EIP 1024 is starting to settle down and finalize, and so we just about have a solid technical foundation on which to build encryption and decryption into web3 browsers.
You can read the technical aspects of the proposal here:
In this thread I’d like to open the discussion to issues related to the user experience of encryption and decryption in web3 browsers.
A few questions I have, with my current opinions stated after them:
- Should users be prompted before their encryption public key is exposed to the dapp via
- I think especially with improved “explicit sign in” that this could be unnecessary, and associated keys could be revealed with a single “sign in” request.
- Should we prompt users to encrypt?
- This probably isn’t necessary, since encryption doesn’t require their private key material at all, could be performed without a web3 browser.
- Eventually if/when we add a “sign and encrypt” method, we can prompt the user in one place there.
- Should we prompt users to decrypt and download a file?
- I don’t think this is necessary, since it does not expose the decrypted data to anyone but the user’s own hard disk.
- Should we return decrypted data to the requesting Ðapp?
- This is the behavior that I think would require a prompt and user authorization.
- For the sake of keeping decryption-heavy dapps practical and usable, we probably want to introduce a batch
requestPersistentUsageOfDecryptionKeyForAccount( account )method.
- The Dapp should provide a user a way of revoking this decryption method if it can be extended.