Skip to content

Encrypt Wallet Private Key with User-Defined Password During Signup Flow #65

New issue
New issue
Open
Feature
#78
Open
Encrypt Wallet Private Key with User-Defined Password During Signup Flow#65
Feature
#78
Assignees
tusharshah21
Labels
enhancementNew feature or requesthelp wantedExtra attention is neededonlydust-waveContribute to awesome OSS repos during OnlyDust's open source week
@pmora3003

Description

@pmora3003
pmora3003
opened on Apr 24, 2025

✨ Objective

Redesign the user creation and wallet generation flow to enhance security and control. Currently, wallets are created at the time the admin registers a user, and the private key is encrypted using a generic password ("1234"). This issue aims to:

  • Delay wallet creation until the user completes their signup process.
  • Encrypt the private key using the actual password chosen by the user.
  • Implement an email-based OTP (One-Time Password) to verify email ownership before setting the password and creating the wallet.

🛠 Tasks

📬 1. Initial Admin User Creation

  • The admin creates a new user with an email.
  • No wallet is generated at this stage.
  • Backend sends an email to the user notifying that an account was created and prompting them to complete signup.

🔐 2. Email Verification + Signup

  • Implement a new frontend page: Frontend/app/sign-up/verify.tsx
  • User accesses the page via a link with a secure token (sent by email).

Page asks the user to:

  • Input the OTP sent to their email.
  • Set a new password.
  • Upon OTP validation, the user can proceed.

🧠 3. Wallet Generation with Password-Based Encryption

Once the password is set:

  • Generate the wallet.
  • Encrypt the wallet's private key using the password the user provided.
  • Notify core team to store the encrypted private key in the database.
  • Associate it with the user account.

🔄 4. Remove Generic "1234" Encryption Logic

  • Eliminate or refactor any code that automatically encrypts private keys with "1234" during initial user creation.

💻 Files to Modify

Frontend

  • Frontend/app/api/users/route.ts — Remove wallet creation from this route.
  • Frontend/app/sign-up/verify.tsx — New signup screen for password + OTP.
  • Frontend/app/auth/ — Adjust logic for password setup and encryption trigger.

Backend

  • Backend/routes/user.js — Update user creation logic.
  • Add a secure OTP flow for email verification.
  • Add logic to generate and encrypt wallet with user password.
  • Ensure secure encryption method is used.

✅ Acceptance Criteria

  • User receives an email with OTP and signup link.
  • User verifies email and sets a password.
  • Wallet is generated and private key is encrypted with the user's password.
  • Encrypted private key is stored securely in the database.
  • No default or hardcoded password encryption is used.

📦 Resources

User Creation Logic: Frontend/app/api/users/route.ts

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requesthelp wantedExtra attention is neededonlydust-waveContribute to awesome OSS repos during OnlyDust's open source week

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions