Skip to main content

System Components

This document provides detailed specifications for each component in the GRIPLOCK system.

Dashboard Application

The web-based dashboard is built with React and serves as the primary user interface.

Technology Stack

TechnologyVersionPurpose
React18.xUI framework
TypeScript5.xType safety
Wouter3.xClient-side routing
TanStack Query5.xServer state management
Tailwind CSS4.xStyling
Shadcn UILatestComponent library

Key Modules

File: client/src/lib/crypto.tsProvides all cryptographic operations:
// Key generation
export function generateKeyPair(): KeyPair

// Key exchange
export function deriveSharedSecret(
  privateKey: Uint8Array, 
  peerPublicKey: Uint8Array
): Uint8Array

// Encryption/Decryption
export function encryptPayload(data, sharedSecret): EncryptedPayload
export function decryptPayload(encrypted, sharedSecret): DecryptedWalletData

// Wallet derivation
export function deriveSolanaAddress(nfcId: string, pin: string): string

// Session storage encryption
export function encryptForStorage(data, sessionId, ttlMinutes): EncryptedStorageData
export function decryptFromStorage(encrypted, sessionId): StoredWalletData | null
Dependencies:
  • @noble/curves — Ed25519 and X25519 implementations
  • @noble/hashes — SHA-256 and HKDF
  • @noble/ciphers — AES-GCM encryption

Page Components

PageRoutePurpose
Login/QR code display and connection handling
Dashboard/dashboardWallet information display
Not Found*404 error page

Signaling Server

The Express.js backend provides WebSocket signaling for WebRTC connection establishment.

Architecture

// server/routes.ts

const sessions = new Map<string, {
  dashboard: WebSocket | null;
  mobile: WebSocket | null;
}>();

// WebSocket message types
type MessageType = 
  | 'register_dashboard'   // Dashboard joins session
  | 'register_mobile'      // Mobile joins session
  | 'mobile_connected'     // Notify dashboard of mobile presence
  | 'answer'               // WebRTC answer from mobile
  | 'ice_candidate'        // ICE candidate exchange
  | 'encrypted_credentials'; // Encrypted wallet data

Message Flow

Session Management

  • Sessions stored in-memory Map
  • Automatic cleanup on WebSocket disconnect
  • No persistent storage of session data

Mobile Application

The mobile app (iOS/Android) handles NFC reading and secure credential transmission.

Responsibilities

  1. QR Scanning — Parse compressed connection payload
  2. NFC Reading — Extract card UID via ISO 14443
  3. PIN Collection — Secure numeric input
  4. Encryption — Encrypt credentials with shared secret
  5. Transmission — Send via WebRTC DataChannel

Security Measures

Memory-Only Processing

Credentials never written to storage

Secure Enclave

Cryptographic operations in secure hardware when available

App Transport Security

TLS 1.3 for all network communication

Certificate Pinning

Prevents MITM attacks on signaling

Cryptographic Libraries

GRIPLOCK uses the Noble cryptography suite for all security-critical operations:
LibraryUsage
@noble/curves/ed25519Ed25519 signatures, X25519 key exchange
@noble/hashes/sha2SHA-256 hashing
@noble/hashes/hkdfHKDF key derivation
@noble/ciphers/aesAES-256-GCM encryption

Why Noble?

  • Audited — Security-reviewed by third parties
  • Pure JavaScript — No native dependencies, works everywhere
  • Constant-time — Resistant to timing attacks
  • Modern — Uses latest cryptographic best practices

Payment Integrations

Moonpay (On/Off-Ramp)

Handles fiat-to-crypto and crypto-to-fiat conversions: 
// Moonpay integration endpoints
interface MoonpayConfig {
  apiKey: string;
  environment: 'sandbox' | 'production';
  defaultCurrency: 'SOL' | 'USDC';
}

// On-ramp: Buy crypto with fiat
export function initiateBuy(params: {
  amount: number;
  currency: string;
  walletAddress: string;
}): Promise<MoonpayTransaction>;

// Off-ramp: Sell crypto for fiat
export function initiateSell(params: {
  amount: number;
  cryptoCurrency: string;
  bankAccount: string;
}): Promise<MoonpayTransaction>;
Features:
  • 160+ countries supported
  • Apple Pay, Google Pay, credit/debit cards
  • Built-in KYC verification
  • Direct bank transfers

x402 Protocol (Micropayments)

HTTP-native payment protocol for pay-per-use transactions: 
// x402 payment handler
interface X402Config {
  facilitator: 'coinbase' | 'custom';
  network: 'solana' | 'base';
  currency: 'USDC';
}

// Handle 402 Payment Required responses
export async function handlePaymentRequired(
  response: Response,
  wallet: Wallet
): Promise<PaymentResult>;

// Create payment middleware
export function createPaymentMiddleware(
  endpoints: Record<string, { price: string }>
): Middleware;
Use Cases:
  • API access payments
  • AI agent transactions
  • Content micropayments
  • Pay-per-use services

Virtual Cards

Generate and manage virtual Visa cards: 
interface VirtualCard {
  id: string;
  last4: string;
  expiryMonth: number;
  expiryYear: number;
  balance: number;
  status: 'active' | 'frozen' | 'cancelled';
}

// Card operations
export function createCard(walletAddress: string): Promise<VirtualCard>;
export function topUpCard(cardId: string, amount: number): Promise<Transaction>;
export function freezeCard(cardId: string): Promise<void>;
Supported:
  • Apple Pay integration
  • Google Pay integration
  • Online transactions worldwide

Blockchain Integration

Solana RPC Methods

MethodUsage
getBalanceQuery SOL balance
getTokenAccountsByOwnerList SPL token holdings
getSignaturesForAddressFetch transaction history

Known Token Registry

const knownTokens: Record<string, string> = {
  'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v': 'USDC',
  'Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYB': 'USDT',
  'So11111111111111111111111111111111111111112': 'wSOL',
};

Next Steps

Key Derivation

Cryptographic derivation deep dive

Encryption

Transport encryption details