Hi there :) I have a potential problem with a potential solution to submit.
Problem: the server holds all the key that are used by user to sign their message.
If a malicious user gets a hold of these keys, they could potentially sign messages for other user.
Possible solution: use a different algorithm to sign messages, one that have both a private and public key. keep the private key only on the phone
Hi there :) I have a potential problem with a potential solution to submit.
Problem: the server holds all the key that are used by user to sign their message. If a malicious user gets a hold of these keys, they could potentially sign messages for other user.
Possible solution: use a different algorithm to sign messages, one that have both a private and public key. keep the private key only on the phone