Key Management
Last updated
Was this helpful?
Last updated
Was this helpful?
The Web Wallet is a smart-account wallet, with the Argent Backend acting as a co-signer/guardian. The account is secured by 2 keys: the Signer Key and Guardian Key. The security model requires both signer and guardian signatures to submit a valid transaction (except for recovery-related actions, where one signer is enough).
The Guardian Key is stored in the Argent backend while the Signer Key is encrypted and stored in the Argent backend in two different versions: password-encrypted and device-encrypted.
When a user creates a new Web Wallet account, a signer key is randomly generated, encrypted by the user’s password, and securely stored in Argent’s backend.
In order to sign a transaction, the users needs to:
Authenticate with Argent’s backend through a password-less flow to retrieve the password encrypted signer key
The user is asked to input his email address
They receive an email with a 6-digit verification code
If the correct verification code is inputted, the user is successfully authenticated.
Decrypt the password-encrypted signer key with their password
In addition to the password-encrypted Signer Key, a device-encrypted signer key used for recovery is also generated and stored in the Argent backend:
Web wallet generates a device encryption key that is stored in the browser local storage
The device encryption key is used to encrypt the signer key
The device-encrypted signer key is stored in the Argent backend
So, the Argent Backend holds two versions of the signer private key: one encrypted with the password and another encrypted with the device key.
Two recovery mechanisms are in place in case the user forgets their password:
Offchain recovery: uses the device-encrypted or password-encrypted Signer Key
Onchain recovery: relies on the smart account security model, i.e. the Guardian Key is able to trigger a recovery (with a time lock)
Scenario 1: the user forgot their password but still have access to a trusted device
In this case, the user can still authenticate with the Argent backend using their email address and retrieve their device-encrypted signer key which can, in turn, be decrypted using the device encryption key stored in the local storage.
Scenario 2: the user still have their password but lost access to their device
In this case, the user can authenticate with the Argent backend using their email address on a new device (browser), retrieve the password-encrypted signer key and decrypt it with their password.
Scenario 3: the user have lost both their password and trusted device
See onchain recovery
The on-chain recovery is a process at the blockchain level, where the account’s guardian is allowed to replace the account’s signer. The user will generate a new signer key and encrypt it with a new password.
The user authenticates with Argent using the email-based passwordless flow and requests an onchain recovery
This triggers a 7-days timelock where the user will regularly receive emails informing them that a recovery has been started. If they did not initiate that recovery themselves, they can halt it.
After 7 days, the signer will be replaced, and the user will receive a confirmation email letting them know they can now use their account.
If they wish to remove the guardian, users can trigger an escape mechanism that will remove the guardian after a timelock of minimum 7 days.
