Import from Polkadot Vault
This guide describes how to connect a Polkadot Vault account with Talisman.
If you are using Parity Signer (an older version of the app, before the rebrand) we recommend that you back up your recovery phrase and install the latest version of Polkadot Vault.
If your device is too old to install Polkadot Vault (e.g. the iPhone 6 or earlier) you can still follow this guide, but the steps you need to take on the device will differ. Feel free to reach out on our Discord if you need help getting set up.
Polkadot Vault (previously: Parity Signer) is a mobile app available for both iOS and Android which can turn any unused phone into a secure hardware cold wallet for Polkadot, Kusama, and other Substrate-based chains.
Parity provide some good tips for ensuring your Polkadot Vault device is securely airgapped here. HydraDX also provide some good tips regarding SIMs, passwords, and other security best practices here.
What follows is a guide on how to use Polkadot Vault with Talisman to safely secure your accounts, without compromising on your experience in the multi-chain Paraverse.
Step 1: Select your trust model
To sign transactions on a substrate blockchain like Polkadot, the signing device needs access to some information about the chain. We'll refer to this information as the metadata.
Without the metadata, the device would be limited to only signing a few specific transaction types on a few specific chains (as was the case with Ledger cold wallets circa 2023 - no crowdloans and no staking!).
With Polkadot Vault, the chain metadata can be transmitted to the device by scanning a QR code.
But we want to be sure that the metadata hasn't been tampered with.
To verify that it is genuine, the metadata is signed by a trusted individual. Generally this is someone who works at Parity (for metadata.parity.io) or Nova Wallet (for metadata.novasama.io).
As a Polkadot Vault and Talisman user, you have the choice to place your trust in either the metadata portals above, or alternatively in the security of your Talisman wallet itself.
The pros and cons of each approach are as follows:
Option 1: Trust the Metadata Portals
Pro: At the time of writing, this is the ecosystem default
Pro: For existing Polkadot Vault users, this doesn't require you to change your Vault at all
Con: Doesn't support some parachains
Con: Each metadata update must be signed by a human, which can mean after each chain runtime upgrade you will be unable to sign transactions for a short while
If you would prefer to use the metadata portals (or if you're already using Polkadot Vault with other wallets and you're just looking to use it with Talisman too), you can skip straight to Step 2 to continue setting up Polkadot Vault for use with Talisman.
Option 2: Trust the Talisman
Pro: Works for every parachain, all the time
Pro: Once set up, is very easy to use (the core Talisman team uses this approach as they prefer its superior UX)
Con: You can only use Talisman to update your metadata, unless you reset your Polkadot Vault (so there is some wallet lock-in)
Con: Requires some initial set-up (which is detailed below)
If you would like to try our preferred approach, you must first remove the pre-installed Verifier Certificate which ships with Polkadot Vault.
This certificate ensures that you can only update metadata for the Polkadot, Kusama and Westend chains when it has been signed by someone from Parity (and added to metadata.parity.io).
Instead, you will be signing your own metadata updates via some open source code in the Talisman wallet.
To remove the default verifier certificate, first BACK UP ANY ACCOUNTS YOU HAVE CREATED ON THE DEVICE. Removing the certificate will reset your Vault (and remove your accounts).
This bears repeating, so:
🚨 BACK UP ANY ACCOUNTS YOU HAVE CREATED ON THE DEVICE BEFORE PROCEEDING 🚨
Next, follow along with these steps:
The app will reset, and the default viewer certificate will be removed. You will now need to recover your keysets using your recovery phrase.
That's all that you need to do on your Polkadot Vault device.
Now that the default verifier certificate is removed, a new one will be automatically installed when you add your first chainspec in Step 4.
The signer for your chainspecs and chain metadata QR codes will by default be the first account created when you set up your Talisman wallet.
If you reset your Talisman wallet, you will need to set it up with the same recovery phrase again in order to keep using your Polkadot Vault.
The only way to change the verifier certificate on Polkadot Vault is to reset the app as described above, so if you set Talisman up with a different recovery phrase, you will also have to reset your Polkadot Vault.
You can change the signer for chainspecs and chain metadata QR codes by going to your Talisman Wallet settings -> Recovery Phrases -> Open the ···
menu next to the intended recovery phrase and select Set as Polkadot Vault Verifier Certificate
.
