When a user creates a new account, they do so by creating a new keychain. A 12-word seed phrase serves as the root for that keychain, from which everything else is derived. The first 'key' on the keychain is a master signing key, derived from the raw seed phrase.
When a user creates a new account or restores their account on a new device, the app needs to derive the master signing key from the seed phrase, and store it in a local vault. This local vault uses a device specific password to lock / unlock access.
GIVEN a new user in the 'get started' workflow
WHEN user click 'get your keychain now"
THEN generate new seed phrase AND show to user AND confirm user has right seed phrase
AND WHEN user enters / confirms "unlock password"
THEN derive master signing key from seed phrase AND encrypt with device password AND store in local vault
Children
[x] #811
[x] #812
[ ] #813
[x] #876
Questions:
what specific algorithm will be used for seed phrase generation? how will app interact with that algo?
need to force app to "forget" seed phrase after showing to user and deriving signing key?
at which point should key generation happen? at which point should it be encrypted?
All building blocks to submit the RBAC transaction are in place. In the future when key derivation algorithm will be specified the temporary key derivation from #876 will be replaced by #813
Summary
Create local signing key
Description
Parent #727
When a user creates a new account, they do so by creating a new keychain. A 12-word seed phrase serves as the root for that keychain, from which everything else is derived. The first 'key' on the keychain is a master signing key, derived from the raw seed phrase.
When a user creates a new account or restores their account on a new device, the app needs to derive the master signing key from the seed phrase, and store it in a local vault. This local vault uses a device specific password to lock / unlock access.
GIVEN a new user in the 'get started' workflow WHEN user click 'get your keychain now" THEN generate new seed phrase AND show to user AND confirm user has right seed phrase AND WHEN user enters / confirms "unlock password" THEN derive master signing key from seed phrase AND encrypt with device password AND store in local vault
Children
Questions: