Grofty Labs LogoGrofty

Import Wallet Flow

Technical documentation on how wallet import works

Non-Custodial Import

When importing a wallet, your mnemonic phrase and private keys never leave your device. The backend only receives your Party ID and public key.

Import Process
  1. User provides: 24-word mnemonic + Party ID + PIN
  2. Extension normalizes and validates mnemonic (BIP-39)
  3. Extension derives public key from mnemonic (Ed25519)
  4. Extension computes Canton fingerprint from public key
  5. Extension verifies fingerprint matches Party ID
  6. Extension sends Party ID + public key to backend (NOT mnemonic)
  7. Backend verifies party exists on Canton Network
  8. Backend saves Party ID + public key to database
  9. Extension encrypts mnemonic with PIN (Argon2id + AES-256-GCM)
  10. Extension stores encrypted mnemonic in local storage
Cryptography Used

Key Derivation

  • • BIP-39 mnemonic to seed (PBKDF2-HMAC-SHA512)
  • • Ed25519 key pair from seed
  • • Canton fingerprint (SHA-256 with multihash prefix)

Encryption

  • • Argon2id for PIN-to-key derivation
  • • AES-256-GCM for mnemonic encryption
  • • Random IV for each encryption
Security Guarantees
  • • Mnemonic never transmitted to server
  • • Private key never stored anywhere
  • • Fingerprint verification prevents wrong mnemonic
  • • Encrypted storage with strong cryptography