How we allow you to access your embedded wallet everywhere
Madeleine Charity
|Sep 5, 2024
Yesterday, we launched a new SDK that allows developers to connect any application to a Privy wallet using RainbowKit. We could not be more excited about this feature. Cross-app wallets will enable teams to bring one of crypto's most powerful features—interoperability—to mainstream audiences. In just a few minutes, developers can add the Privy connector to their wagmi configuration and seamlessly connect to a Privy provider wallet. This blog post takes you behind the scenes to understand how we built this powerful feature.
How this works
At the core of this experience is Mobile Wallet Protocol (MWP), which allows external applications to securely interface with a wallet. Security is always our priority at Privy and as a hardened standard, we can leverage its security and compatibility to bring cross-app wallets to a broader audience.
The protocol is a two step process; first the wallet and the external application connect and agree on a shared secret. The connect step leverages a cryptographic system called Diffie Hellman key exchange. Diffie Hellman allows two parties to securely generate the same shared secret with one party's private key and the other's public key.
Then, the external application encrypts requests with this shared secret and sends them to the wallet to transact. The wallet only acts on these requests if they were encrypted with the shared secret generated in the connect step. As always, the user must approve the transaction, after which an encrypted response is sent back.
Let's look deeper into these two steps. Note that below, I will refer to the external application as the requester app and the wallet it wants to connect to as the Privy provider app.
Connect
The requester app initiates the connection. First, it generates a
requesterPublicKeyandrequesterPrivateKeypair and sends therequesterPublicKeyto the provider app. In our SDK, this pops up the /cross-app/connect page on the provider app with therequesterPublicKeyand theproviderAppId.The provider application prompts the user to approve or deny the connection. On approval, the provider generates a
providerPublicKeyandproviderPrivateKeypair and uses itsproviderPrivateKeykey and therequesterPublicKeyto recover thesharedSecret. The provider stores thissharedSecretin the browser, along with therequesterPublicKey. Then it sends theproviderPublicKeyit generated back to the requester app and closes the popup.The requester application uses the
providerPublicKeyand its ownrequesterPrivateKeyto generate the samesharedSecret. It stores thissharedSecretand its ownrequesterPublicKeyin the browser.
Now, the requester and provider application both have the same sharedSecret stored in the browser. When the requester application wants to use the provider’s wallet, it encrypts the request using the sharedSecret.
Transact
The requester application encrypts its request using the
sharedSecretand sends theencryptedRequest, along with therequesterPublicKey, to the provider application. In our SDK, this pops up the /cross-app/transact page on the provider application.The provider matches the
requesterPublicKeyand requester origin to the values stored during the connect step and then decrypts the request using thesharedSecret. Only requests encrypted with thesharedSecretgenerated in the connect step will be allowed to continue. Once the user approves the request, the provider wallet fulfills the request, encrypts the result, and sends theencryptedResultback to the requester.The requester uses the
sharedSecretto decrypt and get the result. The requester application has now transacted with the Privy provided wallet!
Happy building!
To learn more, check out our docs and a demo app we built to showcase the connector. We are so excited to see what you build on cross app wallets!
