Web3 Keystore compatibility

[youngjoon-lee]

There is already a TODO: https://github.com/medibloc/panacea-js/blob/960607d39b02ec10a928e644ff2e5f8d472c3a0e/src/crypto/index.js#L167

This code uses

• key derivation function: pbkdf2
• cipher algorithm: aes-256-ctr

However, Web3 Secret Storage Definition says the cipher algorithm should be aes-128-ctr, not aes-256-ctr.

All minimally-compliant implementations must support the AES-128-CTR algorithm

On the contrary, panacea-core uses

• key derivation function: scrypt
• cipher algorithm: aes-128-ctr

I would suggest that the cipher algorithm of panacea-js should be replaced with aes-128-ctr. Also, for the compatibility with panacea-core, we need to decided the KDF (pbkdf2 vs scrypt).

If panacea-js has being used for many services, the backward-compatibility would be a critical issue.
If it's the problem, I can modify panacea-core because the keystore is used only for DID in panacea-core. There's no backward-compatibility issue. But still, the cipher algorithm should be aes-128-ctr.

[youngjoon-lee]

After discussing with @cl9200 in Slack, we decided to use PBKDF2. I will change the panacea-core: https://github.com/medibloc/panacea-core/issues/38.

About the cipher algorithm, the aes-256-ctr has already being used in https://wallet.gopanacea.org/#/. So, let's take the following strategy:

• Storing: Use aes-128-ctr according to the Web3 Secret Storage Definition.
• Loading: Support both aes-256-ctr and aes-128-ctr for backward-compatibility.