Is the App sending users private keys to the public node?

I have had a review of the App, and RPC code, and it looks like the private key from the app is being sent to the public RPC raw transaction endpoint (So, the app is not signing transactions)

I’m hoping I’m wrong, and maybe I missed something…!

Can anyone confirm or deny?


thanks for the report @justjamesdev, all calls from the app to a fullnode should not consist/reveal user’s private key. We’re reviewing every function to see what we were missing. In the meantime, could you please point out what you found out so that we can fix asap. thanks.


Transactions are generated in the app using Zero-Knowledge Proofs. This will keep the private key on the mobile device, only sending the proofs as needed by the Incognito protocol off the device.

EDIT: Ninja’ed by @duc who will know WAY more than I do.

1 Like

I am curious to your findings james, I assumed this was only the case w rpc calls. I know @abduraman reported on this subject once a while ago in the builders chat but I never heard of an update of his complaint (maybe I missed the post??)

EDIT: Now I see the WASM routine, was a bit sleepy last night. Still, going to build and run myself just for interest

So? Is the app sending our pvt keys in transactions??
Can anyone confirm this? This is a big claim!
I am worried now! :worried:
My intention is not to create FUD, but its insane that
15 Hrs passed since the claim, and none of the devs have confirmed, if this is true?

No, I don’t think that is the case, relax! I guess SendRawTransaction can take different formats or something.

Though since I made a test setup for this I’ll take a look at the app to server messages just out of curiosity :slight_smile:

Not true. I already wrote this on the different posts. As @Matt6412 remembers correctly, the full-node owner can access the private key of RPC caller. Since the app encodes the transactions on the client-side, there is no such problem for the calls from the app.

You may read the note on this post as well: abduraman - Python API for Incognito SDK


This suggests that transactions are encrypted (to be decrypted on the node)
I’m guessing maybe it’s just a different choice of language, but I would assume that the transaction is signed on the client and sent along with a public key, so the private key doesn’t leave the device, encrypted or not… right?

I can see from your thread that the wasm is generated from the core go code, so I’ll be able to look into that deeper now I guess ( wasn’t quite sure where it came from!)

Yes, my wording is a little bit problematic :slight_smile: I think you should read this (especially Sign Transactions section):

The app does the procedure in the document on the client-side so that validators can verify the transaction. For RPC case, that procedure is performed by the full-node server before broadcasting to the validators. The difference is that.


Aha, I get it, Works how I’d expect (I’m from Waves which works very similar apart from the privacy part!)

Nice document, thanks !

1 Like