o5j5vg55bv5hv5j5f8799f9
commented
6 years ago this might actually be important for security:
don't make user type (private key and pin number) using random keyboards, that can be key logged.
have to make your own keyboard interface, especially for pin number big clear numbers can be really nice
plus it solves the issue of random android keyboards covering up screen in really annoying manner forcing you to hit back out of them and sometimes closing app
Official client now generates private key for users that are ~50 character long alphanumerics.
Typing that in every time obviously very difficult.
Storing clear text alpha numeric or storing locally encrypted with software chosen key would be unsecure!
Solution:
User would have to give the app their private key first time regardless.
Ask user for a local pin number or short password - lets call it UNLOCK_KEY (e.g. 943615)
Use Symmetric cryptographic algorithm like AES-256 to encrypt the private key with UNLOCK_KEY for storage on phone. symmetric ofc means same UNLOCK_KEY is used for encryption and decryption.
When user exist the app and returns, request user to enter his UNLOCK_KEY, and use the UNLOCK_KEY to decrypt the stored encrypted private key to use in the active wallet.
Result: after first putting in private key when first setting up wallet, in all following uses a user only has to put in his pin number for example to access wallet - something they can remember (e.g. 943615)
protects user from keyloggers after 1st set up in the following uses doesn't force user to memorize private key or make it too simple doesn't require to type complicated cap-lowcap-numeric passwords every time doesn't rely on clear text stored private key which would be bad
Android/java package example for symmetric encryption: