Argent
  • Build with Argent
  • Argent Wallets
    • Argent X
      • Adding Custom RPCs
      • Network Switcher for Dapps
      • Verify signature of undeployed account
      • WalletAccount
    • Argent Mobile
      • Argent Mobile for your web app
      • Argent Mobile for your react native app
    • Web Wallet
      • Set up guide
      • Web Wallet UX
      • API reference
      • Key Management
    • Argent Multisig
      • How multisig works
      • Create a multisig
        • With Argent signer
        • With Ledger signer
      • Join a multisig
        • With Argent signer
        • With Ledger signer
      • Replace a multisig signer
      • Airgap
    • Telegram wallet (DEPRECATED)
  • TOOLS
    • 🎨STARKNETKIT
    • ✨Invisible SDK
      • Implementation
      • Other useful endpoints
      • Types and interfaces
      • Gas abstraction
  • Example Dapps
    • StarknetKit + Session keys Demo dapp
  • AA Use Cases
    • Session Keys
      • Implement session keys
      • Session keys with outside execution
      • Demo App
      • FAQ
      • Types
    • Paymasters
    • Verifying signatures and cosigners
      • Identifying a smart account onchain
    • Multicalls
    • Outside Execution
    • Deploy accounts on behalf of users
  • Optimize your Dapp
    • Dappland
    • Known dapps
    • Transaction reviews
    • Brand your token
  • Other Products
    • Argent Card
    • Spoks
    • Perkz
    • Argent Vault on Ethereum L1
  • SUPPORT & RESSOURCES
    • Contracts and audits
    • Get in touch
Powered by GitBook
On this page
  • Architecture
  • Recovery

Was this helpful?

  1. Argent Wallets
  2. Web Wallet

Key Management

PreviousAPI referenceNextArgent Multisig

Last updated 1 month ago

Was this helpful?

Architecture

Guardian

The Web Wallet is a smart-account wallet, with the Argent Backend acting as a co-signer/guardian. The account is secured by 2 keys: the Signer Key and Guardian Key. The security model requires both signer and guardian signatures to submit a valid transaction (except for recovery-related actions, where one signer is enough).

The Guardian Key is stored in the Argent backend while the Signer Key is encrypted and stored in the Argent backend in two different versions: password-encrypted and device-encrypted.

Password-encrypted Signer Key

When a user creates a new Web Wallet account, a signer key is randomly generated, encrypted by the user’s password, and securely stored in Argent’s backend.

At no point, does Argent have access to an unencrypted form of the signer key (thus making it a proper self-custodial wallet).

Signing transactions

In order to sign a transaction, the users needs to:

  1. Authenticate with Argent’s backend through a password-less flow to retrieve the password encrypted signer key

    1. The user is asked to input his email address

    2. They receive an email with a 6-digit verification code

    3. If the correct verification code is inputted, the user is successfully authenticated.

  2. Decrypt the password-encrypted signer key with their password

To avoid users having to input their password for every transaction, every time a user inputs their password and decrypts their Signer Key at login or to sign a transaction, the key will be re-encrypted with an ephemeral key and stored in the Argent backend.

If the user needs to sign a transaction within 5 minutes time frame, this encrypted key will be fetched from the backend and decrypted locally with the ephemeral key.

Device-encrypted Signer Key

In addition to the password-encrypted Signer Key, a device-encrypted signer key used for recovery is also generated and stored in the Argent backend:

  1. Web wallet generates a device encryption key that is stored in the browser local storage

  2. The device encryption key is used to encrypt the signer key

  3. The device-encrypted signer key is stored in the Argent backend

So, the Argent Backend holds two versions of the signer private key: one encrypted with the password and another encrypted with the device key.

Recovery

Two recovery mechanisms are in place in case the user forgets their password:

  • Offchain recovery: uses the device-encrypted or password-encrypted Signer Key

  • Onchain recovery: relies on the smart account security model, i.e. the Guardian Key is able to trigger a recovery (with a time lock)

Offchain recovery

Scenario 1: the user forgot their password but still have access to a trusted device

In this case, the user can still authenticate with the Argent backend using their email address and retrieve their device-encrypted signer key which can, in turn, be decrypted using the device encryption key stored in the local storage.

Scenario 2: the user still have their password but lost access to their device

In this case, the user can authenticate with the Argent backend using their email address on a new device (browser), retrieve the password-encrypted signer key and decrypt it with their password.

Scenario 3: the user have lost both their password and trusted device

See onchain recovery

Additionally, users can choose to back-up (export) their private key and use it for offchain recovery.

Onchain recovery

The on-chain recovery is a process at the blockchain level, where the account’s guardian is allowed to replace the account’s signer. The user will generate a new signer key and encrypt it with a new password.

  1. The user authenticates with Argent using the email-based passwordless flow and requests an onchain recovery

  2. This triggers a 7-days timelock where the user will regularly receive emails informing them that a recovery has been started. If they did not initiate that recovery themselves, they can halt it.

  3. After 7 days, the signer will be replaced, and the user will receive a confirmation email letting them know they can now use their account.

Guardian removal

If they wish to remove the guardian, users can trigger an escape mechanism that will remove the guardian after a timelock of minimum 7 days.

The timelock, or security period, gives users time to react if an attacker is attempting to remove the guardian