Skiff is thrilled to announce the release of a new option to log into Skiff with a Metamask Login Tens of millions of individuals already browse the internet with an Ethereum address as a primary form of identity. Now, Skiff has joined the ecosystem of forward-looking services that offer them seamless access.
This integration is technically groundbreaking (see more below) and provides all Ethereum wallet-holders access to privacy-respecting, end-to-end encrypted, and decentralized collaboration. Internally, Skiff already functions a lot like a crypto wallet - safeguarding keypairs and other sensitive information for your documents, identity, and team. We’ve written about this in past blogs on decentralized collaboration and in our technical whitepaper. Using similar functionality in the Metamask Login (such as eth_decrypt), we’re able to automatically create a Skiff account directly from a user’s wallet.
If you have the MetaMask browser extension, you’ll now see an option to “Metamask Login” on the app.skiff.org login page. If you don’t have the MetaMask extension, this button remains invisible.
Once you click “login via Metamask Login,” you’ll immediately be prompted to sign a login token - an attestation that you own your Ethereum wallet:
As the final step, you’ll then be asked for your encryption public key, which is used to secure your Skiff login token and password. From there, the normal Skiff login process begins - choosing a theme (light or dark mode), setting a display name, and enabling account recovery. For your collaborators’ sake, we highly encourage setting up a display name!
That’s it! You’ll then have access to writing, collaboration, and sharing — all with your Ethereum wallet address.
Now that we’ve covered the wallet-based login process, let’s dive into how it works behind the scenes!
First off, if you have the Metamask extension installed, you will see the option to log in with your wallet. If you don’t, you’ll see the familiar email-password login.
When you connect to Skiff with a new Ethereum wallet, the first thing we ask you to do is to verify that it’s actually you. To do this, we generate a challenge message with your wallet address and a random string for you to digitally sign, all done through Metamask’s interface. We call this challenge message skiff Login Token, which you can see in the Metamask prompt. This challenge-response authentication model prevents man-in-the-middle attacks and other impersonation strategies that could compromise your information’s security.
After verifying that this digital signature is valid, we can rest assured that you’re not being impersonated. At this point, Skiff’s end-to-end encryption model relies on private / public keypairs that are subsequently encrypted with your password, which is never stored or sent over any network. But since the whole point of logging in with our wallet was to eliminate site-specific passwords, we won’t ask you to create and remember a password. Instead, we randomly generate a password, ask you to encrypt it with your public key using the Metamask API, and then store the encrypted result (which can be decrypted with your Metamask Login for future reference. Your unencrypted password never leaves your browser (so we can’t ever see it!) and only you hold the keys to unlock your encrypted password.
That’s it! Using only your Metamask Login, you’re securely logged in and ready to start securely collaborating on Skiff!