Warm welcome to Cosmic.link!
What is Cosmic.link?
Cosmic.link is a solution for signing Stellar transactions from various applications without granting them any control over your account.
Each CosmicLink contains a request that is displayed on your screen. Then, you can pass it to your wallet where the transaction can be double-checked & safely signed.
Your secret key never leaves your wallet, as it is meant to be.
Before Cosmic.link, Stellar applications had two ways to have you sign transactions:
- Have you create and fund a new Stellar account, which they would control.
- Ask for your secret key.
Having as many accounts as applications is painful, and sharing secret keys is dangerous. Cosmic.link solved it all thanks to an innovative solution: transaction requests.
How does Cosmic.link work?
Transactions requests get encoded into what we call a `query string` for the purpose of passing them into normal web links:
Transaction requests can then get passed to any compatible service by using their address:
When applications generate those links, they choose which handler to use (it doesn't have to be Cosmic.link). Here's, for example, the request on the cosmic-lib demo interface.
In some cases, it is possible to pass the request directly to the users' wallets. For example, here's the same request pointed at Stellar Authenticator.
In other cases, wallets don't use the same format for transaction requests, and conversion has to happen. This what Cosmic.link does for hardware wallets.
How secure is Cosmic.link?
When designing a system that involves cryptocurrency transactions, security is the number one priority.
Cosmic.link uses every security enhancement at its disposal, such as 2-FA, HSTS, strict Content-Security-Policy, and an XSS-resistant application framework. It doesn't load scripts from external sources.
Cosmic.link is served from GitHub through Cloudflare. Those are among the most secure & reliable platforms on the web. They can resist heavy loads and virtually any kind of attack known to that day.
What if Cosmic.link gets down?
You can simulate this situation by cutting your Internet connection. Then browse to Cosmic.link and... It is still there!
Cosmic.link uses a technology known as `Progressive Web Application`. It is loaded into your browser cache and runs from there. In other words, it lives on your computer, not on the web.
If your wallet works offline, you don't need a connection at all. This is possible because Cosmic.link is small (a couple of Mb) and self-contained.
What if Cosmic.link ceases activity?
If Cosmic.link closes, applications will only have to change one line of code to point to a different handler, and everything will keep working.
This is unlikely to happen, though, as the Cosmic.link infrastructure is scalable and cheap to maintain. In fact, it went through the crypto winter without shivering.
What if Cosmic.link gets compromised?
Cosmic.link doesn't use any centralized server or database - so really, there's nothing to crack. In fact, as everything happens on your side, Cosmic.link doesn't have access to users' activity or personal data at all.
How can I integrate Cosmic.link?
There are many ways to do so, complete howtos are being written. Meanwhile, you can check the reference implementation of the protocol: cosmic-lib (JS).
How can I get in touch?
You'll find several ways to get in touch on Cosmic.plus.