wallet allows developers to create and manage wallets programmatically while maintaining full control over private keys. This approach ensures that developer owns and controls all wallets and inaccessible to third parties, including Mesh.
Setting up
To start, developers must configure an Entity Secret in the Web3 Services dashboard. This setup generates a public-private key pair:
- The public key is used to encrypt wallets’ private key.
- The private key is held exclusively by the developer and is required for decryption.
Creating wallets
When a developer creates a wallet using the SDK, the following process occurs:
- The wallet is generated within the developer’s infrastructure.
- Wallet’s private key is created and immediately encrypted using their public key.
- The wallet’s metadata, such as the wallet ID and address are derived.
- Developers should store the wallet ID for future access.
- Encrypted wallet’s private key is securely stored in Mesh infrastructure, only the developer can access it.
Retrieving wallets
When a developer needs to retrieve a wallet:
- The encrypted private key is fetched from Mesh infrastructure.
- The developer decrypts it using their private key, within the their infrastructure.
- Once decrypted, the wallet can be used for blockchain interactions.
- A CIP-30 compliant wallet is derived, enabling operations such as, fetching UTXOs and signing transactions.
Security considerations
This encryption-based system ensures that developers have complete control over their wallets while benefiting from ease of use and ease of integration. However, this control also comes with critical responsibilities:
- Private key security is the developer’s responsibility. If the private key is compromised, an attacker could gain access to encrypted wallet private keys.
- Lost private keys cannot be recovered. If the private key is lost, developers will be unable to decrypt wallet private keys and access funds. Mesh cannot recover lost private keys.