Hello Hive Community ❗

Here is the `thebeedevs` team, where I have a **BIG** pleasure to announce another step in the Hive Wallet integration into the main stream of [MetaMask application](https://metamask.io/).

Our first steps in this subject have been made for Hive Birthday purpose (here is a little reminder for those who didn't read it then - please jump to the chapter in pointed article: [Yet more wallets to operate with Hive](https://blog.openhive.network/hive-139531/@thebeedevs/hive-is-five).

Then we were at the initial step of implementation: after performing a regular software design work (for those interested - I'd like to recommend further part of this post, where one of **THE BE**st **E**ver **DEVS** describes his feelings while developing our [Hive Wallet Meta Mask Snap](https://gitlab.syncad.com/hive/metamask-snap/) application), our app was able to operate with MetaMask using its Flask (developer) version, actually mostly provided for testing purposes.

Of course, our work was fully functional - only because of (justified) MetaMask needs - they limited us and forced to schedule a **source code security audit**:

 ![Monty_Python_spanish_inquisition.jpg](https://images.hive.blog/DQmdFGtUmUYMmX1b1h8kCDnjTECjF6fa9poKKuocVitFqEo/Monty_Python_spanish_inquisition.jpg) 

Yes, I saw them: they looked very similar to the pointed photo ;-) but they are called as [Hacken](https://hacken.io), the one of officially approved Meta Mask auditors what you can check [here](https://consensys.notion.site/Audit-process-1acbc67819dc4631b7a3d6c664e387a3)

They also have an account on #hive: @hacken - greetings guys !!!

Those impatient wait probably for the result: yes, our work has been approved and we have opened further steps to complete MetaMask integration. We have filled out & sent official MetaMask form to get allowlisted [pure form template](https://feedback.metamask.io/snaps-onboarding/) and we're waiting for the response.

Here is the [audit report](https://hacken.io/audits/hive/).

We hope to be officially approved on MetaMask list soon. This process is independent of our team, but we promise to report every upcoming change in this subject... 

********************************

Below, you can be more involved into details specific to this software development process, which in my opinion, (I hope our great team agrees with me) was so  successfull because of the simplicity chosen at each stage:
  - clearly defined functionality 
  - allowing simple hive integration for external users (by providing an link to its Hive friend),
  - seamless authority update for existing users,
  - ability to sign transactions and encrypt content using the Hive, but signing the transactions using MetaMask wallet.

To let you better understand how it works and why we **can** say that it is safe, we prepared a small interview with our developers. Please enjoy !

#### What is the reason of creating yet another wallet?

We can already find multiple wallet implementations (which was covered in [this issue](https://gitlab.syncad.com/hive/wax/-/issues/82#note_199540)), so what is the reason for creating another wallet? 🙄

The obvious and standard answer would be: "Our wallet is the best" (which of course is also true 😉), but we wanted to come a bit further: We wanted the users to be able to use one wallet to manage all their assets at once in one place! 💰

That's right - Just one extension for your Ethereum, Solana, BNB and Hive!!! 🐝

 ![MM-Hive-Bee.png](https://images.hive.blog/DQmeig7RpxfXncsZCXp1HLbdCTZDfgtdC8HGe68pF2QP55i/MM-Hive-Bee.png) 

#### But is it safe?

Yes, as it has already been mentioned, we successfully passed the audit! 🕵

The Hive Wallet also uses benefits of enclosed MetaMask architecture which runs snaps in isolated [Snaps execution environment](https://docs.metamask.io/snaps/learn/about-snaps/execution-environment/), which:
* 📢 Disallows the global environment pollution,
* 🥷🏻 Prevents malicious Snaps from stealing from users,
* 🚧 Limits access to sensitive JavaScript global APIs (such as `fetch`) without explicit permission granted to Snap.

This means we have no Internet access from inside of the Hive Wallet. 🌐

#### But if it is isolated, how does it communicate with dApps?

MetaMask uses JSON-RPC (just like Hive nodes do) for all the internal and external calls: 📲

 ![snaps-architecture-1.png](https://images.hive.blog/DQmNPxPTFre8N5KdDka1v5NQ9fmwUWfmqWg6RFstDK37xL6/snaps-architecture-1.png) 

By implementing strict requests validation on our end, there is no way for the attackers to leak your private keys! 🛡️

#### Does it mean Hive Wallet has access to my ETH/SOL/BNB?

That's a great question!

Metamask wallet uses BIP32 and BIP44 standards to manage keys derived from a simple seed (password aka secret recovery phrase).

Thanks to that, there is no way to access other private keys than derived from the path. In our case it is: `m/44'/3054'/accountIndex'/0'/keyType'`. 🗃️

Additionally, this is ensured by using MetaMask Snap permissions restricted to the path: `m/44'/3054'` for entropy-related functions:

 ![snaps-getentropy.png](https://images.hive.blog/DQmRpd9jSKRC85vuQ6y4dzh4z69atepnDYjh5qGLqjWmXCu/snaps-getentropy.png)

#### What is this magic `3054` number?

It's just a 🐝 (`0xBEE` - hexadecimal number).

