Welcome to SSP Wallet
Last updated
Last updated
Visit us at:
Google Chrome Extension:
iOS:
Android:
SSP Wallet is not just another crypto wallet. It is a true two-factor authentication wallet designed with security and self-custody at its core. Here's how it works:
Two Devices, Two Keys:
Your SSP Wallet contains one private key.
Your SSP Key (on your mobile device) contains a second private key.
2-of-2 Multisignature:
Transactions are constructed and signed by the SSP Wallet and then signed again by SSP Key.
Enhanced Security:
Keys, seeds, and sensitive data are never shared between devices, making it impossible to compromise without access to both devices.
This design ensures that both devices are required to authorize any transaction, making the wallet incredibly secure and user-friendly.
SSP Wallet adheres to the BIP48 derivation scheme for generating hierarchical deterministic keys supporting P2SH, P2SH-P2WSH, and P2WSH addresses.
Example derivation paths for popular chains:
Bitcoin: m/48'/0'/0'/2'/0/0
Flux: m/48'/19167'/0'/0'/0/0
Extended functionality includes support for additional chains and constructing multiple external addresses per chain as needed.
Initial Setup:
SSP Relay Server:
Simplifies the synchronization process by facilitating communication between SSP Wallet and SSP Key.
Synchronization starts when the SSP Key scans a Hardened Extended Public Key QR code from SSP Wallet.
A special identity path (m/48'/0'/0'/2'/10/0) reserved for SSP Wallet verifies unique wallet instances.
Public Key Exchange:
SSP Key sends its hardened extended public key (e.g., m/48'/0'/0'/2') to the SSP Relay Server along with a constructed 2-of-2 multisignature address.
SSP Wallet validates the received address, ensuring integrity.
Validation and Confirmation:
Both SSP Wallet and SSP Key confirm matching derived addresses to finalize synchronization.
Transaction Signing:
Transactions are signed in two steps:
SSP Wallet constructs the transaction and signs it with its private key.
SSP Key receives the partially signed transaction via the relay server, signs it with its private key, and returns the fully signed transaction for broadcast.
Offline Functionality:
Transactions and synchronization can bypass the relay server through manual QR code scanning, maintaining security in environments with restricted connectivity.
Sensitive Data:
Encryption Layers:
PBKDF2-based password derivation generates keys for AES-GCM encryption.
Secondary encryption uses device and browser fingerprints to restrict data access to the originating environment.
Local Data Management:
Serialized sensitive data (e.g., keys, seeds) is stored as JSON blobs with base64-encoded fields (data, iv, and salt).
This approach prevents brute-force attacks and unauthorized migration between devices.
Session Management:
Encrypted passwords are stored temporarily in session storage, ensuring convenience without compromising security.
No sensitive data is ever retained in unencrypted form, even within the application’s runtime memory.
Non-Sensitive Data:
Information such as transaction history and balance data is stored using LocalForge, prioritizing performance without compromising sensitive details.
Anti-Phishing Measures:
The wallet and key validate each other's public keys and derived addresses during setup.
Server Security:
SSP Relay Server only facilitates communication and cannot access private keys or sensitive data.
Brute Force Protection:
Physical possession of both devices and knowledge of passwords are required to compromise the wallet.
Built With: React 18, TypeScript, Vite
Node Version: 20+
Run Development Mode: yarn dev
Modular Codebase:
Separation of concerns for wallet UI, cryptographic operations, and relay server communication.
Strong Typing:
TypeScript ensures type safety and prevents runtime errors.
Test Coverage:
Unit tests of library ensures reliability of critical functions.
Join us in building a secure, simple, and powerful wallet for the crypto community!
SSP Wallet, SSP Key, and SSP Relay were thoroughly audited, with the final report completed in March 2025.
Shnorr Multisig Account Abstraction Smart Contracts and SDK underwent a comprehensive audit, finalized in February 2025.
📄 SSP Wallet, SSP Key, SSP Relay Audit
📄 Smart Contracts Audit
📄 SDK Audit
SSP Wallet is fully open source, ensuring transparency and community trust. Review and contribute to the project here:
SSP Wallet has a comprehensive documentation available at with many guides, FAQs, API references and more:
Integrated Blockchains, Assets - Coins, Tokens in SSP Wallet are available at: . SSP Supports custom ERC20 token imports on Ethereum network.
SSP Wallet supports multiple languages! Help us make it accessible to everyone by contributing to translations at: ,
SSP Key Repository:
SSP Relay Repository:
Account Abstraction Repository:
By using SSP Wallet, you agree to the terms outlined in the .
Our security is a top priority. All critical components of the SSP ecosystem have undergone rigorous security audits by , ensuring the highest standards of protection.
(GitHub)
(Halborn)
(GitHub)
(Halborn)
(GitHub)
(Halborn)
