Griplock

We’ve updated and finalized the Griplock v2 architecture. Wallets are no longer derived from PIN, NFC UID, or secret inputs. They’re generated from a random on-device master secret. Recovery moves to a 2-of-3 threshold model: • Encrypted Google Drive share • Encrypted device share • Hardware-backed passkey No seed phrases. No paper codes. No custody. Authentication now operates as a programmable execution layer, combining human auth and physical intent without touching wallet derivation. This architecture is built to scale into agent-driven execution: • AI agent–initiated transactions • Programmable intent policies • Human verification gating • Physical confirmation via NFC Agents can execute workflows but humans always hold final intent. This is the architecture we’re building toward, not just what exists today. Full architecture: gist.github.com/griplockdev/57…

Griplock v2.0.1 just dropped with fixes for Universal NFC & Dashboard connection github.com/Griplock-Labs/…

Initializing griplock-skills. agents build the transaction, your phone signs it. keys never leave the device. github.com/Griplock-Labs/…

Griplock v2.0.0 just dropped 🔐 Shamir 2-of-3 secret sharing recovery 🗝️ Non-deterministic wallet generation 📱 Multi-NFC wallet support 🛡️ XChaCha20-Poly1305 encrypted shares 📄 .griplock recovery file export/import full V1→V2 architecture overhaul Your keys, your shares, your wallet. No server ever touches your secret. github.com/Griplock-Labs/…

Just tested the new $Grip V2 wallet flow NFC tap → PIN set → master secret generated → Shamir 2-of-3 split → PBKDF2 derivation → ephemeral keypair in memory only. nothing stored on any server. wallet disappears when you close the app. that's the whole point.

Your agent can execute. But only if you approve. NFC verify. PIN authorize. Griplock secures every payment.

GRIPLOCK v2.0.0 just dropped - Shamir 2-of-3 secret sharing - Non-deterministic master secret - Multi-NFC wallet profiles - XChaCha20-Poly1305 encryption recovery file export with encrypted backup Your keys never touch a server btw, you're welcome. github.com/Griplock-Labs/…

4/ Under the hood: Argon2id KDF, XChaCha20-Poly1305, hardware-backed keys, NFC intent gate, ZK compression via Light Protocol. Built on @Solana. Mobile-first. Open development.

3/ New phone? Cloud backup + Passkey. PIN reset? Device + Passkey. Passkey reset? Cloud + Device. Multiple strong factors support a clear, reliable recovery path while preserving security.

Rebuilt from the ground up. 1/ Resilient, multi-factor security helps you manage crypto access with confidence. Shamir’s Secret Sharing, paired with mobile-first security.

Migration will be required when it goes live. This is more than just an upgrade… We're embracing a future where you may not need a hardware wallet anymore. docs.griplock.io/changelog

Thanks for the clarification 🤝

Market sentiment is low. Volume is thinning. But building never stopped. Behind the scenes, Griplock continues to evolve. We’re preparing the transition to Version 2, featuring: - Enhanced security framework - Refined system architecture - Stronger foundation for long-term scalability

Griplock is now officially verified on Google Play Console ✅ For transparency: release won’t be instant. Under new Google Play rules (2024–2025), personal developer accounts created after Nov 13, 2023 must run a closed test with at least 20 testers for 14 days before public launch. After testing, the app still needs to go through Google review, which may take additional time.

Play Store setup is already in progress. Release is uploaded, configs are set. Currently pending Google review for “Finish setting up your developer account” (identity verification). While that’s being reviewed, we’re moving straight to the next update and cooking the next feature set.

Griplock Discord is live. Join: discord.gg/3DsxzYRj

You don’t need to connect a wallet. Just scan once and sign via Griplock. The Griplock dashboard lets you send privately, then verify and sign using your intent via the mobile app. After pushing a new mobile app version, we discovered a bug affecting the dashboard. A fix is already in progress and will ship ASAP. We’re preparing a Discord for: • bug reports • general community discussion • product updates

The most practical recovery design for self-custody today isn’t a single “magic code,” but redundancy. Recovery codes get lost, NFC UIDs aren’t secrets, and seed phrases are too fragile for most people. So the approach has to be multi-factor, without paper and without introducing custody. In Griplock, recovery is built around a 2-of-3 model. One share is stored in the user’s Google Drive as an encrypted blob. One share lives locally on the device using SecureStore or Keychain. The third share uses a Passkey or platform authenticator such as FaceID, TouchID, or Android Keystore. Any two of these are sufficient to recover access. In real usage, if a user forgets their PIN or secret, recovery can be done using Google Drive and the Passkey, with an NFC tap acting as an intent gate so the process can’t be triggered remotely. If a phone is lost or replaced, Drive and the Passkey on the new device are enough to recover and re-pair NFC. If Google Drive is compromised, the attacker only has one share, which is not sufficient. If a Passkey is reset, the device share and Drive share can still be used to recover. There is no paper backup. No “write down 24 words.” No user-facing seed phrase. Recovery relies on things users already have and already protect in their daily lives. This works because there is no single point of failure. Google Drive is just cloud access without physical presence. Passkeys are hardware-backed and cannot be copied. Device storage is local and sandboxed. NFC UIDs are used only for presence and intent, not as cryptographic keys. An attacker would need control across multiple domains, not just one breach. To make this safe, a few things are non-negotiable: all PINs or secrets must go through a strong KDF such as Argon2id or scrypt with a unique per-user salt; all encrypted data must use AEAD like AES-GCM or ChaCha20-Poly1305; recovery should always result in a new wallet with assets swept over and the old wallet abandoned. A time delay and user warning before sweeping is optional but strongly recommended. The goal isn’t to make recovery easy. It’s to make self-custody resilient to human error without creating new trust assumptions.

Today we submitted Griplock for Google Play registration. Registration in progress. Product keeps moving.