Putting private keys directly into websites is not safe or secure, even ones run by reputable community members. Yet this is currently how nearly every Hive-based site or service currently works. On top of that, most Hive users likely use their master password which is even worse.
The Vessel desktop wallet software is a secure alternative, but it is too difficult to use for the majority of Hive users and does not easily interact with websites - which is Hive's primary use case.
On Ethereum, you never have to enter your private key into a website to use a dApp. You can just use a browser extension like Metamask, which dApp websites can interface with to securely store your keys and broadcast transactions to the blockchain.
Hive Keychain aims to bring the security and ease-of-use of Metamask to the Hive blockchain platform.
Installation
You can download and install the latest published version of the extension for the following browsers:
The Hive Keychain extension includes the following features:
Store an unlimited number of Hive account keys, encrypted with AES
View balances, transaction history, voting power, and resource credits
Send HIVE and HBD transfers, manage witness votes, and update HP delegation right from the extension
Manage your Hive Engine tokens
Power up or down
Securely interact with Hive-based websites that have integrated with Hive Keychain
Manage transaction confirmation preferences by account and by website
Locks automatically on browser shutdown or manually using the lock button
Website Integration
a
Websites can currently request the Hive Keychain extension to perform the following functions / broadcast operations:
Send a handshake to make sure the extension is installed
Decrypt a message encrypted by a Hive account private key (commonly used for "logging in")
Post a comment (top level or reply)
Broadcast a vote
Broadcast a custom JSON operation
Send a transfer
Send Hive Engine tokens
Send Delegations
Power up/down
Vote for witnesses
Create/Remove/Vote for proposals
Create claimed accounts
Sign Tx
Usage
Example
An example of a web page that interacts with the extension is included in the "example" folder in the repo. You can test it by running a local HTTP server and going to http://localhost:1337/main.html in your browser.
cd examplepython -m http.server 1337 //or any other method to run a static server
NOTE: On localhost, it will run on port 1337.
Using Keychain for logins
To login, you can encode a message from your backend and verify that the user can decode it using the requestVerifyKey method.
See an example in this project by @howo (@steempress witness):
Alternatively, you can use requestSignTx and verify the signature on your backend.
@hiveio/keychain
This npm module makes it easy to add Keychain support within the browser. It also includes helpful functions to check whether Keychain was used before. It was developed by @therealwolf (witness).
Operations
The Hive Keychain extension will inject a "hive_keychain" JavaScript into all web pages opened in the browser while the extension is running. You can therefore check if the current user has the extension installed using the following code:
hive_keychain
Use the hive_keychain methods listed below to issue requests to the Hive blockchain.
requestHandshake
This function is called to verify Keychain installation on a user's device
amountString Amount to be transfered. Requires 3 decimals.
memoString The memo will be automatically encrypted if starting by '#' and the memo key is available on Keychain. It will also overrule the account to be enforced, regardless of the 'enforce' parameter
请发表评论