Built on the MetaMask Snap API, EthSign Keychain is the latest utility to assist users in migrating to the decentralized world. The first of its kind, Keychain is a credential manager installed into users’ MetaMask wallets, utilizing their account’s entropy to digitally store, encrypt, and cloud sync their credentials across devices. Keychain is accessible through a Chrome Extension for users or through an NPM package for developers to integrate its functionality directly into third-party web applications.

The Issue With Centralization

You know the tale. You turn on the daily newscast only to find out about a new data breach, where millions of users had their private information stolen. Password managers are not exempt from attacks — in 2022, LastPass reported that an unauthorized party gained access to one of their third-party cloud-based storage service providers. While customer data was not accessed during the hack, both proprietary code and information were stolen, potentially putting customers at heightened risk. All centralized data stores pose the risk of widespread breaches, especially when shared data encryption methods are used internally for all customer records.

What Keychain Has to Offer

At its core, Keychain is a credential manager. It allows users to add, update, and remove credentials for websites. These credentials are encrypted and stored in MetaMask with a snap-specific key and can be synced to AWS or Arweave to allow cloud syncing capabilities. With syncing enabled, users can import the exact secret recovery phrase into MetaMask on a new device and access all synced credentials with ease. Encrypted credentials can also be imported and exported in JSON format, allowing for offline syncing and password-sharing between users with different secret recovery phrases.

Don’t Trust Us, Trust Cryptography

EthSign Keychain endorses the decentralized world, utilizing the entropy derived from a user’s MetaMask secret recovery phrase and an application-specific salt to generate a private key for encryption. From here, this key is paired with a unique nonce value for each uploaded entry to create individualized results for any publicly visible on-chain data. This encryption method ensures that each uploaded entry is notably different from the rest, fundamentally preventing the widespread leaks that plague existing centralized databases. Optionally, users can add an additional layer of encryption using a password for their account, further bolstering the security strength of the stored data. In short, your data belongs to you and everything is encrypted before leaving your computer.

Fine-grained Access Permissions

Credentials are accessible through the official EthSign Keychain Chrome extension or directly through third-party websites that take advantage of the Keychain API. Because there are many outlets for users to interact with their credential store, we designed Keychain to give users control over which websites and extensions have access to their credentials. When any origin attempts to access or modify data within Keychain that it has not been previously granted access to, Keychain will prompt users to either grant or deny access to this data. Access permissions are on a per-device basis, so each MetaMask installation will need to grant access to each origin that attempts to access its secured credentials.

Keychain Chrome Extension

The EthSign Keychain Chrome extension provides an easy-to-use interface for users to manage their credentials. Our extension detects when login and signup forms are submitted on web pages, providing users an easy path to add new credentials or update existing entries. It also supports autofill capabilities, removing the need for you to remember your login credentials or to manually find them. Users of the EthSign Keychain Chrome extension can also manage their sync settings, changing between AWS or Arweave, or disabling syncing altogether. Credentials can be imported and exported through the extension, allowing for full interaction with all Keychain Snap functionality.

Keychain API

All of EthSign Keychain’s functionality is available for developers to integrate into their sites. Simply import the ethsign-keychain-api library to access all that Keychain has to offer.

Continued Updates

Everything you just read is a quick look at our initial release of Keychain. Stay tuned for new features and improvements in the days to come!

EthSign Keychain is now available to install by downloading the Chrome extension or visiting the official MetaMask featured page. Users and developers alike may refer to the complete Keychain documentation here.