This post is a high-level summary of key setup and transactions in the Webnative Filecoin integration as of phase 2 completion. Please see the Filecoin Phase 2 Write Up for a deeper overview of the technical architecture.
Key setup
Auth
- Users sign into the Filecoin Backup App through the Fission Auth Lobby using the webnative library
- Permission to read/write to
private/Keychain/fil-cosigner.jsonis requested
Browser half of BLS Signature Aggregation pair
-
webnative-filecoingenerates the private key for one half of a BLS signature and stores it asprivate/Keychain/fil-cosigner.json -
webnative-filecoinsends the corresponding public key to the cosigning server
Cosigning server half of BLS Signature Aggregation pair
- When the cosigning server receives a public key from webnative-filecoin, it generates a random private key that it stores alongside the public key sent by the user
Transactions
Cosigning Permissions
-
webnative-filecoinsends the user to the Fission Auth Lobby to request permission to sign transactions - In the current implementation, this is hardcoded at 1000 FIL max over one hour of time
Signing a transaction
-
webnative-filecoinreadsprivate/Keychain/fil-cosigner.jsonand signs a transaction with it - The user sends the transaction and a UCAN token with permission from the auth lobby to sign to the server.
- The server checks the UCAN for proper permissions: ensuring that the permission has not expired (within 1hr per above) and that the amount of the transaction is within the granted spending limit.
- If proper permissions, the server signs the transaction with their private key, aggregates the signature with the users, and sends the transaction to the Filecoin network
Cosigning Server
- Runs the cosigning service and a Lotus node
- Creates a per-user filecoin wallet address.
- Integrates with lotus to read balances, send and receive transactions.