everiSigner and its Working Principle

Every cryptocurrency requires a signer in order to authorize and verify transactions. From Bitcoin, to XRP, to Ethereum, these signers are optimized for the blockchain which they work with. However, EVT’s signer is revolutionary in its security: as compared to the aforementioned currencies, EVT uses an offline signer to protect private keys without online vulnerability.

The signing process begins when a user attempts to execute a transaction, transfer, or token manipulation. The signer is implemented as a browser add-on, which allows it to be layered with ease upon existing systems. The code is currently tailored to Google Chrome and comes in both English and Chinese versions. Users interact with an interface implemented in HTML, CSS, and javascript, which facilitates the accessibility of the signing process.

First, users must request an identity which will validate permissions. This identity is authenticated by asymmetric encryption, which is successful unless an error message is thrown. If the identity needs to be forgotten, a function also exists to remove identity permissions from the local domain. The identity includes a variety of attributes from name to the location to accounts. These required fields can be updated on multiple occasions to allow for customizability. For example, if the same identity is to be used at work and at home, cached values are no longer valid. A publicKey and hash of the identity’s public key are also generated. Once an identity is complete, the getIdentity method may be invoked in transactions. Signatures themselves must also be requested, which can be used in conjunction with evt.js. After a signature is requested by an authorized subject, it will be auto-generated and returned to the user. Signatures can be used in collaboration with an identity, which double-signs from both the user and the application.

The constructor then creates two object types — an encrypted stream and an interaction script. The encrypted stream manages the syncing of the extension and the application. After creation, it leverages Scatter, a third party platform, to aid in the signature process. The encrypted stream binds a scatter object to the application and pushes an instance to the web application to open communication. A boolean flag indicating that the signer is loaded is then set to true to proceed with the signature. One the encrypted stream has been established, the interaction script is injected which dictates the dialogue between extension and application. The interaction script determines actions depending on the received messages from the listener.

The ultimate private and public keys are paired but not readily available, in order to veil the private key from unauthorized access. This prevents malicious attacks by hackers or accidental leakages to the public. Overall, the entirety of the signing code ensures an easy, secure, signing process in keeping with the many advantages of EVT.