Skip to content
This repository has been archived by the owner on Feb 17, 2021. It is now read-only.

Update browser wallet to protect private keys #44

Open
OR13 opened this issue Jul 30, 2019 · 1 comment
Open

Update browser wallet to protect private keys #44

OR13 opened this issue Jul 30, 2019 · 1 comment

Comments

@OR13
Copy link
Collaborator

OR13 commented Jul 30, 2019

https://github.com/decentralized-identity/ua-web-extension/blob/master/global/js/web-keystore.js#L111

For signatures that can just use window.crypto, we should protect them from extraction.

Keys that are needed for on page signing can't use this obviously, so secp256k1 is probably not going to work.

@OR13
Copy link
Collaborator Author

OR13 commented Jul 30, 2019

However, this could be very useful for P2P UA connections for PWAs.

Imagine you have 2 wallet apps, which are managing keys for DIDs.

The 2 apps configure a serviceEndpoint to rendevouz and add non extractable keys to their respective DID documents.

After the DID Update operations succeed, an end to end encrypted p2p connection can be established between the 2 wallet apps.

The 2 apps can privately communicate over webrtc, with confidence that the decryption keys cannot be extracted (easily) from the browser.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant