Author: Erik Aronesty 2020-12-23 21:13:29
Published on: 2020-12-23T21:13:29+00:00
The Bitcoin community is proposing a wallet interface specification for bitcoin applications, with the goal of defining a simple interface that wallets and applications can agree on. The aim is to cover the vast majority of use cases and enable the writing of bitcoin applications on the web that can be seamlessly used with any compatible wallets. The proposed API would expose the address derivation and signing functions of Bitcoin wallets to external applications. It is suggested that the wallet metadata should include a name field. The interface is expressed in javascript and is designed to be implemented in other contexts as well. The interface could be exposed at the top level of a webpage, for example under `window.bitcoin`. However, this spec does not intend to define any standards for how and where the interfaces should be exposed. Wallet software should always prompt the user for confirmation when sensitive functions like signing are involved. The wallet must implement the following methods: enable and request. The enable call prompts the user for access to the wallet. If successful, it resolves to an address of the wallet. On the other hand, the request method takes one parameter in the specified format. The wallet should reject requests unless enable has been resolved. Sensitive requests that involve signing should always prompt the user for confirmation. The mandatory methods include wallet_getAddresses, wallet_signMessage, wallet_signPSBT, and wallet_getConnectedNetwork. A wallet need not provide every possible scenario for usage. The primitives of keys and signing can expose enough to applications to do the rest. Applications should have flexibility in how they implement these functions. It is the role of a library rather than the wallet. Great care should be taken when exposing wallet functionality externally as the security and privacy of the user is at risk. Operations that trigger signing using private keys should be guarded behind confirmation screens where the user is fully aware of the nature of the transaction. In addition, some API methods expose metadata about the user, such as public keys. Depending on how privacy-focused the wallet intends to be, the wallet could protect these behind a confirmation.
Updated on: 2023-06-14T16:50:48.404087+00:00