Wallet should generate private keys/bitcoin addresses for use in new multisigs, store them in a wallet.json, and encrypt it with a salt consisting of the userid and password, or just the password, which of course is not stored in the .json.
The NPM used for keygen needs to be checked on re: the robustness of its randomness.
User sessions are just about decrypting a wallet file you periodically re-upload to the app.
patrickdugan
commented
3 years ago
Wallet should generate private keys/bitcoin addresses for use in new multisigs, store them in a wallet.json, and encrypt it with a salt consisting of the userid and password, or just the password, which of course is not stored in the .json.
The NPM used for keygen needs to be checked on re: the robustness of its randomness.
User sessions are just about decrypting a wallet file you periodically re-upload to the app.