Open redDwarf03 opened 1 year ago
some infos about the goal of my request
Currently, the Archethic wallet generates its private/public key pair from a derivation of the seed represented in the wallet by a series of 24 words that can be understood by the user.
These keys allow for the retrieval of information within the keychain and decryption of information.
In addition to the 24 words, Archethic aims to add another key pair storage system by relying on the Yubikey electronic authentication device.
The Yubikey doesn’t replace the seed phrase, as if the user loses an authentication method, they must be able to use another method to secure their funds.
The Yubikey allows to generate a key pair and link it to a specific PIV slot (1) (numbers 82 to 95). Once the key pair is registered in a slot, it is not possible to change it.
As there isn’t an unlimited number of available slots, only minimal useful information is stored, leading to the use of 3 slots with a key rotation system:
NB: It isn’t possible to access the private key of each slot.
NB: We need to request users to choose 4 slots to avoid data overwriting.
If we evolve the keychain's access in the transaction chain:
Alternating between the "last" and "next" slots requires adding a slot containing the value of the transaction index in the chain in order to position oneself on the correct information.
In the context of a signature, the Yubikey signs with the slot according to the index.
When creating a secret in a transaction, an AES key created by a cryptographically secure random number generator is encrypted. This encryption is done using an ECIES (2) algorithm using the public key.
In the case of using the Yubikey, an ECDH (3) operation is performed with the public key of the last address to calculate the secret
To retrieve the secret, and as ECDH is symmetric, we can retrieve the AES key to decrypt the secret by reusing ECDH and the public key.
On the technical side, the Archethic wallet is developed using Google's "Flutter" framework to facilitate the deployment of the solution on multiple platforms from a single source code (4).
As for the Yubikey, its editor Yubico provides native APIs
To simplify the use of the Yubikey SDKs, Archethic has implemented a Flutter library YubiDart (https://pub.dev/packages/yubidart) to embed the two SDKs and facilitate integration on any platform.
The currently available methods are:
All available methods meet the requirements of this article.
Hello
The Yubikey allows to generate a key pair and stores it in a specific PIV slot.
i would like to store 3 keypairs and 1 information "index" (integer). This index allows to know which slot we can use when we want to sign something.
1) Where can i store my informations because the documentation specify slots 82 to 95 is for retired keys ? 2) Have you got a method to check if a slot is available before store keypair or index ? Or perhaps it's possible to predetermined slots who are already in used to use free slots. 3) Have you got a method to sign something from the private key store in a specific slot ?
Thank you