Jump to content

[AMA] XRP Toolkit: Project Goals & Roadmap

RareData

By RareData,
in Software and Hardware

 Share

Recommended Posts

  • Popular Post
RareData

RareData

Posted
  • Popular Post
Posted (edited)

To encourage early community feedback, I'd like to introduce you to the XRP Toolkit, project goals and roadmap.

Background
When looking for different options to conveniently adjust wallet settings, trade on the decentralized exchange and escrow XRP, I found a few pioneering web tools like The World Exchange and Bithomp.

With a background in cybersecurity and secure software development, I found it unacceptable that very few were using security headers like HTTP strict transport security (https://tools.ietf.org/html/rfc6797) and DNS security extensions (https://tools.ietf.org/html/rfc4033). In other words, the developers are either unaware or simply not doing everything in their power to protect their users against e.g. man-in-the-middle, clickjacking, cross-site scripting and DNS spoofing attacks.

You can verify what security headers your favourite exchange uses with e.g. securityheaders.com:
6QiMbsF.png
Mq1DeSN.png
M7F0AOG.png

You can verify if DNSSEC is properly setup for your favourite exchange with e.g. dnsviz.net:JRK7J4f.png

After reaching the conclusion that a more secure and user-friendly XRP ledger interface was needed, I began developing the XRP Toolkit with security as the highest priority followed by user-friendliness. A summary of security related design choices can be seen below:

  • Client-side transaction signing, sensitive data never leaves the browser.
  • Hardware wallet integrations, sensitive operations can be performed inside the hardware wallet itself.
  • Extensive server hardening with strict use of security headers.
  • Compulsory HTTPS for all endpoints and enabled DNSSEC for all name servers.

Hardware Wallet Integration Demo
I recently published some early proof-of-concept code, showcasing how Ledger hardware wallets can be used to securely send XRP payments from browsers, which was quickly picked up and covered by Hodor on the XRP community blog (https://xrpcommunity.blog/enjoy-your-summer-the-xrp-ledger-is-always-working/?

Quote

It’s great to see so many new applications springing up that truly reflect a small-but-growing cadre of community developers who are potentially ready to boost XRP adoption (...).

Project Goals

After releasing the demo application, I've continued to develop the first version of XRP Toolkit and setup three major project goals:

1. Accelerate XRP mainstream adoption, by releasing a secure and user-friendly web interface, providing convenient access to the full feature set of the XRP ledger.
2. Encourage learning and XRP ledger experimentation, by making the test net more accessible.
3. Enable multisignature coordination and high security use-cases, by implementing transaction notifications and hardware wallet support.

GUI Mockup/Prototype
cXC7jJV.png

Edited by RareData
Updated info and removed broken links
Link to comment
Share on other sites
  • Replies 15
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

RareData
RareData

To encourage early community feedback, I'd like to introduce you to the XRP Toolkit, project goals and roadmap. Background When looking for different options to conveniently adjust wallet setti

RareData
RareData

Bithomp finally replied and has now added most security headers. Their content security policy contains some unsafe directives, but Bithomp.com is now much more secure. The XRP Toolkit is st

RareData
RareData

Thanks!!  You mean functionality to read and generate QR images? That's certainly doable for v1.0.0+.

FlyingFox

FlyingFox

Posted
Posted

Exciting project - I look forward to seeing it develop!  I use a combination of Bithomp, ripplerm, theworldexchange etc to perform actions offline from a Tails USB key on a Mac.  Would be great if your project has the capability to be used for offline use (I see that's in the roadmap) on a  secure platform computer - perhaps even an end-user downloadable ISO that includes Linux and your tool pre-installed, to aid faster adoption for those wanting such things.

I look forward to seeing more.  Well done

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

That's fantastic and I wish you every success.  Your timing is perfect I think.

May I suggest that you consider adding a QR interface to paper wallets such as the Rippex etc...   It's exactly what I'm trying to do right now and a solution would be most welcome.   :) 

Link to comment
Share on other sites
RareData

RareData

Posted
  • Author
Posted
4 hours ago, Tinyaccount said:

That's fantastic and I wish you every success.  Your timing is perfect I think.

