hedera-hashgraphhashgraphhashpack

Does connecting HashPack wallet mean the application can read my private key?


When we connect our HashPack wallet, does it mean I allowed the application to read my private key?

I think it is not necessary to read the private key of my wallet to log in.


Solution

  • No, connecting signing wallets like HashPack or Blade does not read you private keys from the application. Those wallets implement a signer/provider architecture. See the HIP (https://hips.hedera.com/hip/hip-338) and documentation (https://docs.hedera.com/hedera/docs/signature-provider) for more details.

    A provider is like a tunnel that enables sending transactions from the application to the wallet for signing. That way the signer (the account in the wallet) can authorize the transaction while keeping the private keys securely in the wallet.

    Here's a code sample that signs and executes a smart contract function using the signer in a HashPack wallet:

    //Execute a contract function (transfer)
    const contractExecTx = await new ContractExecuteTransaction()
        .setContractId(contractId)
        .setGas(3000000)
        .setFunction("tokenAssoTrans", new ContractFunctionParameters().addInt64(50))
        .freezeWithSigner(signer);
    const contractExecSign = await contractExecTx.signWithSigner(signer);
    const contractExecSubmit = await contractExecSign.executeWithSigner(signer);