Where are private keys stored?

When a user signs up on Authereum, a new contract-based account is deployed. Each account contract requires keys to manage it, so when you signed up a new key pair was also generated on your browser client-side. This key is encrypted with a password derived key (PBKDF2). Keys are stored in browser local storage and the encrypted keystore is stored on Authereum so that you can login in different devices.

You can always export the management key (also called Admin key) from the export page in settings or add additional admin keys on the admin keys page.

A more detailed explanation can be read in the Authereum Key Architecture Explained article.

Can I implement signature-based authentication on my dapp using Authereum?

Yes! Authereum is offered as a web3 provider so the user on the dapp can generate a signature given a challenge string provided by the dapp and then verify the signatures on the backend using EIP1271. A number of dapps that have integrated Authereum are doing signature based authentication. Read the Verifying Signatures section for examples on using EIP1271 for verifying contract-based account signatures and check out the section on signing message using the web3 provider.

For a simple example on how to implement this in Node.js, check out the signature-based authentication example.

Can I use the Authereum provider in node.js?

The Authereum provider is meant to be used on the browser because it relies on iframe communication to access sandboxed local storage. If running with node directly then it won't work but we are working on a provider that would work with node for backends.

Does a relayer have access to my Authereum account?

Only you, the owner of the account, has access to the contract-based account (CBA). The relayer, or anyone else for that matter, does not have access to your CBA. The relayer takes your signed transaction and attaches the gas fee. The CBA meta-transaction method is responsible for refunding the relayer after the user's transaction has been processed.

Should I be using the Authereum SDK or the Authereum web3 provider?

We recommend using the Authereum web3 provider whereever possible. The Authereum web3 provider is essentially a wrapper aound the Authereum SDK. Most dapps are built using a web3 provider so using the Authereum web3 provider should work as a drop-in replacment for MetaMask.

Can I use Authereum with ganache or local testrpc?

Not yet, but we are working on adding support for this.

Can I use WalletConnect with Authereum?

Yes! Authereum support WalletConnect. Simply scan a WalletConnect-enabled QRCode to setup the connection.

Can I pay to give my dapp users free transactions through the Authereum relayer?

Yes! Reach out to us on Telegram or email.

If I create an account on one testnet, will it be available on other testnets?

No, this doesn't happen because each testnet is a separate chain and account creating involves deployment a smart contract to that testnet.

Can I use a private chain or custom local RPC for testing?

It's not possible at the moment but we are currently working on ways to use local RPCs. It's more challenging than anticipated because of different moving parts so we can't give a definite time when we'll have something ready but it's in the works.

Does Authereum offer a white-label solution?

A white-label solution is something we're discussing about offering in the long-term. No short-term plans on a white-label solution. We'd love to hear what features you're looking for; message us on telegram.

Why doesn't Authereum work on my browser?

In order to be non-custodial, your wallet keys are decrypted and loaded into your browsers local storage under a sandboxed domain. When using a dapp, the Authereum SDK must communicate to the sandboxed domain to send requests for the private key to sign. This communication between domains is called 3rd-party communication and access to the local storage is called 3rd-party storage access, although different browsers might use different terminology such as 3rd-party cookies or 3rd-party session data. When using a browser in private mode or with shields enabled, the browser blocks 3rd-party access to the local storage which means the Authereum SDK can no longer store the private key under the sandboxed domain so in order for it to work 3rd-party access to storage must be enabled. To learn how to enable these settings, please visit the browser compatibilty page.

In there a React Native SDK available?

Not yet but we'll be working on one soon.

Is the Authereum SDK open source?

Not yet but it will be open source once it's more stable since we're tightening things down.

Is there an Authereum browser extension I can use?

Not yet but we are working on one.

Why do I need to deposit ETH into my account after signing up?

Due to the high gas market it became uneconomical to sponsor new account deployments. As of August 2020, new accounts will require users to pay the on-chain transaction fee for the contract-based account deployment.

Which browsers support the QRCode scanner?

  • iOS:

    • Safari only. Other browsers require image upload.

  • Android:

    • All browsers.

  • Desktop:

    • All browsers, as long the computer has a webcam.

How do I set up account recovery?

Account recovery can be configured in the account recovery settings page.

How can I access my contract based account if Authereum ceases to exist?

There's an open source simple react app (https://github.com/authereum/direct) that anyone can download and run to interact directly with their contract-based account. This doesn't require any Authereum services and communicates directly with the chain. Please make sure to export your admin key first from the settings page or add an additional admin key such as your MetaMask address since transactions made to your contract-based account need to come from an admin key account.

Where can I read more FAQs?

For more FAQs, please visit the help center to view Frequently Asked Questions: https://support.authereum.com

Last updated