May I suggest that you consider adding a QR interface to paper wallets such as the Rippex etc...   It's exactly what I'm trying to do right now and a solution would be most welcome.   :) 

Thanks!! :) You mean functionality to read and generate QR images? That's certainly doable for v1.0.0+.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
Just now, RareData said:

Thanks!! :) You mean functionality to read and generate QR images? That's certainly doable for v1.0.0+.

Yes,  if say Rippex or any other Wallet generates a offline signed transaction it would be useful to be able to turn that TXT  into a QR that can then be seen by an online reader/submitter.   Just a suggestion since I had a paper wallet and loaded it on to a Rippex wallet on a offline PC and wanted to QR the tran for submission.

I ended up installing ToastWallet on the offline PC and now it can QR to a online Toast so I'm sorted,  but I'm sure there are many paper wallet holders who would use the capability if it was available.   Just a suggestion...

I also just want to say again that I think it's awesome that devs like you create so much cool stuff to grow the ecosystem...  respect...

Link to comment
Share on other sites
FlyingFox

FlyingFox

Posted
Posted
20 minutes ago, RareData said:

Since I'm inspired by Brad's peanut butter manifesto, I most likely won't release and maintain downloadable ISO files. However, I'll make sure the XRP Toolkit client remains open-source and downloadable, ready for offline use.

Instead, I'll focus on additional hardware wallet integrations. The Ledger hardware wallet can already be used to securely send XRP payments directly from e.g. Google Chrome. The hardware wallet's secure element is per definition a secure platform.

Fabulous.  I'll be sure to test it in an offline cold OS configuration.  If you'd like me to assist here at some point, let me know!

Keep up the great work - it's appreciated!

Link to comment
Share on other sites
RareData

RareData

Posted
  • Author
Posted
2 hours ago, Tinyaccount said:

Yes,  if say Rippex or any other Wallet generates a offline signed transaction it would be useful to be able to turn that TXT  into a QR that can then be seen by an online reader/submitter.   Just a suggestion since I had a paper wallet and loaded it on to a Rippex wallet on a offline PC and wanted to QR the tran for submission.

I ended up installing ToastWallet on the offline PC and now it can QR to a online Toast so I'm sorted,  but I'm sure there are many paper wallet holders who would use the capability if it was available.   Just a suggestion...

I also just want to say again that I think it's awesome that devs like you create so much cool stuff to grow the ecosystem...  respect...

For stable v1.0.0, I'm planning to add functionality to submit/broadcast already signed transactions.

Would it fulfill your use-case if the XRP Toolkit could read QR images, representing signed transactions? And in offline mode, if you could sign transactions and output QR images?

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
4 hours ago, RareData said:

For stable v1.0.0, I'm planning to add functionality to submit/broadcast already signed transactions.

Would it fulfill your use-case if the XRP Toolkit could read QR images, representing signed transactions? And in offline mode, if you could sign transactions and output QR images?

Yes that is exactly it.   I'm already sorted,   but I'm sure there is a significant number of people with paper wallets who would have that need.

Link to comment
Share on other sites
RareData

RareData

Posted
  • Author
Posted

Just to clarify, I contacted The World Exchange and Bithomp developers to offer my help. Kudos to The World Exchange for adding the most important header, HTTP strict transport security, within an hour! I'm still waiting for a reply from Bithomp and decided to also reach out to Wietse, responsible for the XRP Tip Bot.

iWs2hal.png

Link to comment
Share on other sites
  • 4 weeks later...
RareData

RareData

Posted
  • Author
Posted (edited)

Bithomp finally replied and has now added most security headers. Their content security policy contains some unsafe directives, but Bithomp.com is now much more secure.

zA4n4h0.png

The XRP Toolkit is still on schedule for a first beta release in Q3 (September). I'm really looking forward to receiving feedback from you guys and being able to release way more details. The XRP Toolkit will be available at https://www.xrptoolkit.com, once it's ready for release. Multiple login options, account overview, XRP payments, account settings and the UI/UX seen on this screenshot, will be available in the first release:

x6L03od.png

Edited by RareData
Typo.
Link to comment
Share on other sites
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept