Everything goes web
Hardware wallets like the BitBox02 add a great deal of security to holding your own Bitcoin and other cryptocurrencies. They are mainly designed to work with their companion application, like the BitBoxApp.
But everything moves online. More and more services and applications are built on web technology, running directly in your browser. This can be very convenient, as it provides cross-platform and even mobile support and can be used from anywhere.
But how is that compatible with the idea of self-sovereignty? Data is either stored centrally on a web server, or locally managed by the browser on the device. Adding hardware wallet integration, and allowing online services to either outsource private key management to, or directly interact with, a user-controlled keystore gets us back on track.
There are many instances where direct integration of a hardware wallet makes sense, both for the service and their users:
- Secure key management for web wallets
Imagine using a web wallet like MyEtherwallet to manage significant amounts, but having the private keys managed by your web browser. Scary. The option to store your keys on a hardware wallet adds a lot of security.
- Direct integration into web services
Exchanges or custodial solutions can directly interact with the hardware wallet, for example to allow more secure withdrawals, minimizing manual errors and avoiding copy/paste (with the associated clipboard hijacking risks).
- Multisignature platforms
Especially useful when using web-based multisignature solutions, the BitBox02 allows you to store the relevant information of all co-signers directly on the device. This information can be provided to the hardware wallet directly and — once verified over a second channel — can be used for all future transactions.
- Dollar Cost Averaging (DCA) without address reuse
Online services can securely send future transactions to you without reusing addresses. All it takes is to share the extended public key of a dedicated account with the service, which can be achieved conveniently through a direct integration. This is especially helpful for users who buy cryptocurrencies on a regular basis using the DCA method.
A bit outside the scope of this article, but still worth mentioning: even without direct integration of the BitBox02, it can still add login security as a second-factor authentication device. Finally, get rid of these darn SMS!
How it works
The BitBoxBridge acts as a proxy and accepts requests from the browser for whitelisted web addresses, relaying them to the BitBox02 over an end-to-end encrypted channel.
In that context, we need to trust the browser security model to not accept spoofed websites. Also, malicious browser extensions could potentially still interfere with the communication from browser to the server, so services need to be implemented with the right safeguards in place.
What we provide
Our hardware wallet integration framework uses the following two components:
- BitBoxBridge is a simple, lightweight proxy that only needs to be updated to add new whitelisted web addresses.
If you want to add BitBox02 integration to your project, we’re happy to help. Reach out to us at firstname.lastname@example.org so that we can discuss how to get it done!
The Shift Team