Should I import my XRP Ledger account into Xaman?
Importing your account secret might not make sense
Xaman (formerly Xumm) is an excellent application for making payments on the XRP Ledger (XRPL), interacting with the XRPL ecosystem and for safely storing your private keys. For many people, moving their existing XRPL accounts over to Xaman seems like a good idea. Xaman is convenient, easy to use, and very secure, so why not import your account into Xaman to take advantage of all its features...?
Hardware wallets vs Xaman
Hardware wallets are largely about long term storage of your assets.
A hardware wallet stores the private keys for an XRP Ledger account on a device that is not connected to the internet. Transactions can only be signed on the XRPL account if the signer is in possession of the hardware device. Storing private keys 'offline' limits some potential attack vectors on an account.
Xaman is largely about enabling interaction with the XRP Ledger ecosystem.
Xaman stores the private keys for an XRP Ledger account on a mobile device. (Which is presumably connected to the internet at various times.) It allows a user to sign transactions on their XRPL account via their phone. By storing private keys on a device that is 'on line', it exposes an account to other types of potential attack vectors.
Potential risks...
Any time private keys are entered into any software there are potential risks. Spyware, malware, key-loggers, screen capture software, viruses, and many more attack vectors can come into play when entering your private keys.
If you are planning on importing an existing XRPL account into Xaman, please take the time to consider some of the risks associated with doing this.
This section asks questions which are intended to make you think about the nature of your XRPL account, how it was created and how private keys are stored. If you are not sure what the answers are to some of them, contact your current wallet and ask them. You should have a general understanding of these concepts before you import your account into any software application. (or hardware device)
How were the private keys generated?
Do you trust the company/service that generated the keys?
What was the source of entropy that was used to generate your keys?
Has that source been audited?
How are your private keys stored?
Can your keys be viewed using your current wallet?
Was you account managed by a previous wallet?
Are your private keys stored online? (ie. in a "cloud backup"?)
Which encryption method was used to store your keys?
Why are you importing your account?
Are you planning to participate in the XRP Ledger community?
Do you want to be able to access your hardware wallet account using Xaman?
While importing private keys into Xaman is certainly easy to do, you should consider why you are taking the risk of importing them into Xaman when there is a much safer option...🤔
Our Recommendation
The safest way to protect your funds is to create a new XRPL account using Xaman, then move your assets to your new account. There are a number of benefits to doing this:
Accounts generated by Xaman use a world-class algorithm to generate a set of eight, six-digit Secret Numbers used to access the account. Our algorithm has been audited and tested hundreds of thousands of times. You can trust that your Secret Numbers will not be duplicated by any other software or service.
Xaman only displays the account secret once, when an account is generated. There is no way to access or view it after it is initially displayed. No one, other than you will ever see the account secret after the account is created.
After a new account is generated, the account secret is encrypted and immediately stored in Xaman. The algorithm we use to encrypt it is exceptionally secure.
If something were to ever go wrong, it is much easier to narrow down the source of the issue if the account was generated in Xaman.
Frequently Asked Questions
I want to import my hardware wallet account into Xaman.
Consider the reason why you want to do this. For most hardware wallets, the main selling feature is that they generate and store the private keys for an account 'off line'. This means that an XRPL account managed by a hardware wallet is protected from some potential attack vectors.
By importing your hardware wallet account into Xaman, you are bringing your private keys into a software wallet (Xaman) which is 'on line'. (ie. Xaman is installed on a mobile device which is most likely connected to the internet at various times throughout the day.) Doing this will negate the main selling feature of your hardware wallet. Are you sure this is what you want to do?
If so, this article explains how to do this:
...with a MnemonicInstead of importing my hardware wallet, can I just configure a regular key to it?
Rather than importing your private key for your hardware wallet account directly into Xaman, it is possible to create a second XRPL account, configure a regular key it, then import your hardware wallet account into Xaman in 'read only' mode. Doing this keeps your secret keys 'offline" but still allows signing access to your account.
As long as you understand that doing this will allow you to access your hardware wallet account directly using Xaman, this is a better option than entering your private key into Xaman.
A regular key will "link" your hardware wallet account to a second XRPL account that will be managed by Xaman. This second XRPL account will not contain any funds and does not need to be activated with 10 XRP, but it will allow you to sign transactions on your hardware wallet account using Xaman.
This means you will have full and direct access to your hardware wallet account with Xaman and you will not need your physical hardware wallet to access the account.
If this is what you would like to do, here are the instructions:
How to import an XRP Ledger account from a hardware walletI created my account during the CasinoCoin swap. Should I consider creating a new XRPL account?
The XRPL accounts that were created during the CasinoCoin swap used a process that some people might find a little difficult to understand. If you ever need to import one of those accounts, there is a special set of instructions to assist you:
Last updated