Support Challenge-Response authentication with EC keypair message signing?

[tiero]

Thanks for this service, very helpful. What are the plans wrt allowing different ways to authenticate user such as Challenge-Response instead of username-password?

Usually non-custodial wallets that may use this service, already have a permanent public key and can then sign messages/challenges easily, so end-users do not need to backup extra credentials

[BitcoinErrorLog]

At the moment, Backpack uses username and password as an alternative to keys because the assumption is that the backup actually contains the keys, and thus the user wouldn't be retrieving backups for keys they already have.

If they lost these keys they then wouldn't be able to retrieve the backup either, hence requiring something they can memorize or save elsewhere.

If your use case for is plain authentication and permissioning of data, then Slashtags might suit you better, particularly when we publicly release Slashtags Feeds, which is basically what you have described: using a key to request data related to it from a server.

That said, if you can articulate a different flow specific to wallet backups and Backpack, we are open to it. (Like another factor that isn't the backed up keys themselves, nor a password.)

Does this make sense?

[tiero]

Thanks @BitcoinErrorLog Yes it makes sense, I do think Slashtags Feeds is indeed the right solution for "wallet metadata backup".

Now that is clear this service backups actual keys, well, it is not compelling anymore and can be closed.

Looking forward