Have ability to save private key onto the wallet about neon-wallet HOT 18 CLOSED

@coranos neo-gui does more or less what @canesin says, encrypting private key with user password and saving. TOTP requires unnecessary centralization

I am open to storing encrypted version of private key like neo-gui, but agree we should also keep old way of logging in for users who want to save private key in their own, secure way

from neon-wallet.

Where do you store the private key then? On the clipboard? The clipboard is not secure.

The neo-gui is not an option for all users. For example, it did not synch for all of yesterday, and it does not work on a mac.

from neon-wallet.

I’d like this, but I’d like it to be optional (not that taco implied otherwise, just to be explicit).

from neon-wallet.

The problem @flavoredtaco is to securely store the keys. The straight forward method is to encrypt a file using a password, but this is orders of magnitude (by common password standards approx 1000000000000000000000000000000000000000000000000000000000000) less safe, maybe if we use a very strong password we can do much better, but then what is the difference of using just the key ? The best second option is if a camera is available we can read a private key QR code (just a easier way to login with private key).. on mobile you also have the option to use fingerprint to encrypt the storage, we can probably with a lot of effort use some kind of face recognition if a camera is available also.

Sure we can be also lazy and do the password thing, most people will be happy - but I would also like to have the option to login with the key, if not I`m not using it.

from neon-wallet.

Could this be done the way the neo-gui does it?
They use AES Encryption to decrypt a file on disk, and use the password to unlock the file and read the private key.
A keylogger could get the password and send it to a remote location, where it would be useless without the file on disk.

You could also, if you wanted, add TOTP, like Google Authentication.
https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

That would give them a limited window of time to steal your stuff.

from neon-wallet.

@coranos in that case you are relying in a 3th party to hold the encryption keys... there must be better ways to do so.

from neon-wallet.

I think you have what I said backwards. We all know how neo-gui works, I'm asking for the neon wallet to work the same.

TOTP doesn't rely on a third party to hold encryption keys, you can implement it all yourself. It's literally "I sent a number to your phone, tell me what the number is, you have 30 seconds".

So all you have to do is store a phone number server-side with their address.

from neon-wallet.

@coranos i understood what you meant about neo-gui

i didn't understand what you meant by TOTP (now I do), that could make sense but is unrelated to this issue (saving accounts)

from neon-wallet.

I would strongly advise against storing private keys on a desktop client. You need to have a very secure wallet database for this. This option is already available on the thick NEO client. I like the use case now by login, claiming GAS and make a transaction on the blockchain and exit. Using this feature on a mobile device for small amounts of NEO on that account is more appropriate.

from neon-wallet.

@coranos clipboard is not secure, you are right. NEP-2 has a standard for encrypting keys that was discussed.. people can implement that neon.

from neon-wallet.

So I was having issues and had to get a private key a few times yesterday while testing a deposit of 1 neo, when I finally got it to work I did not store my private key and when I went to login this morning I was locked out....is there anyway to recover? I have the public key from the withdrawal but that is it. I know it is just 1 neo but any help?

from neon-wallet.

I have the same issue as far as recovering my private key. I was testing the deposits from bittrex and copied the private key I tested with, but never copied the private key I sent the rest of my NEO to. Any way to recover my private key? This sucks!

from neon-wallet.

@catt1111 I'm sorry to be the bearer of bad news, but there is no way to recover your lost private key.

from neon-wallet.

I literally lucked out and made a rookie mistake and it saved my ass. When trying to transfer from my Bittrex account to the Neon account I copied and pasted my private key instead of my public key. Thank god for my mistake!

from neon-wallet.

I'd be happiest with a QR scanner built into the app. Then I can keep my keys on paper and simply scan a QR of the WIF (or address to just check balance). That way neon doesn't need to store anything on disk and no one needs to use the clipboard as long as they have a webcam.

from neon-wallet.

I'm interested in adding a simple password based protection to the wallet, would this be accepted in a PR?

from neon-wallet.

I have written a simple prototype of automatic login at #140 - this does not yet store the private key in a secure fashion and so needs further improvements.

from neon-wallet.

This is in WIP using new NEP2 standard and the reference implementation. I`m locking and closing due to spam across related issues.

from neon-wallet.