Web3Auth
Disallow developers from accessing private keys in MPC #1339
enu-kuro
announced in
Feature Requests
Replies: 2 comments
-
|
How about this? By having the Torus nodes not return the social login share and only allowing access to the private key upon a user explicitly providing the backup share to an app which has dapp share, except when the backup share is generated, this would effectively prevent developers from accessing the private key without the user's permission. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This is and will be a part of the MPC version available via self-host |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, I wanted to make a feature request for the MPC version of Web3Auth. Is there a plan to include a function that disallows developers from accessing private keys? This would provide a higher level of security for users and ensure that private keys are not accessible to apps.
As mentioned by a member of Magic, "Revealing the private key is a highly-sensitive user action and thus we do not allow integrating developers to access the private key." It would be great if this principle could be extended to the MPC version of Web3Auth.
magiclabs/magic-js#167
In addition, it would also be beneficial if users could still retrieve their private keys through the Web3Auth site, even if they are unable to do so through the integrated app. This would provide an extra layer of security and give users peace of mind.
Beta Was this translation helpful? Give feedback.
All reactions