Decaf Wallet quick guide.

Decaf's new version now supports Stellar send.

Decaf Wallet

A wallet built for everyday people and real life utility.

www.decaf.so

-On-ramp crypto via Solana or Stellar or cash via Moneygram Cash-in (See below)
-On-ramp fiat via ACH: ask support for a US account. Do KYC.
-Anyone can send US$ to that account, including yourself or a company.
-Receive USDC$ equivalent in your wallet 1 for 1.
-Send USDC$ to either a Solana or Stellar address, Kinesis in this case, without fees.
-Off-ramp UDSC 1:1 to a US$ bank account or in Euro in SEPA countries, without fees.
-Off-ramp in supported local currencies via Moneygram Cash-out.
-Off-ramp via OTC to bank accounts in COP, MXN, BRL, ARS, PEN, CAD$.

https://support.decaf.so/hc/en-us/articles/12336352919959-In-which-countries-is-Moneygram-cash-in-and-out-available

Voila.

*Edit: Wise works both for on-ramping & off-ramping to US$ accounts.
**Edit2: Memo is now supported on Stellar send.
***Edit3: Added OTC info

 

[The Moonshaft]

I don't think Lobstr has this built into the interface either if you want to delegate signing authority of the Lobstr address to another Stellar address that you control such as through a hardware wallet.

At home, in my own situation, I run Lobstr Wallet on a Dell desktop using Firefox for MX Linux. The operating system is MX Linux, Version 23.5. In turn, MX Linux is based on Debian Version 12.1. By running a Linux rig and following other common-sense security protocols I enjoy a computing environment that is safe, probably safer than any Windows installation. I also don't use Lobstr for crypto storage. It's usually just a brief weigh station for stablecoin that's moving to Kinesis.

I totally agree, though, that private key information is radioactive and must be handled with the utmost care.

I'm a little confused, JH. I think maybe you misunderstood what I indicated in my post. I am only dealing with *one* Stellar address, not two somehow linked together. The only Stellar address I'm dealing with is the one created when I signed up for Decaf wallet. There is no need to "delegate signing authority to another public address" because there is one and only one address.

Here's the key point: In Lobstr, when you go in and set up a brand new account using the "Connect Stellar Wallet" option, you are NOT adding a second Stellar wallet or delegating a signing authority. You are simply creating an interface where you can see and manage the single Stellar account you created when you signed up for Decaf. In other words, I now have two different portals, mobile and desktop, where I can manage my single Stellar (Decaf) address, and that's pretty darn convenient!

 

[JH528]

Good idea on the Linux approach. I do that also to minimize attack surface.

On your latter point, whether you are using Lobstr solely to access only the Decaf wallet or have multiple accounts set up on Lobstr, that's not the point I was making. I was referring to your sentence as follows:

Then you input your public Decaf Stellar wallet address and also the private key for that address.

[emphasis added to the original]

You had to input the private key of the Decaf wallet onto the software interface manually for Lobstr to allow Lobstr to access that Decaf wallet, which as you say, is just giving two interfaces access to the same wallet. It's similar to how you can set up two hardware wallets to access the same set of addresses. I get why that is super convenient, and I do that myself with separate hardware wallets. But it does create an attack surface if entering private keys onto any device that is regularly connected to the internet with an operating system and which is not designed to mange private keys securely (like a separate hardware wallets). My bet is that the vast majority of people who might follow that approach are not even using Linux and are often using Windows or, more likely, a mobile phone. That was the point of my caution, as I think most people are far more exposed as to attack surface than what you have described.

Lobstr is a hot wallet that is exposed constantly to internet connections. If for some reason you have to "recover" a hot wallet, best practice is to set up a totally new account and set apart the private keys, and then recover the old account with the manual reentry of the private keys and transfer funds immediately into the new account from the recovered account, with the reason being that you generally never want to have long-term funds in any address for which a private key was manually entered into any interface other than a secure offline manager, like a hardware wallet. Thus, if I had to "recover" my Lobstr address, that is what I would do, and then I would never use the old one again.

