Skip to main content
Keptex

Honest answers to the obvious questions.

These are the questions that come up first. If yours is not here, open an issue on GitHub.

  • What if I lose my wallet?

    Recover the wallet from its seed phrase (the 12 or 24 words you wrote down when you created it). Then re-install Keptex and reconnect that wallet. Every credential will re-derive. If you lost both the wallet and the seed phrase, the credentials are unrecoverable, by design. We do not have a copy.

  • What if a site refuses Ed25519 passkeys?

    Keptex reads the Relying Party’s pubKeyCredParams and picks the strongest algorithm both sides support. If a site only accepts ES256 (alg: -7), Keptex falls back to P-256 automatically. You never see the negotiation.

  • How do I rotate a credential?

    In the extension options, open the Passwords or Passkeys section, click the entry, then Rotate. Keptex bumps the per-service counter, re-derives the credential, and replaces the entry. The old credential becomes orphaned at the Relying Party until you remove it there.

  • Why does the WalletConnect button warn about wc: scheme?

    Some desktop browsers do not have a wc: scheme handler registered. The warning tells you to copy the connection URI instead and paste it into your wallet manually. The standalone WalletConnect window handles this for you.

  • What happens if Keptex shuts down?

    Nothing happens to your credentials. The algorithm is source-available under PolyForm Noncommercial (zero-dependency, Web Crypto only). Any future client, yours, ours, anybody’s, can re-derive the same credentials from the same wallet. The test vectors prove it.

  • Can Keptex see my credentials?

    No. There is no Keptex server. Credentials are derived inside your browser from your wallet’s signature, used immediately, and forgotten. The encrypted vault on disk is encrypted with a key only you possess (your passphrase, processed by Argon2id).

  • Is the algorithm audited?

    The source-available core ships public test vectors and a formal specification (/algorithm). Anyone can verify that the implementation produces the expected outputs. A paid third-party audit is on the roadmap.

  • Does this work on mobile?

    Not yet. Mobile (iOS + Android via Expo) and desktop (Tauri 2) are the next two étapes after the browser extension stabilises. WalletConnect already lets you connect mobile wallets to the desktop extension, so credentials are derivable today from any mobile wallet.

  • What chains are supported?

    Stellar (Freighter), EVM (MetaMask via EIP-6963, or any WalletConnect-compatible wallet), and Solana (Phantom and WalletConnect Solana namespace). The algorithm is chain-invariant, the same seed always yields the same userKey, regardless of which chain you display in the UI.

  • Is Keptex open source?

    No, it is source-available, not open source. The whole repository is published under PolyForm Noncommercial 1.0.0: anyone can read it, audit it, and use it for any noncommercial purpose, which is exactly what makes the security claims verifiable. Commercial use, like embedding it in a wallet or a paid product, needs a separate licence. Copyright holder: S7P7 SASU.