Encryption
Deeplinks are encrypted using symmetric key encryption generated from a Diffie-Hellman key exchange. While deeplink sessions will be created in plaintext, an encrypted channel will be created to prevent session tokens from getting hijacked.
Encryption & Decryption Workflow
Solflare deeplinks are encrypted with the following workflows:
Connect
[dapp]: On the initial
connect
deeplink, apps should include adapp_encryption_public_key
query parameter. It's recommended to create a new x25519 keypair for every session started withconnect
. In all methods, the public key for this keypair is referred to asdapp_encryption_public_key
.[solflare]: Upon handling a
connect
deeplink, Solflare will also generate a new x25519 keypair.Solflare will return this public key as
solflare_encryption_public_key
in theconnect
response.Solflare will create a secret key using Diffie-Hellman with
dapp_encryption_public_key
and the private key associated withsolflare_encryption_public_key
.Solflare will locally store a mapping of
dapp_encryption_public_key
to shared secrets for use with decryption in subsequent deeplinks.
[dapp]: Upon receiving the
connect
response, the dapp should create a shared secret by using Diffie-Hellman withsolflare_encryption_public_key
and the private key associated withdapp_encryption_public_key
. This shared secret should then be used to decrypt thedata
field in the response. If done correctly, the user's public key will be available to share with the dapp inside thedata
JSON object.
Subsequent Deeplinks
[dapp]: For any subsequent methods (such as SignAndSendTransaction and SignMessage), apps should send a
dapp_encryption_public_key
(the public key side of the shared secret) used with Solflare along with an encryptedpayload
object.[solflare]: Upon approval, Solflare will encrypt the signed response as a JSON object with the encryption sent as a
data=
query param.[dapp]: Upon receiving the deeplink response, apps should decrypt the object in the
data=
query param to view the signature.
Encryption Resources
To learn more about encryption and decryption, please refer to the following libraries:
JavaScript
iOS
Android
Last updated