What I was describing is that there is a way on Stellar that actually can give signing authority to another address on a wallet like Lobstr in a secure way that would allow the Lobstr interface to send and sign transactions on another wallet, like the Decaf wallet, without ever having to compromise the private key of the Decaf wallet or the Lobstr wallet, for example. This allows two separate addresses (i.e., two sets of private keys) to control a single address, but it does it in a way that never exposes private keys manually. But the problem is that the Decaf interface has to be sophisticated enough to allow interaction with the base protocol and set the proper commands to designate a second address to sign for it and issue commands. If it did allow that (and I don't know if it does, because I can't really use it for anything with the KYC fail), then you could authorize a separate account on Lobstr to interact on behalf of the Decaf wallet without ever exposing a private key through manual entry. With this approach, you would just set up a Lobstr account like usual (not a "recovery" of any existing account), securely save the private seed phrase generated, and then give signing authority to the Lobstr address, thus allowing Lobstr to see and transact on behalf of the Decaf address.

But even Lobstr would have to have a way to know that this was a delegation account, and even that is lacking in the software at present for Lobstr. In contrast, with Xaman (the Lobstr-like equivalent on the XRPL), those devs put in a feature that allows you to import a public address into the Xaman app which you designate as an account for which the Xaman account has signing authority (which was delegated on the other address), and then you have the convenience of using the Xaman app to transact and sign for that other address.

Even that carries risks, because now you have to be sure that this mobile access point is kept secure, but at least that approach never had to manually input any private key on any surface connected regularly to the internet.

 

[JH528]

I also don't use Lobstr for crypto storage. It's usually just a brief weigh station for stablecoin that's moving to Kinesis.

And that is also a really important point which you added. That's a good practice for any hot wallet. And that's why I had added that for those using Lobstr (and Decaf or any hot wallet) for brief stopping points in transit, I would agree that the risk is much less. Others may not be following that advice, which is why I offered caution for those who are inputting private keys manually on any kind of hot wallet or device connected to the internet constantly.

 

[JH528]

Several years ago when the Kinesis blockchain was first getting going, you could set up a "wallet" address where you controlled the keys. It was set up through the interface, and it was a software hot wallet. You set it up, it gave you the keys (which you wrote down and secured), and it stored the credentials in secure cookies. But the site was still raw and glitching a lot, and people had to clear cookies often, and that cleared your access to this wallet, and so you had to input the private key in again (and again, and again). This was super insecure. I complained about this a lot.

Originally, when minting, minted funds had to go to this separate wallet. I hated this, because everybody was using these wallets where they were all constantly re-inputting the private key right on their computer manually. The only reason this wasn't a huge attack surface was because no scammers really knew about Kinesis, but you had all this digital gold passing through these wallets where private keys were probably far more exposed than people realized.

Eventually, they allowed the minted funds to go directly to the KMS account, thus negating the need for these hot wallets which you can still set up I think, but for which there is almost zero need, because if you want a private address to control your own keys, then by all means you need to get a hardware wallet and not trust these web-based wallets for this reason. But most people probably just use the KMS without any wallet. So, those old hot wallets are mostly useless at this point. They were really insecure given how they were being misused, because the interface for using them was not well-designed, and the recovery process wasn't thinking about how insecure it was.

 

[The Moonshaft]

But the problem is that the Decaf interface has to be sophisticated enough to allow interaction with the base protocol and set the proper commands to designate a second address to sign for it and issue commands.

I've looked into all the menus in Decaf and I'm almost certain you can't designate a second address to sign for it and issue commands. Decaf is not anywhere near that level of sophistication yet. Maybe someday. It's a shame they won't give you an account. ROS and I will vouch for you!

What you said about the Xaman app is very interesting and useful because you don't have to expose your private key.

Thanks for all the deep info, JH. Everyone reading this thread should exercise MAXIMUM caution with their private keys and carefully handle them―or not handle them―as you've advised. I have a friend who's kept a significant amount of Bitcoin in the Coinbase exchange for several years. Just a week ago I urged her to move that asset to the Coinbase Wallet and be extra vigilant to record her seed phrase, the public address and private key and print out multiple copies of that info on her printer for safe physical storage. Also, if she becomes more competent with her crypto she could opt for Ledger or Trezor hardware storage. I hope she does.

 

[ROS]

Yes I will vouch for you JH528. You always provide such wonderful and factual information here. We all thank you!