Wallet Security
There are two ways to onboard users in Raydius:
Social login, which generates an EOA wallet for users.
External wallet login, which stores the metadata of users' own wallets.
Social Login
Raydius will create an EOA wallet for users during social login and help with the security and recovery of the newly created wallet. It works as follows:
The wallet's public and private keys are generated in your user client.
The wallet's private key is split into three key shares using Shamir's secret sharing.
The three private key shares are encrypted by a strong password set by the user and split across the user device, Raydius, and a third-party storage provider trusted by users (Raydius provides a default - Google Drive, but the user can choose another).
When an authenticated user attempts to sign a message, keys are reconstructed in an iframe on your site to generate the signature. This iframe's origin is isolated from your site, meaning your application never has access to private keys.
If a user logs in to a new device, or loses an existing device, they can utilize their recovery key shares to regain access to their wallet.
External Wallet Login
Wallets owned by users previously are just linked to Raydius, which means Raydius only embeds the metadata (wallet address, wallet client, etc.) of those external wallets for ease of use. Therefore, Raydius cannot help with the security and recovery of those wallets.
Last updated