All copy and UI is fully configurable, customers will be able to fully whitelabel the product. Capsule does want the experience to be somewhat consistent for users, however copy/color/size is fully customizable.
We may be adding in custom React Native components down the line.
This is the key that Capsule uses to sign transactions you initiate. The Backup Kit is a way to access your wallet in case of an emergency where Capsule services are not running. Normally, you will not need this key to transact.
Please avoid sharing this key with anyone – Capsule will never request this from you. If you lose this key, you can always contact Capsule for a copy.
Account Abstraction is a promising option emerging for on-chain account management. Capsule uses MPC for key management, however works with ERC-4337 out of the box. For more reading on MPC vs. AA, check out our blog post.
As long as the cloud key sent during onboarding is not deleted by the user, they may always refresh their keys without us using the 2-of-2 key refresh scheme.
Capsule won’t be able to sign or censor any transactions. We would only hold 1 key. Someone can still sign transactions with their recovery key. If we are compromised and we are not continuing to provide services, we can provide a migration path (a signing module). As long as those keys exist, the service can exist. For more information, please request a copy of the Capsule Whitepaper.
Device key loss – If a user loses their device key (by misplacing their phone, changing laptops, etc), the user will need the recovery secret in order to recover access to their wallet.
Theft of device key – If a user has their device key stolen, key recovery can be performed, which uses the backup key share to restore access.
Capsule is non-custodial.
Many custodians, built for HNW individuals or institutions, will allow you to set up different access privileges (eg. a super wallet to revert transactions where necessary). However many custodial embedded wallet infrastructure products are very constrained and tend to silo assets to a single client. This is far from ideal - perhaps someone will onboard to a website where they receive a free NFT but will be unable to move the asset around.
Capsule can support such use cases while still being non-custodial, enabling more universal access. Capsule plans to support policies where you can specify which signer can sign transactions and integrate risk scoring.
The biometric key is stored on-device in a secure enclave. Currently, only secp256k1 curve signatures can be used for Ethereum based transactions. However, the secp256r1 curve is the one that is supported in the secure enclave. Capsule generates an secp256r key-- however, it’s only used to authorize a secp256k1 curve signature for ECDSA signatures.