Popular Post RareData Posted July 28, 2018 Popular Post Share Posted July 28, 2018 (edited) To encourage early community feedback, I'd like to introduce you to the XRP Toolkit, project goals and roadmap. Background When looking for different options to conveniently adjust wallet settings, trade on the decentralized exchange and escrow XRP, I found a few pioneering web tools like The World Exchange and Bithomp. With a background in cybersecurity and secure software development, I found it unacceptable that very few were using security headers like HTTP strict transport security (https://tools.ietf.org/html/rfc6797) and DNS security extensions (https://tools.ietf.org/html/rfc4033). In other words, the developers are either unaware or simply not doing everything in their power to protect their users against e.g. man-in-the-middle, clickjacking, cross-site scripting and DNS spoofing attacks. You can verify what security headers your favourite exchange uses with e.g. securityheaders.com: You can verify if DNSSEC is properly setup for your favourite exchange with e.g. dnsviz.net: After reaching the conclusion that a more secure and user-friendly XRP ledger interface was needed, I began developing the XRP Toolkit with security as the highest priority followed by user-friendliness. A summary of security related design choices can be seen below: Client-side transaction signing, sensitive data never leaves the browser. Hardware wallet integrations, sensitive operations can be performed inside the hardware wallet itself. Extensive server hardening with strict use of security headers. Compulsory HTTPS for all endpoints and enabled DNSSEC for all name servers. Hardware Wallet Integration Demo I recently published some early proof-of-concept code, showcasing how Ledger hardware wallets can be used to securely send XRP payments from browsers, which was quickly picked up and covered by Hodor on the XRP community blog (https://xrpcommunity.blog/enjoy-your-summer-the-xrp-ledger-is-always-working/? Quote It’s great to see so many new applications springing up that truly reflect a small-but-growing cadre of community developers who are potentially ready to boost XRP adoption (...). Project Goals After releasing the demo application, I've continued to develop the first version of XRP Toolkit and setup three major project goals: 1. Accelerate XRP mainstream adoption, by releasing a secure and user-friendly web interface, providing convenient access to the full feature set of the XRP ledger. 2. Encourage learning and XRP ledger experimentation, by making the test net more accessible. 3. Enable multisignature coordination and high security use-cases, by implementing transaction notifications and hardware wallet support. GUI Mockup/Prototype Edited June 5, 2020 by RareData Updated info and removed broken links amulecregg, yxxyun, Hydnum and 21 others 14 10 Link to comment Share on other sites More sharing options...
FlyingFox Posted July 29, 2018 Share Posted July 29, 2018 Exciting project - I look forward to seeing it develop! I use a combination of Bithomp, ripplerm, theworldexchange etc to perform actions offline from a Tails USB key on a Mac. Would be great if your project has the capability to be used for offline use (I see that's in the roadmap) on a secure platform computer - perhaps even an end-user downloadable ISO that includes Linux and your tool pre-installed, to aid faster adoption for those wanting such things. I look forward to seeing more. Well done Link to comment Share on other sites More sharing options...
Guest Posted July 29, 2018 Share Posted July 29, 2018 That's fantastic and I wish you every success. Your timing is perfect I think. May I suggest that you consider adding a QR interface to paper wallets such as the Rippex etc... It's exactly what I'm trying to do right now and a solution would be most welcome. Link to comment Share on other sites More sharing options...
RareData Posted July 29, 2018 Author Share Posted July 29, 2018 4 hours ago, Tinyaccount said: That's fantastic and I wish you every success. Your timing is perfect I think. May I suggest that you consider adding a QR interface to paper wallets such as the Rippex etc... It's exactly what I'm trying to do right now and a solution would be most welcome. Thanks!! You mean functionality to read and generate QR images? That's certainly doable for v1.0.0+. King34Maine and 1Ton 1 1 Link to comment Share on other sites More sharing options...
Guest Posted July 29, 2018 Share Posted July 29, 2018 Just now, RareData said: Thanks!! You mean functionality to read and generate QR images? That's certainly doable for v1.0.0+. Yes, if say Rippex or any other Wallet generates a offline signed transaction it would be useful to be able to turn that TXT into a QR that can then be seen by an online reader/submitter. Just a suggestion since I had a paper wallet and loaded it on to a Rippex wallet on a offline PC and wanted to QR the tran for submission. I ended up installing ToastWallet on the offline PC and now it can QR to a online Toast so I'm sorted, but I'm sure there are many paper wallet holders who would use the capability if it was available. Just a suggestion... I also just want to say again that I think it's awesome that devs like you create so much cool stuff to grow the ecosystem... respect... Link to comment Share on other sites More sharing options...
