Developer FAQ

Some common questions about Capsule. See something that isn't covered? reach out at [email protected]

Product and End User Experience

How configurable is the UI and copy in the Capsule flow?
All copy and UI is fully configurable, customers will be able to fully whitelabel the product. Capsule does want the experience to be somewhat consistent for users, however copy/color/size is fully customizable.
We may be adding in custom React Native components down the line.
Does Capsule support social login?
Capsule's auth is modular and decoupled from key management. As a result, Capsule can integrate with any SSO or auth mechanism (Google, Facebook, Whatsapp login, custom auth etc)
What products does Capsule offer?
Capsule offers a React Native SDK and a JS SDK for mobile and web developers.
Is Capsule open-source?
Capsule’s codebase is not (yet) open sourced. However, Capsule will open source/openly publish the following:
  • Core SDKs (available to partners)
  • Signing and Transaction Logs
  • Permissions (future)
What is the Capsule Backup Kit?
This is the key that Capsule uses to sign transactions you initiate. The Backup Kit is a way to access your wallet in case of an emergency where Capsule services are not running. Normally, you will not need this key to transact.
Please avoid sharing this key with anyone – Capsule will never request this from you. If you lose this key, you can always contact Capsule for a copy.
What’s a typical migration path to migrate EOA wallets to MPC?
Capsule supports migration paths in and out of EOA, Smart Contract wallets and more. How this works will depend on the particulars of your setup, and will be discussed during integration.
What are sessions?
Capsule uses sessions as a security measure when signing transactions, session length is 90 minutes by default
Does Capsule use Account Abstraction? How do things like MPC and AA work together?
Account Abstraction is a promising option emerging for on-chain account management. Capsule uses MPC for key management, however works with ERC-4337 out of the box. For more reading on MPC vs. AA, check out our blog post.

Security, Architecture, and Availability

How is Capsule's MPC implemented?
Capsule uses the DKLS19 MPC algorithm, and leverages an open source implementation for core functions like distributed key generation and signing ceremonies.
If Capsule servers were to go offline, can users still sign transactions?
As long as the cloud key sent during onboarding is not deleted by the user, they may always refresh their keys without us using the 2-of-2 key refresh scheme.
Capsule won’t be able to sign or censor any transactions. We would only hold 1 key. Someone can still sign transactions with their recovery key. If we are compromised and we are not continuing to provide services, we can provide a migration path (a signing module). As long as those keys exist, the service can exist. For more information, please request a copy of the Capsule Whitepaper.
How does Capsule mitigate key theft, loss, and other common attack vectors?
Device key loss – If a user loses their device key (by misplacing their phone, changing laptops, etc), the user will need the recovery secret in order to recover access to their wallet.
Theft of device key – If a user has their device key stolen, key recovery can be performed, which uses the backup key share to restore access.
Is Capsule custodial? How is Capsule different from custodial services?
Capsule is non-custodial.
Many custodians, built for HNW individuals or institutions, will allow you to set up different access privileges (eg. a super wallet to revert transactions where necessary). However many custodial embedded wallet infrastructure products are very constrained and tend to silo assets to a single client. This is far from ideal - perhaps someone will onboard to a website where they receive a free NFT but will be unable to move the asset around.
Capsule can support such use cases while still being non-custodial, enabling more universal access. Capsule plans to support policies where you can specify which signer can sign transactions and integrate risk scoring.
Where are keys and data actually stored? For example, how does the biometric confirmation work?
The biometric key is stored on-device in a secure enclave. Currently, only secp256k1 curve signatures can be used for Ethereum based transactions. However, the secp256r1 curve is the one that is supported in the secure enclave. Capsule generates an secp256r key-- however, it’s only used to authorize a secp256k1 curve signature for ECDSA signatures.
For a more in-depth overview, check out this section.
What signature structure does Capsule use?
Capsule uses the EIP712-specified transaction signature interface