Learn about Xumm security and how to set trustlines
Instructions on how to set a Trustline in the Xumm wallet app.
XUMM: https://xumm.app/
A note on security.
A lot of scams targeting @XummWallet users are popping up. Here on Twitter, reaching out to users with scammy DM's, replying fake "Google Forms" support forms, on Telegram, etc.
Please watch this video. Pay special attention around 0:43 » "DO NOT share your secret numbers" … pic.twitter.com/a5SKrVgpKG
— Xaman (formerly Xumm) Wallet 🪝 (@XummWallet) December 12, 2021
Add a trust line from an account in XUMM as follows:
Go to the xrpl.services web site or click the Trustline link which will open it.
-
Select ‘Sign in with XUMM’
-
XRPL.Services will display a QR Code
-
Scan the QR code with the XUMM app
-
XUMM will show a and sign-in transaction
-
Sign the transaction if necessary
-
Select ‘Accept’ in the XUMM app
-
Verify the correct XRP Ledger network (Live/Test) is in use in the top right corner
-
Select ‘Trust Set (Trustlines)’
-
In the ‘XRPL Address which issues the IOU’ field
-
Enter the issuer address: r…
-
Then select the asset (token code) from the proposed list
-
Review the Trust Line Limit and adjust as needed
N.B. At the time this article was written this defaults to a value of one million.
It is recommended to read the second paragraph of the trust line documentation on the XRP Ledger Development Portal with help understanding the appropriate value for this field for your case.
-
Select “Send Trust Set to XUMM”
-
Sign the transaction using the XUMM app
A Glossary: Terms & Definitions used in the XRP Ecology
General Terms
-
Fiat (currency)
-
Fiat money is any money that is accepted by a government for paying taxes or debt, but is not pegged to or backed directly by gold and other valuables (fiat money systems have no gold standard).
Source: Wikipedia
-
Digital Asset
- The Wikipedia definition is fairly broad and doesn’t speak specifically to Cryptocurrencies.
A digital asset is anything that exists in a digital format and comes with the right to use.
Source: Wikipedia
However, that could be taken to include cryptocurrencies. The right to use being conferred by control of the keys for a particular account.
The Elements of XRP Accounts and Credentials
Accounts
-
Label
- This is your name for the account. Use whatever you like. Best practice is to call it something significant.
Credentials
In common usage some of these terms are used interchangeably;
-
Password
- the per account password to sign when users select a security level higher than bio-metrics
-
Keys or “secret key”
- in XRPL context usually referring to the family seed but, in general, any secret info.
When communicating information for the purposes of solving a problem it is critically important to use the correct terms correctly.
This next term often gets used for what is defined in Xumm as password or passphrase;
-
Passcode
- The Passcode is multiple digits selected by the user when the app is first installed that unlock the app ONLY.
The purpose is to keep anyone who gets physical access to the phone from being able to access accounts.
The passcode has nothing to do with account data.
Enabling Bio-metric Authentication (FaceID, fingerprint) bypasses the requirement to input a passcode to open the app.
Cryptographic Keys
The XRP ledger uses cryptographic keys to secure accounts and transactions.
In the XRP Ledger, a digital signature authorizes a transaction to do a specific set of actions. Only signed transactions can be submitted to the network and included in a validated ledger.
There are four secret elements related to an XRP account;
-
Passphrase
-
The Passphrase is a user-created value used to sign transactions.
-
Private Key
-
This is the most sensitive of the secrets and is not exposed in Xumm.
Many people misuse this term – interchanging with anything they consider to be a ‘secret’ credential.
The private key is the value that is used to create a digital signature. Most XRP Ledger software does not explicitly show the private key, and derives the private key from the seed value when necessary.
How private keys are derived is highly technical so not for the faint of heart but the method can be seen here.
-
Family Seed
-
A [Family} seed value is a compact value that is used to derive the actual private and public keys for an account. … The seed value is secret information, so you must protect it very carefully. Anyone who has knows an address’s seed value has effectively full control over that address.
-
Xumm Secret Numbers
- Xumm Secret Numbers are a type of secret created by XRPL Labs (the creators of Xumm) to provide enhanced security and reduce input errors.
- Few XRP ledger clients / wallets support Xumm Secret Numbers.
- Xumm Secret Numbers are a proposed standard, and the source code to generate, read & convert them is open source & publicly available.
- If you want to use your XUMM generated XRP ledger account with another client supporting the Family Seed secret format (
s...) Secret Numbers can be turned into a Family Seed (for cross XRP Ledger client / app compatibility).
Transaction Terms
Only fields that might require explanation when doing a basic transaction are here. Comment or open a support ticket if more help is needed.
-
Source/Destination Tag
-
Source tags and destination tags are a feature of XRP Ledger payments that can indicate specific purposes for payments from and to multi-purpose addresses. Source and destination tags do not have direct on-ledger functionality; source and destination tags merely provide information about how off-ledger systems should process a payment.
There is an article with a more extensive (and less technical) explanation here.
-
Memo
-
Pretty much exactly what it sounds like. A place for any extra data users might need while working with the transaction.
Please Note: For some reason Coinbase uses “Memo” in their XRP withdrawal screens for the Destination Tag. Very confusing.
-
Token / IOU / Issued Currency
-
Issued Currencies Overview All currencies other than XRP can be represented in the XRP Ledger as issued currencies.
These digital assets (sometimes called Tokens or IOU’s) are tracked in accounting relationships, called trust lines, between addresses.
…
Any address may freely issue (non-XRP) currencies, limited only by how much other addresses are willing to hold.
…
Issued currencies can be traded with XRP or each other in the XRP Ledger’s decentralized exchange.
Source: XRP Ledger Project Developer Portal
Copyright (c) 2020 XRP Ledger Project