What is master key in peeranha
- peeranha Peeranha
what is master key exactly in peeranha, what is the difference between keys we used in scatter/sqrl for telos and keys we used in
Peeranha is decentralized application running on Telos blockchain. That means that every user is required to have an account on Telos blockchain and private keys to sign transactions.
Peeranha provides users with two options for managing account and signing transactions that are posted on the blockchain:
Option 1. Scatter or Sqrl wallet
This option is the most familiar to the users that have used EOS/Telos decentralized applications previously. Private keys for a Telos/EOS account are stored by Scatter/Sqrl wallet. Application requests the wallet to sign transactions. Application does not have access to keys at any moment.
This is the most secure way for storing keys and interacting with decentralized applications. However, it creates several inconveniences for the users:
- Learning curve: Users are required to have at least some understanding of blockchain and private keys. Additionally users must learn wallet interface;
- Access to account from various devices: Wallets store keys locally on the device where it is installed. If user needs to access an account from another device then keys need to be imported into a wallet on that device;
- Poor user experience: wallet opens a pop up for every user action in decentralized applications. Even a simple "upvote" operation requires user approval.
These inconveniences create huge barrier for mass adoption of decentralized applications. To solve that, the second option was implemented in Peeranha.
Option 2. Email and password
Email and password is the most common way for authenticating users in web applications. Peeranha aims to provide users with very similar experience. However, the way it works under the hood is different.
Peeranha stores private keys of user accounts on its servers but the keys are transported and stored encrypted.
If Peeranha creates Telos account for a user then both active key and owner key are stored. If user signs up with an existing account then only active key is stored.
The keys are stored twice:
Encrypted using user password
Encrypted using master key
Master key is randomly generated Base58 string. Master key is required to restore access to account if user forgets password.
In a normal scenario, a user uses password to authenticate with Peeranha’s API and retrieves active private key encrypted using the password. The key is decrypted on the client side and used to sign transactions.
If user forgets password then master key is used to authenticate with Peeranha’s API and retrieve version of the keys encrypted using the master key. The keys then decrypted using master key on the client side, encrypted using new password and re-saved on the server.