Metamask-extension: BitBox02 hardware wallet integration
What problem are you trying to solve?
I am a developer at Shift Cryptosecurity (https://shiftcrypto.ch) and would like to integrate our BitBox02 HWW into Metamask.
We (Shift Cryptosecurity) have been around since 2015 and we have had two successful products in this space: the "Digital BitBox (BitBox01)" and the "BitBox02".
The BitBox01 has been integrated in MyEtherWallet since 2017 and the BitBox02 integration is an open PR on MEW.
I talked to @brunobar79 about this recently and he suggested to open an issue to discuss details first. He pointed me to the trezor and ledger keyring libraries that he made to integrate Ledger and Trezor. We have a javascript library for our device here: https://www.npmjs.com/package/bitbox02-api and from looking at your keyrings, I should be able to easily provide you with one of those for our device. I see that Bruno is still the maintainer for the ledger and trezor keyring packages on npm so my question is if you would like to develop the keyring yourself, or if I provide you with one, who should maintain the package.
Describe the solution you'd like
The integration of our hww into services such as Metamask or MEW is quite unique as it does not use u2f hijack, webusb, or an external website/popup that the user has to worry about. Our goal is that when using the BB02, the user stays within the interface of Metamask the entire time. Our BitBoxBridge (https://github.com/digitalbitbox/bitbox-bridge) runs on localhost, whitelists services that want to integrate our device and relays the traffic which is end-to-end encrypted all the way to the browser. We never redirect the user to anything hosted by us, so we can't collect metadata about the users.
What would be needed for Metamask is to add a few UI elements to guide the user through the process of connecting, unlocking and pairing (verifying the encrypted channel pairing code) the device within the Metamask UI. For an idea what that might look like, I am adding a gif below for what this process looks like on MEW. Please let me know if you would prefer me to do the UI integration, or if this is something you would rather take care of yourself.
Additional context
You can contact me at [email protected]
For testing and development purposes, we can send you a developer version of the BitBox02 which can be loaded with unsigned firmware. You can contact me on my email with shipping details.
We've had our BitBox01 integrated on MyEtherWallet for a few years now and currently have an open PR to integrate the BB02 as well: https://github.com/MyEtherWallet/MyEtherWallet/pull/1957
Thanks!
Tomasvrba
All 2 comments
@jennypollack Thanks for labeling this. Quick question, is there anyone currently actively maintaining HWWs since Bruno left? Just wondering what timeline for a response I can expect on this issue. If I could get some comment soon (at least a quick go-ahead), that would be awesome, and then I can start working on the integration on my end and have at least a concept ready when we discuss more details. Thanks! :)
Tomasvrba
on 5 Mar 2020
Our team is indeed stretched thin, and recently even maintaining current hardware wallet code has slowed down development on things we consider critical for the ecosystem.
Our current work on our upcoming plugin system will allow new account types like this to be added without the need for our consent, approval, or even peer review.
The cost is that up front we have to focus, and this can even mean not reviewing and merging as many community PRs, even if you submit an excellent one. You could try out our custom account API on that snaps-beta branch, but you could also just wait another few months until we are hopefully closer to that API being stable and in production.
danfinlay
on 24 Mar 2020
Related issues
DISC30
路
3Comments
aakilfernandes
路
3Comments
glitch003
路
3Comments
BassBauman
路
3Comments
MarkOSullivan94
路
3Comments
Most helpful comment
Our team is indeed stretched thin, and recently even maintaining current hardware wallet code has slowed down development on things we consider critical for the ecosystem.
Our current work on our upcoming plugin system will allow new account types like this to be added without the need for our consent, approval, or even peer review.
The cost is that up front we have to focus, and this can even mean not reviewing and merging as many community PRs, even if you submit an excellent one. You could try out our custom account API on that snaps-beta branch, but you could also just wait another few months until we are hopefully closer to that API being stable and in production.