How Are WalletConnect Payloads Encrypted?

2/18/2023, 8:17:54 AM - Henry Ibok
How Are WalletConnect Payloads Encrypted?

WalletConnect is an open protocol used to link decentralized apps (DApps) to third-party wallets.

The narrow choice of user-friendly wallets—in particular, and alternatives that don’t necessitate installing browser extensions—was the driving force behind the creation of protocols like WalletConnect.

WalletConnect was created to link a wallet to a DApp without requiring any additional hardware or software to establish a connection.

Although the design is primarily geared toward mobile wallets… desktop wallets are also supported.

The protocol requires that the DApp and the wallet connect to a Bridge server using WalletConnect to relay communications.

A symmetric key is then used to decrypt the payload and the URL for the bridge server once the communication is initiated. This is possible with a standard URI format that specifies the connection request’s topic.

In this post, I’ll take you through how WalletConnect Payloads are Encrypted.

Key Takeaways

• The design essentially requires two peers (DApp and Wallet) linking the Client system connected by a WebSocket server (Bridge).

• The first peer to request a connection is the initiator (DApp). The Bridge Server receives an encrypted payload from the DApp that contains information about the connection request and a one-time topic.

• The DApp puts together the necessary parameters to establish the connection: (handshake) topic, bridge (URL), and (symmetric) key, using the WalletConnect Standard URI format (EIP-1328).

• Payloads are symmetrically encrypted through a shared key between two peers.

SEE ALSO: How To Use Ledger Nano Product With WalletConnect

Core Features Of WalletConnect

• It supports numerous active sessions.

With the help of the WalletConnect protocol, users can keep many active sessions in the same browser by separating the pairing and session lifecycles.

A session is a situation in which two parties are linked through the wallet. This makes it possible for programs to share wallets among themselves. The public sectors are becoming more relevant for WalletConnect.

• It is chain agnostic.

Chain agnostic and adaptable, WalletConnect works with many different chains. It supports Polkadot, Solana, and Ethereum.

In the future, support for more chains will be provided.

WalletConnect is also cross-platform compatible, allowing users to utilize it in games as well as on other platforms.

A wide range of applications is included in the WalletConnect ecosystem. We’ll go through a few advantages of wallets that are independent of chains in this article.

• It works with several browsers.

An encrypted connection between two programs or devices is established through the open-source protocol known as WalletConnect.

The two peers are connected using two keys that WalletConnect produces.

Users need only scan a QR code or deep-link to start the connection. This protocol supports numerous browsers and devices and provides an easy-to-use user interface.

In place of conventional email and internet security protocols, it’s a fantastic option. These are its advantages.

• It works with video game programs.

Gaming apps are compatible with the new bitcoin wallet WalletConnect. With this approach, DApp integration with your crypto wallet is simple.

Users can access their accounts using their mobile devices to log in and manage their funds.

Bitcoin, Ethereum, and Litecoin are just a few of the DApp chains that WalletConnect is compatible with. has further information about them.

This capability works with a wide variety of gaming programs and various well-known wallets.

SEE ALSO: How To Link Ledger Nano X To WalletConnect

How To Create a Connection

How Are WalletConnect Payloads Encrypted?

Either a QR Code or a deep link will be used to read the URI by the second peer (Wallet). The peer will instantly receive and decrypt the connection request payload after reading the URI.

The user request details provided by the DApp will subsequently be shown by the Wallet. The connection will then be approved or rejected by the user.

If refused, the DApp will instantly disconnect from the Bridge Server and, if the Wallet provides one, throw an error message.

The DApp will receive the specified account and chainId from the Wallet if it is accepted.

Once the connection has been made, the DApp can send any JSON-RPC call requests to the wallet for processing, including requests to read data from its node or to sign transactions or messages.

Additionally, there is a Push Server option from the Wallet side to sign up for push alerts.

Only when the user has granted permission for the connection request will this push notification subscription be registered.

With this subscription, you may choose how private you want to be. A localized message may also be displayed in addition to the name of the peer making the request or a generic message may be displayed.

How WalletConnect Payloads are Encrypted

Therefore, before being posted as messages to the Bridge server, all payloads are signed and encrypted with the active symmetric key.

AES-256-CBC and HMAC-SHA256 are the respective encryption and signature techniques employed. The following is a breakdown of the encryption payloads:

interface EncryptionPayload {

data: string;

hmac: string;

iv: string;


Hexadecimal strings make up each field (data, hmac, and iv). Therefore, before decrypting the data field with the active key and supplied iv, the receiving peer will first check the hmac.

Events & Payloads

Numerous things can happen both internally and amongst peers. Each of these events has a matching payload.

While all cross-peer events adhere to JSON-RPC 2.0, the internal events on the other hand are client-specific.

Internal Events

Connect, disconnect, session update, and call requests are examples of internal events. The internal events are organized as follows:

interface InternalEvent {

  event: string;

  params: any[];


Cross-peer Events

WC session Request, wc session Update, all Ethereum JSON-RPC queries, and eth signTyped Data are examples of cross-peer events (EIP-712)

These events are formatted as the ensuing JSON-RPC 2.0 requests and responses:

interface JsonRpcRequest {

  id: number;

  jsonrpc: “2.0”;

  method: string;

  params: any[];


interface JsonRpcResponse {

  id: number;

  jsonrpc: “2.0”;

  result: any;


Push Notification

Only native applications can subscribe to push notifications (current libraries only support mobile applications).

A subject, bridge URL, notification type, and notification token are all needed by the push server.

The bridge URL is the one to subscribe to, the type of notification will vary for each mobile platform, and the token is used to target the particular mobile device.

The topic will match the client id that will receive the call requests.

Additionally, there are additional options to supply a peerName of the other peer to customize the notification messages and language code (ISO-639-1) to localize push notification message content.

Push Server will send a subscription request to the Bridge Server when registering a push notification subscription, instructing it to keep an eye out for any incoming payloads that match the specified topic.

Additionally, a webhook for the push notification will be shared.

SEE ALSO: WalletConnect Vs Fortmatic Wallet – Best Comparison

Final Thoughts

A safe method of communication between wallets and DApps is via WalletConnect (Web3 Apps).

The protocol connects two applications or devices remotely while employing a Bridge server to transfer payloads.

Through the use of a common key between the two peers, these payloads are symmetrically encrypted.

When the other peer accepts the connection request made by one peer and displays a QR Code or deep link with a standard WalletConnect URI, the connection is created.

And so, in this article WalletConnect and how Payload is Encrypted.

Read More