FlyingFox Posted July 29, 2018 Share Posted July 29, 2018 20 minutes ago, RareData said: Since I'm inspired by Brad's peanut butter manifesto, I most likely won't release and maintain downloadable ISO files. However, I'll make sure the XRP Toolkit client remains open-source and downloadable, ready for offline use. Instead, I'll focus on additional hardware wallet integrations. The Ledger hardware wallet can already be used to securely send XRP payments directly from e.g. Google Chrome. The hardware wallet's secure element is per definition a secure platform. Fabulous. I'll be sure to test it in an offline cold OS configuration. If you'd like me to assist here at some point, let me know! Keep up the great work - it's appreciated! RareData 1 Link to comment Share on other sites More sharing options...
Wietse Posted July 29, 2018 Share Posted July 29, 2018 This is very awesome ? Keep up the good work, you are an asset to the community, thank you :)! 1Ton and RareData 1 1 Link to comment Share on other sites More sharing options...
RafOlP Posted July 29, 2018 Share Posted July 29, 2018 Hi, this is great. Hope you can keep the good work, it looks very good. RareData 1 Link to comment Share on other sites More sharing options...
RareData Posted July 29, 2018 Author Share Posted July 29, 2018 2 hours ago, Tinyaccount said: Yes, if say Rippex or any other Wallet generates a offline signed transaction it would be useful to be able to turn that TXT into a QR that can then be seen by an online reader/submitter. Just a suggestion since I had a paper wallet and loaded it on to a Rippex wallet on a offline PC and wanted to QR the tran for submission. I ended up installing ToastWallet on the offline PC and now it can QR to a online Toast so I'm sorted, but I'm sure there are many paper wallet holders who would use the capability if it was available. Just a suggestion... I also just want to say again that I think it's awesome that devs like you create so much cool stuff to grow the ecosystem... respect... For stable v1.0.0, I'm planning to add functionality to submit/broadcast already signed transactions. Would it fulfill your use-case if the XRP Toolkit could read QR images, representing signed transactions? And in offline mode, if you could sign transactions and output QR images? Gilligan 1 Link to comment Share on other sites More sharing options...
amulecregg Posted July 29, 2018 Share Posted July 29, 2018 Looking forward for the source code, thank you! That UI looks awesome ? RareData 1 Link to comment Share on other sites More sharing options...
Guest Posted July 29, 2018 Share Posted July 29, 2018 4 hours ago, RareData said: For stable v1.0.0, I'm planning to add functionality to submit/broadcast already signed transactions. Would it fulfill your use-case if the XRP Toolkit could read QR images, representing signed transactions? And in offline mode, if you could sign transactions and output QR images? Yes that is exactly it. I'm already sorted, but I'm sure there is a significant number of people with paper wallets who would have that need. Link to comment Share on other sites More sharing options...
RareData Posted July 29, 2018 Author Share Posted July 29, 2018 Just to clarify, I contacted The World Exchange and Bithomp developers to offer my help. Kudos to The World Exchange for adding the most important header, HTTP strict transport security, within an hour! I'm still waiting for a reply from Bithomp and decided to also reach out to Wietse, responsible for the XRP Tip Bot. amulecregg and bones 2 Link to comment Share on other sites More sharing options...
Guest Posted August 3, 2018 Share Posted August 3, 2018 Looking forward to the beta in Q3. Thanks for your efforts Link to comment Share on other sites More sharing options...
RareData Posted August 26, 2018 Author Share Posted August 26, 2018 (edited) Bithomp finally replied and has now added most security headers. Their content security policy contains some unsafe directives, but Bithomp.com is now much more secure. The XRP Toolkit is still on schedule for a first beta release in Q3 (September). I'm really looking forward to receiving feedback from you guys and being able to release way more details. The XRP Toolkit will be available at https://www.xrptoolkit.com, once it's ready for release. Multiple login options, account overview, XRP payments, account settings and the UI/UX seen on this screenshot, will be available in the first release: Edited August 26, 2018 by RareData Typo. Global, 1Ton, Let_her_Ripple and 2 others 1 4 Link to comment Share on other sites More sharing options...
xrbear Posted September 14, 2018 Share Posted September 14, 2018 Excited for this project. Beautiful design. Hope you plan to release a signed Linux AppImage. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now