Continue to Step 2 to create or import your account(s) into your Polkadot Vault.
Step 2: Create or import your account(s) into your vault
Tap Add Key Set
on the app and then:
tap
Add new Key Set
if you would like to set up a new account with a new recovery phrase, ortap
Recover Key Set
if you already have a recovery phrase you would like use.
Follow the prompts to set up your account.
On the final page, Create Keys
, we recommend that you deselect the default networks. If you leave them selected then three accounts will be created, one for each network. Each account will have its own derivation path i.e. //polkadot
, //kusama
and //westend
.
Unless you specifically want a separate account for each network, we recommend that you instead create one single multi-network account.
You can do this by following along here, note that the derivation path is intentionally set to be empty:
Step 3: Connect your Polkadot Vault account(s) to Talisman
Open your Talisman and go to the Add Account section. Select Import Polkadot Vault and then Turn on Camera.
Next, scan the QR code on the Polkadot Vault app which is shown when you select your key set and then the Polkadot network account:
You will then be presented with a screen in your Talisman to enter a name for your account, and you will be given the option whether or not to restrict the account to a single network.
You should turn this option on if you use a different derivation path for each network. If you don't, or if you don't know what a derivation path is, it is best to leave this option turned off. More information on the difference between these options can be found in the appendix.
Step 4: Sign a transaction
This next step begins with the sign transaction prompt, so you will need to create a transaction to continue!
Pick your favourite dapp, or if you don't have one then you can use the send funds feature of your Talisman wallet. In this example we're going to send 1 DOT from one account to another.
Congratulations! You're now using Polkadot Vault and Talisman to secure your recovery phrase!
FAQ / Troubleshooting
Errors in the Talisman UI
1010: Invalid Transaction: Transaction has a bad signature
We've seen this error intermittently on the Send Funds confirm screen, but have been unable to determine its cause yet. Our recommendation for now is to try and send the tokens again, it's likely to work on the second attempt.
If you are unable to send the tokens after a second attempt, please hop into our Discord and create a post in the #help-and-bugs channel so our team can be made aware of the issue.
Errors on the signer device
Please Download polkadot Network Metadata
Your device has no metadata for the network you're trying to sign a transaction on. This metadata is required in order for the device to add your signature into the transaction payload, which will be submitted to the chain.
To fix this, follow the instructions to update your network metadata in the Step 4: Sign a transaction section of this guide.
Something has gone wrong. (General verifier)
If you see an error titled Something has gone wrong
and the description includes a message like so:
This error occurs when you try to update the metadata for a chain using a different method to the one you used to set that chain up.
If you tried to update the metadata via a QR code with a Talisman logo in the middle, try using the Parity metadata portal (metadata.parity.io) or the Nova Wallet metadata portal (metadata.novasama.io) instead.
Vice versa, if you tried using a QR code from a metadata portal or one with a Parity/Nova Wallet logo in the middle, try switching to the Talisman
option by using the dropdown:
Appendix: One Multi-Chain Account vs Many Single-Chain Accounts
When using Parity Signer or Polkadot Vault, there are two approaches you can take to organising your accounts on the signing device.
Talisman supports both approaches, but there are some caveats to consider, so we recommend a quick read through this guide to ensure a smooth and confusion-free experience.
Method 1 - One Account per Chain
Method 1 is more straightforward than method 2, but it requires more manual account management on your part. If the idea of using a single account for all chains sounds appealing to you, skip through to method 2.
The first method is to use a different account derivation path for each chain.
For example, your Kusama account might use the derivation path //kusama
, while your Basilisk account might use //basilisk
.
When using this method, it's best to import each account with the 'Restrict account to Network Name
network' option switched on to prevent confusion and errors.
This will tell your Talisman wallet to only show each account when interacting with the chain it is configured for, which will help you avoid two possible error scenarios:
You won't be able to create invalid transactions (i.e. transactions on the wrong chain) with this account. These are transactions which if scanned by the signing device it will refuse to sign them.
Because the
Receive funds
view will only show this account for the one chain, you won't accidentally send tokens to this account on the wrong chain. You would want to avoid this, because as you cannot sign transactions on other chains with this account, if you send it some tokens on the wrong chain you won't be able to access them.
Method 2 - One Account for Every Chain
Alternatively, a single derivation path can be used for all networks with the 'Restrict account to Network Name
network' option switched off.
Last updated