Releases: casper-ecosystem/signer
Signer v1.4.8
This release has no feature changes. It adds a URL to the manifest to allow the Signer to be used on Fuzhouchain.io
Signer v1.4.7
This release adds the Casperpunks URL to the manifest
Signer v1.4.6
Release Notes
Overview:
- Adds a new backup prompt post key creation.
- Reduces key download to only save the
secret_key.pemfile. - Amends the Huobi Apps URL in the manifest.
Signer v1.4.5
New Integration
This version contains no code changes and simply adds Gitcoin URLs to the manifest.
Checkout their page here: https://gitcoin.co/casper-network/bounties
Signer v1.4.4
Hotfix - Support for Mixed Case Keys
This release adds a fix to allow mixed case (checksummed) keys to be used when signing transfers.
Signer v1.4.3
Signer v1.4.2
This release simply adds the Metacask URL to complete their integration with the Signer. Congrats 🎉
Signer v1.4.1
Signer v1.4.1
New App Integrations
We are pleased to announce the addition of 3 new sites that have integrated with the Signer:
Signer v1.4.0
Signer v1.4.0
Signing Messages ✍️
This release implements a new feature; leveraging some new methods in the casper-js-sdk (^2.5.1) you can now use your keys to sign over arbitrary string messages with the Signer. The messages will take the form:
Casper Message:
Hello World!
(The 'Casper Message:' header is prefixed automatically by the SDK's methods).
Use Case
This feature could be prove useful in a scenario where 'Alice' provides 'Bob' with a public key.'Bob' wants to verify that 'Alice' has the corresponding secret key without 'Alice' actually sending him it. 'Bob' can send the Signer a request like this:
import { Signer, verifyMessageSignature, CLPublicKey } from 'casper-js-sdk';
...
const bobMessage = "Please sign this message, from Bob";
const signature = await Signer.signMessage(bobMessage, alicePublicKeyHex);
// Once the request for signature is approved in the Signer UI, 'Bob' can then check the signature:
const verified = verifyMessageSignature(CLPublicKey.fromHex(alicePublicKeyHex), bobMessage, signature);
if (verified) {
// handle successful verification
} else {
// handle failed verification
}Configurable Timeouts ⏳
We noted a lot of people asking to extend the idle timeout on the Signer. We have now implemented a configurable timeout that will default to 2 minutes for new vaults (it will remain at 1 minute for existing vaults unless you choose to change it). The options are 1, 2, 5 and 10 minutes. You can set the timeout from the menu in the top-right, screenshots below:
| New Menu Item | Timeout Page |
|---|---|
 |
 |
Integration with CasperStats.io 🎉
CasperStats is developed by CryptoViet Labs and provides users with lots of helpful features and tools for interacting with the blockchain.
Minor Changes 🔍
The 'New Vault' screen has been tweaked such that the two password fields are now aligned properly and are of equal length. This is to make it easier to compare passwords when creating a new one.
Known Issues 🔴
Listed below are the issues we are currently tracking for the Signer. Please check out the GitHub issues page for the Signer repo to see more details.
We are continuously looking to improve and community feedback in the form of Bug Reports and Feature Requests are always welcome to aid with this.
| Description | GitHub Issue |
|---|---|
| The Signer goes blank (instead of showing the Unlock screen) after the idle-timeout from some pages. | #112 |
| Longer account names overlap the icons on the Account Management page. | #88 |
Some pages require mouse clicks where they used to be submittable by typing Return / Enter |
#116 |
The same ed25519 key can be uploaded twice. |
#79 |
| In some instances, multiple Signer windows will be open i.e. if you click Import twice. | #76 |
| The Signer errors when trying to sign deploys on cspr.live whilst the Keplr extension is installed and active. | #132 |
Signer v1.3.0
Signer v1.3.0
There were three primary focuses for this release:
Security Enhancements 🔒
- Strong password enforcement - based on OWASP guidelines.
- The Signer will now automatically lock after an idle timeout (currently 60s).
- Your vault password will be required before deleting an account.
- The secret key field has been removed from the Create Account screen to prevent users copying or storing the raw
base64key. - The Signer will lockout for 5 minutes after five failed attempts to unlock it.
- Improved Reset Vault prompt to ensure users understand the consequences.
- Account names will be restricted to A-Z, a-z, 0-9, and _ (incl. accented characters). Pre-existing names that don't abide by the constraints won't be changed. Constraints will be enforced when names (including legacy accounts) are edited.
- File formats are verified before importing Secret key files. Users can upload
.pemor.cerformats..ceris being supported as some macOS versions convert the key files (from.pemto.cer) from the Signer during the download process. - When a site requests to connect, the URL will now be displayed within the confirmation prompt.
The Event Bus 🚌
To provide context: Currently, client sites are required to poll the Signer's state to update their site dynamically.
We have now implemented an Event Bus that emits events to which client sites can listen; this should improve the developer experience when integrating. Monitoring the Signer would also be a more efficient and more straightforward process.
For example, here is a full list of the available events and how to listen for them.
Events
connecteddisconnectedtabUpdatedactiveKeyChangedlockedunlocked
// The sytax for each event is "signer:<event>" e.g.
window.addEventListener('signer:connected, msg => {
console.log(msg)
}
// msg has the following structure
msg: {
detail: {
isConnected: boolean;
isUnlocked: boolean;
activeKey: string;
};
};
Extended Support for Stored Contract Deploys 📑
There is now the functionality to display the runtime arguments and entry point for stored contract calls.
This support doesn't yet cover more complex types like tuple or list. These will be displayed but not in a human-readable manner - e.g. [Object,...,Object]
Integration with CasperHolders.io 🎉
CasperHolders provides a user-friendly interface to interact with the Casper network - developed by a community member; @KillianH. His site has now been approved for use with the Signer - congrats Killian, we're excited to see your project thrive!
Minor Changes 🔍
- The connection toggle will only be enabled for integrated sites i.e., those included in the
manifest.json. Any non-integrated sites (saved from prior versions) will be removed from the 'Connected Sites' list. - The signing screen has been updated - Gas Price has been removed, Body Hash added and labels made more user-friendly.
Bug Fixes 🐜
| Description | GitHub Issue |
|---|---|
| On initial install the user would be presented with the Unlock screen as if there was an existing vault. Users now get the Create Vault page as expected. | #104 |
| Active Account resets to the most recently added after locking. It now persists between sessions | #120 |
| Viewing account details would set it as the Active Account. Viewing no longer changes account | #119 |
Known Issues 🔴
Listed below are the issues we are currently tracking for the Signer. Please check out the GitHub issues page for the Signer repo to see more details.
We are continuously looking to improve and community feedback in the form of Bug Reports and Feature Requests are always welcome to aid with this.
| Description | GitHub Issue |
|---|---|
| The Signer goes blank (instead of showing the Unlock screen) after the idle-timeout from some pages. | #112 |
| Longer account names overlap the icons on the Account Management page. | #88 |
Some pages require mouse clicks where they used to be submittable by typing Return / Enter |
#116 |
The same ed25519 key can be uploaded twice. |
#79 |
| In some instances, multiple Signer windows will be open i.e. if you click Import twice. | #76 |
| The Signer errors when trying to sign deploys on cspr.live whilst the Keplr extension is installed and active. | #132 |