Mobile signing feature design

A feature that will allow browser apps communicate with CKBull wallet by sending transaction signing requests

The following diagram shows how a dApp authenticates with a user and how it sends a transaction signature request that is then signed and broadcasted by the user.

_nervos-signing.drawio.png

Components

dApp: This is the frontend of the dApp. The one that will be interacting directly with the user. This frontend can either run in a browser website or a mobile application or any kind of frontend engine
dApp backend: This is the backend of the dApp that will basically be doing the authentication of the CKBull signing service. This backend will have the auth “dApp-secret” that will be used to authenticate with the signing service. So that only the owner of the “dApp-secret” will be able to send notifications to the signed in users.
CKBull signing service: The middle service that will be handling verified communications between dApps and CKBull users
CKBull wallet user: The final user that has the CKBull wallet installed. The private keys will never leave this component so all the transaction signing will happen here
Nervos blockchain

Sign in process

The first step that the dApp needs to do is to authenticate with the user. By doing so the dApp will have the information of the user wallet (address, balance, network, etc) as well as the ability to send transaction signature requests to this user. This process is very similar to the “sing in with metamask” well known web3 action.

In the first place the dApp frontend will send an api request to its backend. The backend will ask the signing service using an authentication token (”dApp-secret”) to create a new sessionUid. This sessionUid will then be presented to the user through a QR code or an URI.
The user will scan the sessionUid using CKBull wallet and it will be presented a verification screen containing the dApp information (name, description, image, etc). If the user accepts to sign in, it will make a request to the signing service with his wallet information (address, balance, network…). The dApp will then be able to retrieve this information and sign in the final user

Transaction signing process

Once the user is signed in with the dApp, this will have the ability to send transactions intents to the CKBull wallet. The final user then will be able to retrieve those transaction intents, sign them using the private keys stored in CKBull wallet and broadcast the transactions to the blockchain.