Solflare Wallet
  • ☀️Introduction
    • The Power of Self-Custody
    • Benefits of Non-Custodial Wallets
    • Digital Wallet Best Practices
    • Bigger Picture
  • Onboarding
    • 📞Mobile
      • Generate a New Wallet
      • Connect a Ledger Wallet
      • Import any Solana Wallet
    • 🖥️Web App & Extension
      • Generate a New Wallet
      • Import Your Ledger Device
      • Import Your Keystone Device
      • Import any Solana Wallet
    • 🚶Next Steps
  • Integrations
    • ⛓️Integrate Solflare
      • MetaMask
      • Using the Solana Wallet Adapter
      • Solflare Wallet SDK
    • 🎭Profile Picture Protocol
      • Get a Wallet's Profile Picture
      • Set NFT as Profile Picture
      • Remove a Profile Picture
    • ⚡Solflare Notifications
      • Sending Notifications
      • User's Perspective
        • Notification Center
        • Receiving Notifications
        • Subscription Management
      • API Endpoints
        • Broadcast Endpoint
        • Unicast Endpoint
        • List Casts Endpoint
        • View Cast Endpoint
        • Check Public Key Subscription Status for Domain
    • 🖼️NFT Standard
      • URI JSON Schema
      • CDN hosted files
      • Collections
      • Additional Attributes Specification
      • Order of JSON Fields
    • 🔗Deeplinks
      • Provider Methods
        • Connect
        • Disconnect
        • SignAndSendTransaction
        • SignAllTransactions
        • SignTransaction
        • SignMessage
      • Other Methods
        • Browse
      • Handling Sessions
      • Specifying Redirects
      • Encryption
      • Limitations
Powered by GitBook
On this page
  • Encryption & Decryption Workflow
  • Encryption Resources

Was this helpful?

  1. Integrations
  2. Deeplinks

Encryption

PreviousSpecifying RedirectsNextLimitations

Last updated 2 years ago

Was this helpful?

Deeplinks are encrypted using symmetric key encryption generated from a . While deeplink sessions will be created in plaintext, an encrypted channel will be created to prevent session tokens from getting hijacked.

Encryption & Decryption Workflow

Solflare deeplinks are encrypted with the following workflows:

Connect

  1. [dapp]: On the initial connect deeplink, apps should include a dapp_encryption_public_key query parameter. It's recommended to create a new x25519 keypair for every session started with connect. In all methods, the public key for this keypair is referred to as dapp_encryption_public_key.

  2. [solflare]: Upon handling a connect deeplink, Solflare will also generate a new x25519 keypair.

    • Solflare will return this public key as solflare_encryption_public_key in the connect response.

    • Solflare will create a secret key using Diffie-Hellman with dapp_encryption_public_key and the private key associated with solflare_encryption_public_key.

    • Solflare will locally store a mapping of dapp_encryption_public_key to shared secrets for use with decryption in subsequent deeplinks.

  3. [dapp]: Upon receiving the connect response, the dapp should create a shared secret by using Diffie-Hellman with solflare_encryption_public_key and the private key associated with dapp_encryption_public_key. This shared secret should then be used to decrypt the data field in the response. If done correctly, the user's public key will be available to share with the dapp inside the data JSON object.

Subsequent Deeplinks

  1. [dapp]: For any subsequent methods (such as and ), apps should send a dapp_encryption_public_key (the public key side of the shared secret) used with Solflare along with an encrypted payload object.

  2. [solflare]: Upon approval, Solflare will encrypt the signed response as a JSON object with the encryption sent as a data= query param.

  3. [dapp]: Upon receiving the deeplink response, apps should decrypt the object in the data= query param to view the signature.

Encryption Resources

To learn more about encryption and decryption, please refer to the following libraries:

JavaScript

iOS

Android

🔗
Diffie-Hellman key exchange
SignAndSendTransaction
SignMessage
TweetNaCl.js
TweetNaCl SwiftWrap
Tink
TweetNaCl Java