search

decentralized-identity / element

DID Method implementation using the Sidetree protocol on top of Ethereum and IPFS
https://element-did.com/
Apache License 2.0
102 stars 28 forks source link

Update browser wallet to protect private keys #44

Open OR13 opened 5 years ago

OR13 commented 5 years ago

https://github.com/decentralized-identity/ua-web-extension/blob/master/global/js/web-keystore.js#L111

For signatures that can just use window.crypto, we should protect them from extraction.

Keys that are needed for on page signing can't use this obviously, so secp256k1 is probably not going to work.

OR13 commented 5 years ago

However, this could be very useful for P2P UA connections for PWAs.

Imagine you have 2 wallet apps, which are managing keys for DIDs.

The 2 apps configure a serviceEndpoint to rendevouz and add non extractable keys to their respective DID documents.

After the DID Update operations succeed, an end to end encrypted p2p connection can be established between the 2 wallet apps.

The 2 apps can privately communicate over webrtc, with confidence that the decryption keys cannot be extracted (easily) from the browser.