vmaark
commented
5 years ago it is possible with Android as well, there's already a react-native library for it: https://github.com/oblador/react-native-keychain
Open agazso opened 5 years ago
vmaark
commented
5 years ago it is possible with Android as well, there's already a react-native library for it: https://github.com/oblador/react-native-keychain
vmaark
commented
5 years ago isn't the iOS keychain a part of iCloud? Not necessarily something we should use, even if it's not synchronized by default.
agazso
commented
5 years ago Keychain is a technology on iOS that can store encrypted data protected by your fingerprint. It's true that your stored passwords can be stored on iCloud to be able to share between different Apple devices, but it's not so different than using a password manager. Also it's a relatively new feature (the sharing part), so it's not turned on by default, as far as I know.
If you are against the idea of storing the privateKey in a password manager, we can store the private key in the app state, encrypted with another key, which we can store in the Keychain. Then even if your Keychain is compromised, your personal data won't leak automatically.
vmaark
commented
5 years ago I like that solution! 👍
Store the private key in the iOS Keychain. Access it with TouchID/FaceID. Create a
signfunction with it (basically a closure with the private key). As long as the app is active you have access to thesignfunction from the code, but not the private key. You can then sign messages, transactions etc. If we need multiple identities, we can store the differentsignfunctions in a map, indexed with the public keys.