keystore storage query - Githubissues

EOSIO / eosjs-keygen

Javascript keys generator for EOS

71 stars 42 forks source link

keystore storage query #1

Open crazybits opened 6 years ago

crazybits commented 6 years ago

is the keystore component platform independent? we are considerring to dev a wallet app with RN, not sure whether if will be supported or not.

jcalfee commented 6 years ago

Things for RN we need to plug in:

[ ] Persistent storage
[ ] Secure random number generator
[ ] A location path or URI to identify higher security pages from pages that may display user-provided content (for security). This is like the URL in a webapp.

Do you have an Api reference you want to use for the 1st two? Does RN have a URL router?

crazybits commented 6 years ago

seems existing keystore use localstorage to save the keys, but RN does not support localstorage, any suggestion ?

jcalfee commented 6 years ago

It should be easy to pick out local storage for RN .. However, keystore / keygen is not for encrypted storage, it still needs a secure password manager to keep the root seed. That is what I would want to look into: are their good password managers in the RN environment or does one have to build that out..

crazybits commented 6 years ago

i am also aware of that existing keystore keep the plain private key which is not secure and also looking for the suitable solution, and one more thing is that the existing storage implementation is synchronous, but the RN asyncstorage is asynchronous, how could we plugin the asyncstorage to existing keystore in RN environment @jcalfee

jcalfee commented 6 years ago

For async, deriveKeys(params) and logout are probably the only two functions that should return a promise. All the fetching may update the disk cache but it is updating the cache with derived data and additionally keeping it in RAM (so the fetch can return data synchronously) ..

ekkis commented 4 years ago

I also have similar questions. I'm doing research on what it will take to build what I need. here's what I need to accomplish from my React Native app:

1) generate private/public keypair 2) create account (haven't decided which blockchain yet) 3) store account name and keypair (probably asyncStorage) but encrypted 4) possibly have the user set up a PIN code used to encrypt the keypair

from the above, I'm not sure whether i even need the keystore. I'm imagining that when the app runs, it checks the storage and if it finds a keypair then it can sign transactions. is there code somewhere doing what I need?

I can see from https://github.com/EOSIO/eosjs-keygen how to create the keypair and account but I'm wondering how everyone else manages this