Safer savings: XUMM + Tangem
At XRPL Labs, we're working on improving the XRP ledger user experience for consumers and businesses.
XUMM is a non custodial XRP ledger client (wallet), meaning you, and only you have access to your funds because your funds are in your own account, to which you own the keys. Keys are stored securely in encrypted storage on your iOS/Android device.
TL;DR: XUMM + Tangem: the best combination for keeping your XRP / XRPL savings both super secure and super user friendly if you ever want to touch them.
This blog contains FAQ's + answers. Scroll down to read them if you have questions :)
Keeping your keys safe
While keeping your keys encrypted on your device makes a lot of sense for your daily spending (lower value accounts, to be accessed on the fly), your key(s) to your (XRPL) savings are best kept offline, away from your iOS/Android device (or any device you carry around, for that matter).
Existing methods to keep your key(s) to your high(er) value accounts safe all have disadvantages, if you want to be able to potentially/periodically move funds from your savings to your spending account.
A paper wallet (your secret offline, written down) is not user friendly. It's hard to use, because it will have to be imported to eg. XUMM when you want to access your funds. Hardware wallets have to be charged, are slightly harder (or even scary) to use. Air gapped clients require manual data entry when signing.
Enter Tangem Cards
Just like XRPL Labs, Tangem is making the cryptocurrency space a safer, more user friendly place. Their take on keeping keys to on ledger accounts safe is one we at XRPL Labs appreciate a lot. To the point where we feel confident using their cards ourselves to keep the key to our savings.
Instead of using a hardware wallet, or a static, written down secret (that can't be used easily), their cards contain a chip and use NFC (near field communication). The chip generates a private key, while being powered using NFC (by your iOS/Android device). This means the cards are shipped without a private key on them, and the private key will never leave the card. The chip used in Tangem cards offers bank grade security and has been fully audited.
Security + usability
Because the key stays in the (chip in the) card, signing happens in the (chip in the) card. This means your secret will never leave the card. To sign a transaction, you'll have to hold your card against your NFC enabled iOS/Android device. XUMM will then send transaction details to the card, the card will sign and return the signature (for the signed transaction) to XUMM so XUMM can submit it to the XRP ledger.
This offers the best combination of user experience and security. Using your smartphone with decent screen size, and the XUMM + XRPL ecosystem to compose and review transactions, while using a separate (dedicated, low level, offline) piece of hardware (the Tangem card) to sign transactions.
While Tangem already offered XRP cards, one could only use them for regular XRP payments. The XRP ledger has much more to offer than simple XRP – XRP payments: IOU's (decentralized exchange), account settings, multi signing, escrow, etc. All fully supported by XUMM.
We are very excited and proud to share that, by supporting Tangem cards in XUMM, all XRP ledger features and all transaction types will be available for all existing Tangem card owners.
Because the chip inside a Tangem card generated and holds the (non extractable) private key to acces your funds, a lost cards would mean you won't be able to access your funds anymore. As the XRPL ledger offers clever, on ledger features like “regular keys” and multi signing, XUMM will allow users to setup a secondary, offline Secret Numbers keypair. This keypair should be written down, kept secure away from the card. This key will be configured on ledger to be a back up key (“regular key”) to the Tangem card account.
Further explanation & FAQ's
- What's the typical use case for a Tangem card + XRPL?
Your Tangem card has it's own r-address. It's a separate XRP ledger account, and using XUMM you can use all XRP ledger features in combination with your Tangem card. The most common use case would be to use two XRP ledger accounts: one for receiving funds & daily spending and one for your savings. Your daily spending account in XUMM (as read/write account), and your savings account using a Tangem card. When you want to top up your spending account, you use your Tangem card to sign a transaction from your savings account to your spending account. When your spending account has a higher balance than you're comfortable with, you simply use XUMM to send some of your funds to your Tangem card account.
- Can I use a Tangem card in ATM's / Retail payment terminals?
No, you cannot. Tangem cards feature a bank grade secure chip, but the chip is programmed to work only for crypto currencies with Apps supporting the cards: ATM's and retail payment terminals will not recognize a Tangem card.
- Can I use the default, existing XRP (non-XUMM) Tangem cards with XUMM? Yes, definitely! All existing & future Tangem XRP cards will work with XUMM. All XRPL features will be available to all Tangem card owners using XUMM.
- XUMM Pro is a paid subscription, do I need XUMM Pro to use XUMM with Tangem cards?
No, XUMM Pro does include one (globally) shipped Tangem card, but you can use both regular Tangem XRP cards and XUMM Tangem cards with the free version of XUMM.
- How can I get XUMM Tangem cards?
You can order them at https://xrpl-labs.com/tangem
- Can I extract or backup the secret / private key from my Tangem card?
No, you cannot. The secret / private key of a Tangem card is stored safely inside the chip in the Tangem card. The card can only sign for you, it will never expose the secret / private key. While you cannot extract & backup the secret / private key of the Tangem card, XUMM can setup a recovery account, and attach the recovery account to your Tangem card account. Using this recovery account, you will be able to regain access to your funds in case of a lost, stolen or damaged Tangem card.
How is the Tangem card protected, can someone else use my Tangem card if they have physical access?
XUMM will allow you to setup a PIN / Password on your Tangem card. If you do so, signing transactions with your Tangem card also requires you to enter the PIN / Password. This will protect you against physical access attacks, as one not only needs your card, but your PIN / Password as well.
If you did not configure a PIN / Password on your Tangem card, one will be able to move all your funds.
If you use your Tangem card to keep significant amounts of XRP (or other currencies), it is advisable to both enable PIN / Password protection on your Tangem card and not to keep your card with you during your daily commute.
Where will XUMM Tangem Cards be shipped?
Can I import my existing account (r-address) to a Tangem card?
No. Tangem cards will have their own r-address.
Does a Tangem card require another 10 XRP reserve?
As Tangem cards have their own r-address, they will require activation (the 10 XRP reserve, as required by the XRP ledger).
What does this mean for existing Tangem card users & the Flare token distribution? XUMM enabling all XRP ledger transactions for Tangem cards enables all existing XRP owners using Tangem cards to claim their Flare tokens for balances kept 'on' Tangem cards :)