I have had the idea for NxtVault for quite a while and am excited to announce that is is now in working state, has passed it's first rounds of beta testing and is now looking for a wider audience to test!
What is NxtVault?NxtVault is an Open Source secure passphrase manager and transaction signer for the NXT platform.
The purpose of NxtVault is to safely and securely protect your Nxt passphrases from viruses, hackers, keyloggers while still allowing easy access to your accounts and creation of transactions. I have chosen to build this as an Android app because the security of an Android app is much stronger then that of a PC due to Android's unique sandboxing mechanisms. Other application installed on your device cannot access the contents of NxtVault's memory and NxtVault can sign transactions on behalf of other applications without ever exposing your passphrase.
NxtVault was built on top of Jones' new "Jay Framework", a javascript library created to interface with the the nxt network using dynamically discovered public nodes, allowing for the creation of our first suite of Nxt thin clients that don't rely on a single developers centralized server!
Screenshots: NxtVault Features-Keep your passphrases safe, locked inside Android's secure sandboxed storage. No apps on your device can access this storage, including any malicious apps. Passphrases are also encrypted with a PIN number as an extra security measure.
-Create transactions without ever having to see, copy paste, or enter your passphrases ever again!
-Exposes an API for third party apps on your device to gain read access to your accounts(upon approval), as well as sign and broadcast your tx on their behalf.
-Displays a full report of the details of a transaction, giving you a final chance to confirm the tx is correct before signing and broadcasting it.
-Scan Jay Tx codes or unsigned bytes with your camera to have it signed and broadcast to the network.
-Acts as a "light" node - dynamically discovers available public nodes and uses them to query data and broadcast transactions.
-Allows you to specify your own custom broadcast server if you wish to only use your own node for privacy reasons.
The first "app" for NxtVault and jay clients has already been created by Jones and longzai, located here:
https://nxtforum.org/index.php?topic=9030.msg177286#msg177286. This application can not only be used to sign into any Nxt account with only your RS address, but upon creating a transaction will display a code that can be scanned by NxtVault and signed/broadcast.
There are many things I would like to see come from this application:
- People have been afraid of developer android apps for Nxt for some time now. I believe there are two problems that needed solving.
1. Thin android clients forced users to rely on developers centralized servers.
2. Getting your passphrase safely onto your device was a challenge. Even if you solved it fairly well, nobody was going to trust their passphrase to your app, or going through the work of having to type it in for every app they wanted to use. This led to very low use of any apps that weren't NRS.
People generally also don't even want to trust any kind of web wallet with their passphrase. I love secureae.com but I feel very uncomfortable entering my passphrase into the site. This means I need a special account with only a few of my assets... which makes it pretty useless for my daily trading. Imagine if secure ae was to show a tx code that you could scan with nxtvault instead. I think that this will open up the door with for all kinds of third party apps, now that they can build their app in such a way that it does not need to be trusted with your keys.
NxtVault is fully open source and I would request help from the community in auditing it to make sure this core application is safe for use by the masses so that everyone can stop wasting their time worrying about passwords and writing cool apps instead!
NxtVault is not a wallet! It's sole purposes is for managing your passphrases and standing between them and third party applications. It's focus is purely on security. This means I will be implementing Account Control and Phasing when it is ready, and anything else security related. I expect some nice wallets or AE traders could be built on top of this.
TestingI am currently looking for testers and have been posting APK build in #nxtvault on SuperNet slack. Please message me if you can help.
Instructions for testing are located here:
https://docs.google.com/document/d/1-OIq44Fhzz7aUm2LEsAvqn_LUzobRQG6ZZmZadRYTSI/edit?usp=sharingHere are the current APK's:
This is the NxtVault APK:
https://www.dropbox.com/s/vysarznxrq863zo/nxtvault-debug.apk?dl=0This is an example wallet application that shows developers how to integrate their app with nxtvault. This is not production ready but shows an example of adding an account from your vault, displaying it's balance and assets as well as allowing the transfer of nxt and assets:
https://www.dropbox.com/s/ky59rnnw1541t4m/testwallet-debug.apk?dl=0Please note: always back up any passphrases in a secure location. I cannot recover your passphrase and cannot be held responsible if your passphrase is otherwise lost.