This coin type was officially approved by SatoshiLabs as HIVE in [this PR](https://github.com/satoshilabs/slips/pull/1876/files#diff-a4a22ced714e2f008fb133abf3d464f917812378213802d2d73887a7f390a12fR1182). 🖖

#### How can I trust you or some auditors I have never heard of if I don't know what really happens under the hood?

Just look into the [source code](https://github.com/openhive-network/metamask-snap). 📁

Yes, it is publicly available. You can also contribute to it under [certain conditions](https://github.com/openhive-network/metamask-snap/wiki/KB#contributing). 🤝

Our CI/CD configuration securely builds & ships 🚀 the code when triggerred from the protected branch: [`@hiveio/metamask-snap`](https://www.npmjs.com/package/@hiveio/metamask-snap).

#### What can I do with Hive Wallet?

There are multiple things you can do, including:
* ✍🏻 Signing transactions using different authority levels
* 📩 Encrypting / Decrypting memos
* 🏷️ Retrieving your derived public keys

#### Okay, but it communicates with dApps - they can steal my private keys!

They cannot! 🤓 Our Snap never responds to the private keys.

This means there is no way for the attackers to retrieve your Hive private key from the Hive Wallet. 🔑

Moreover, every call to the priviledged function requires explicit user approval:

 ![approve-tx.png](https://images.hive.blog/DQmbaJ24UQGz8cLPY5jiENNSZY4z1xdPptXMYr55nQ2DD6Q/approve-tx.png)  

#### So how to move my keys to a different machine?

As already mentioned, all keys are derived from your main recovery phrase. 📝

Remember it, install MetaMask 🦊 on another device, import wallet and install our Snap. That's all!

#### Can I use it with multiple Hive accounts?

Yes, based on the requested account index, you can use different accounts for all the supported operations. 👯‍♀️

#### Does it provide multisig?

Yes, you can just provide multiple key indexes with different account indexes upon transaction signing 👥

#### Can I use it with other chain IDs?

So you want to use the [mirrornet](https://hive.blog/hive-160391/@gtg/hive-mirrornet-a-k-a-fakenet-is-up-and-running)? 🪞

That's awesome - another @thebeedevs technology 😎 Just provide different chain id to the transaction signing params. That's all! 🤯 

#### Where can I use it?

We created an extensive [knowledge base for On-chain usage](https://github.com/openhive-network/metamask-snap/wiki/KB#on-chain-usage) ✅

#### Can you also add support for TrustWallet and other Web3 wallets?

We are researching this topic and working on it hard! 👨‍💻

#### You convinced me. I am a developer. How to integrate MetaMask into my Hive dApp?

No wonder you asked this question, and... We have the answer! 🛠️

There is currently an [extensive work](https://gitlab.syncad.com/hive/wax/-/tree/develop/ts/packages/signers-metamask?ref_type=heads#example-usage) ⚙️ on MetaMask integration to [`@hiveio/wax`](http://npmjs.com/package/@hiveio/wax) (Read more about it [here](https://hive.blog/hive-139531/@thebeedevs/discover-projects-that-have-been-quietly-enhancing-your-hive-experience#:~:text=hiveio/clive/tags-,Wax%20library,-wax%20is%20a)).

Ready-to-use library will be publicly available soon, but if you want to test it now, you can either use [dev package version](https://gitlab.syncad.com/hive/wax/-/packages/13567) or manually call the APIs using [Snaps simulator](https://metamask.github.io/snaps/snaps-simulator/latest/#/handler/onRpcRequest) with snap location selected: `npm` : `@hiveio/metamask-snap` @ `1.6.0`: 🎯

##### Sign transaction

```json
{
  "method": "hive_signTransaction",
  "params": {
    "transaction": "{\"ref_block_num\":63366,\"ref_block_pref...",
    "keys": [{ "role": "active" }]
  }
}
```

##### Encrypt memo

```json
{
  "method": "hive_encrypt",
  "params": {
    "buffer": "Hello, world!",
    "firstKey": { "role": "memo" },
    "secondKey": "STM8LYDC8gWEtsdFvm4gzRmcsJnmuhCMcpL7vxpXPh6pGUZxE9WhY"
  }
}
```

##### Decrypt memo

```json
{
  "method": "hive_decrypt",
  "params": {
    "buffer": "#111111114nr3f4fxxx...",
    "firstKey": { "role": "memo" }
  }
}
```

##### Get public keys

```json
{
  "method": "hive_getPublicKeys",
  "params": {
    "keys": [{ "role": "memo" }]
  }
}
```

Thank you for reading !!!
And as always. we're waiting for your feedback.

thebeedevs Team