How do we store the root key?

[achou11]

On mobile, we use Expo's SecureStore API to handle storage of the rootkey that's passed to core. We need something similar for desktop, where we securely store the key on a device level. The key is sensitive and therefore it does not seem appropriate to store it via electron-store (see note in docs).

Seems like safeStorage is the technically sound option? Minor concern is that it requires some user-intervention, which has UX consequences (at least on macOS, where it prompts you to enter your root password in order to let the app access the keychain).

Open to other options and thoughts. Haven't explored the ecosystem too much so maybe there's something that's appropriate that I missed.

[achou11]

@gmaclennan any thoughts on this?

[gmaclennan]

The docs seem incorrect or misleading? The docs say you need the system keyring password (eg the root password), but the description of the protection from other users suggests that what it means is users keyring password? I think it is worth creating a test app with just safestorage to verify what it actually looks like.

[achou11]

yeah i tried it out and i believe it's the user's keyring password (at least on macOS)

my decision to use the "root" wording in the issue description was a little careless, fwiw