Signata 1.0.0 - and why we've removed IdP Authentication

We just released a new huge update for Signata, and with it we've done something we somewhat regret needing to do, but it's far better for our longer term product development. We're also calling this our 1.0.0 release, as we've fundamentally changed the service since our earlier Beta releases and we've now settled on a platform that we'll stick to.

Previously with Signata you could sign up using a multitude of Identity Providers. Now, you can now only use an account created as an email address + password. We've dropped support for all external identity providers. Whilst we prefer using external services to handle authentication, this is purely because of technical limitations with the platform that we've built our desktop application on, Electron. And so far we've actually only had a handful of users signing up with 3rd party Identity Providers, so we figured the disruption would be minimal.

Electron unfortunately runs in a context that doesn't work well with Firebase (our back-end service), as the context is effectively sitting somewhere on the blurry line between Node.js back-end services and the front-end web. This then causes issues with attempting to use IdP credentials gained in the method that we used to use (which, to be honest would be classed as a janky hack), so to improve our release cycle the better approach for us it to remove those options and reintroduce them if Google implement better support for Electron applications that use Firebase.

Whilst we've taken one feature away, we've added a whole stack of new features, in part because we've now simplified our desktop application significantly. Our code base is effectively the same core design across all of our applications, and we've now been able to bring that design into the Signata Desktop application.

If you've already registered with an external account like Google, please contact support and we'll help you migrate to using a dedicated account for the service instead.

Faster and Safer Device Management

Our earlier releases relied on a Command Line toolkit we had built for managing YubiKeys. Every action, including detecting their presence, injecting keys, signing and decrypting data, and more was all perfomed by invoking this toolkit from our Electron application.

I never liked this approach, as I was always concerned secrets could be lifted from the messages being sent between the Signata app and the CLI toolkit. So, we've replaced it entirely with a new gRPC-based device manager utility.

In a nutshell, when the Signata application is launched it will start up a Device Manager service in the background. The service and the Signata application will negotiate a temporary cryptographic key pair to protect their communications using Transport Layer Security, and all messages are then sent via gRPC.

Whilst this adds a massive boost in security with all traffic encrypted, this also does one other amazing thing for the product - it's blazingly fast compared to the old CLI toolkit. We'll do a more technical write-up on how this works soon.

Updated Address Integrations

We experimented with allowing non-tradable address storage in Signata, but we weren't happy with the experience if users would be unable to actually use those addresses. So we've pared the system back to supporting addresses we can actually transact with (via BlockCypher), and we've also moved our Ethereum integration to use Infura instead to provide faster transactions and future ERC-20 token integrations!

For now if you want to store WIFs or Private Keys of addresses that Signata doesn't support, you can always use the Secure Notes capability to store them (more on that below). If you want to see any particular currency supported, please reach out to us and let us know - we will be adding XRP support as first priority.

Just a side note: if you're using MetaMask or a similar product for interacting with the Ethereum network and other coins like UNI or LINK, you can export your account from MetaMask and import it straight into Signata for more secure long-term storage.

Dark Mode

With our newer codebase live we've now got Dark Mode support working. The application will automatically detect which mode to run in from what your Operating System has been set to. At the moment only the web browser lets you force this on or off, and we'll put it the option into the desktop application soon.

Instant Updates

Now that we have a tighter coupling of our desktop application with Firebase, all data in your account will now be automatically synchronized in realtime between all open clients.

Secure Notes

We're not trying to reinvent the wheel when it comes to password management (other products do this far better), but if you want to store specific secrets like your password manager passphrase you can use the Secure Notes feature to encrypt your secrets using your YubiKeys. All you need to remember is your device PIN to retrieve them again.

Address Book

Signata is designed for holding cryptocurrencies long term - but eventually you'll probably want to move your currencies back out to exchanges to make trades - you can use the Address Book capability to store deposit addresses of pretty much anything, so you can then use them later for withdrawals.

Simplified Device Management

As we've developed Signata, we've identified ways to simplify adding Devices to your account. Now, all you need to do is provide your Recovery Passphrase and the PIN you wish to use with your device, and the rest is taken care of.

What's Next

Now that we've gotten that overhaul released we'll be releasing more features soon. We've got an integration planned with CryptoAPIs that we hope will unlock more coin types we can support, and we're also looking at ways we can incorporate Uniswap directly into Signata. Download Signata today to try out all the new features!

Timothy Quinn

Timothy Quinn

Managing Director of Congruent Labs