3.4 Wallet & Social Login Integration

Overview

Protecting user assets and personal data is the highest priority for SALT. The wallet system is designed using a combination of industry-leading security architecture and cloud-based hardware encryption, enabling anyone to manage blockchain assets safely and conveniently.

Traditional passwords are not used. Instead, one-time passcodes (OTPs) delivered via email are utilized for authentication. These OTPs automatically expire after a short period, so even if a code is compromised, it cannot be reused. This approach ensures that users can authenticate simply and securely, without the risks associated with password-based systems.

This security-centric approach extends across the entire wallet lifecycle. When a wallet is created, its public and private keys are generated in a secure, isolated environment within the user’s device (such as an iframe). The private key is immediately encrypted using a cloud-based hardware security module (HSM), and at no point is the raw key accessible to any part of the backend infrastructure or external parties. The hardware employed for encryption complies with recognized international standards (such as FIPS 140-2), and all cryptographic operations are performed strictly within this secure context.

Even during wallet use, private keys are never stored or exposed in plaintext on backend servers. After authentication, users retrieve the encrypted private key, and decryption is handled directly via the HSM. All sensitive actions, such as blockchain transaction signing, are performed locally in the user’s secure environment. After use, any sensitive key data is immediately wiped from memory to further reduce exposure risks.

Account recovery is designed to be straightforward and secure. As long as users have access to their registered email or linked login method, they can safely restore their wallet—without the need for complicated backup or recovery processes. If required, users may also have the option to export their private key directly.

The underlying infrastructure adheres to global standards and certifications (such as SOC 2 and ISO 27001), and is subject to regular external audits and security assessments. Annual penetration testing, bug bounty programs, and continuous monitoring ensure proactive management of emerging security threats.

Through these multi-layered protections, users retain full control of their digital assets, while the complexity of security is managed transparently by the system—allowing anyone to experience Web3 securely and effortlessly.

Security Architecture – Technical Details

1. Client-Side Key Generation

  • Public and private key pairs are generated directly within a secure, isolated environment on the user’s device (for example, an iframe).

  • Keys are produced using cryptographically secure random values (256 bits of entropy) to ensure unpredictability.

  • The private key never leaves this environment in plaintext; it is immediately encrypted upon creation.

2. Hardware Security Module (HSM)–Based Encryption

  • Private keys are encrypted using a cloud-based HSM, which is inaccessible in plaintext to backend systems or any other party.

  • All encryption and decryption processes are performed exclusively within the HSM, which is certified to international standards (e.g., FIPS 140-2).

  • Only the encrypted private key is stored; unencrypted keys are never persisted anywhere.

3. Secure Wallet Usage and Transaction Signing

  • After authentication (such as via email OTP), the encrypted private key is securely delivered to the user’s device.

  • Decryption occurs solely within the cloud HSM, using user-specific authentication credentials; backend servers never access the unencrypted key.

  • All sensitive operations, including blockchain signing, take place in the device’s secure environment, and private key data is wiped from memory immediately after use.

4. Account Recovery and Key Export

  • Users can recover their wallet by verifying their email or other connected login method; no additional backup files or steps are required.

  • For advanced users, export of the private key or seed phrase is optionally supported, providing full control when needed.

5. Compliance and External Assurance

  • The security system conforms to leading international standards such as SOC 2 and ISO 27001.

  • Regular third-party penetration testing, security reviews, and bug bounty programs support continuous risk management.

  • All infrastructure access and system logs are routinely audited, enabling rapid detection and response to any potential threats.

Last updated