TezBox — How it works under the hood

TezBox is a wallet developed by Stephen Andrews, a community developer and a founding board member of the Tezos Commons Foundation.

This article will aim to help educate people on how TezBox works, what security measures have been taken, and plans for the future.

Firstly, How it works:

We don’t store your private key — in fact, this never leaves your PC while using our wallet (in any form). Instead, we store an encrypted version of your private/secret key on your local device. We take the following steps:

1. We harden your encryption password using a pbkdf2 function — this is designed to make bruteforcing extremely hard by repeatedly hardening your password. We run through 30,000 rounds with a unique salt for each private key.
2. We encrypt your private key using this hardened password and the Stanford Javascript Crypto Library — this produces a very powerful encryption.
3. The resulting encrypted key is stored within your browsers secure local storage. For the upcoming desktop and mobile apps, we will be using native key storage

You can then lock and unlock your wallet, which extracts your private key only when you need it. TezBox uses the eztz.js library, which was also developed by Stephen Andrews, and is currently the only major JS library available.

Using the TezRPC service

TezRPC is a load-balanced, SSL-secured network of multiple nodes running the tezos-node software. These servers process operations and keep in-sync with the blockchain. No keys are stored on these servers, and they are only used for public access to the blockchain.

By default, eztz.js and TezBox utilise this server by default. This allows users to quickly get access to the blockchain without having to run their own servers or install their own nodes.

We also recommend that those who desire a bit more security should install, run and maintain their own node(s). TezBox can then be directed to utilise your private-node for added security.

Moving forward

As we gain traction after the launch of the network, our goal is to focus on security, usability and versatility by constantly auditing and updating our codebase, funding the design of improved UX/UI, and releasing TezBox across multiple platforms.

We are also looking to raise funds to perform security audits on our software and infrastructure (which aren’t cheap). Any donations would be greatly appreciated (details below).

We are currently looking to release on the following platforms, which we aim to accomplish during the betanet phase:

1. Web-wallet — released
2. Chrome extension — released
3. Firefox extension and Android wallet — available soon
4. iOS, macos, Windows and *nix — available in the coming weeks

If you have any questions, please send us a message or find us on twitter @TezBox_Wallet

Want to help?

We are completely unfunded, with a sole developer doing all of the work unpaid (development, design, testing, support). Any and all donations are greatly appreciated and will be used to cover the costs of our development, infrastructure and hopefully a security audit.

Donate Tez — tz1cLDXASgh48ntYmLqM3cqPEXmUtpJVVPma
Donate Bitcoin — 1KSiyfgs5XwTZjaLpmCTHxonsyXMx383P1