-
Notifications
You must be signed in to change notification settings - Fork 151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How Bifold wallet maintain the security of cryptographic keys? #1226
Comments
@Arif-Shahriar028, this might help:
|
Hi @cvarjao I was also curious about this. Can you confirm what you mean by "wallet key". Is this something that is stored on device, or is it somehow tied to a user entered PIN ? As I understand, both Android and IOS support some type of Secure OS or something of that nature to store sensitive information that would be much more difficult to retrieve even on a rooted device. In theory the wallet key could be stored there so it is better protected.. Does that sound correct ? Thanks |
The wallet key is derived from a generated salt + user PIN.
at the moment , we are using react-native-keychain to provide the keychain abstraction between iOS/Android, but it does leverage platform/OS specific secure Keychain/Keystore |
This is perfect, thanks so much |
@cvarjao thanks for your response! I have a few more queries regarding your response. I have rooted my android phone and installed bifold, then issued some credentials. As the phone is rooted, I can explore its root files.
Now my question is:
Thanks for your time! |
I am wondering if we can make some changes to not have it stored in that file. We are using Keychain.SECURITY_LEVEL.ANY. There are a lot inconsistence in the way that vendors support hardware encryption (Keychain.SECURITY_LEVEL.SECURE_HARDWARE). I also noticed we are a couple of versions behind, that things have changed in that react-native-keychain library. Any help in this space would be very much appreciated. |
Ideally the salt should be in the keystore backed by the secure area (SE/TEE). This requires a biometric or device PIN/passcode to enable the encryption. There is an option in the core wallet to turn on a feature that requires biometrics (PIN and Biometrics). This has better security at the cost of usability, as not everyone can or wants to use biometric authentication. Unfortunately, even if the salt is part of the encrypted key store (backed by the secure area), it will still be accessible (with some effort) if you can access the device directly - e.g., you can shim the crypto libraries and extract the salt or the key directly. To truly secure the key as a hardware cryptographic device (as per NIST) you need to create the keys in the secure area. This is only supported for EcDSA keys. There is a plugin in development for Askar that will support hardware backed keys. The solution required depends on the level of assurance that you need for your use case. |
I have a few questions regarding the cryptographic key security in the Bifold wallet:
I appreciate any insights or recommendations on these topics. Thank you.
The text was updated successfully, but these errors were encountered: