Open Arif-Shahriar028 opened 2 months ago
@Arif-Shahriar028, this might help: https://github.com/openwallet-foundation/bifold-wallet/discussions/374
1) We use an encrypted database (via Askar). The actual encryption key is securely kept/managed as encrypted records using the wallet key 2) I would think that almost anything is possible from rooted device. I recommend using App Attestation to check if the app is running on rooted devices 3) It depends of the crypto being used. Some protocols might be possible, but we do not have HSM support in place yet :(
Hi @cvarjao
I was also curious about this.
Can you confirm what you mean by "wallet key". Is this something that is stored on device, or is it somehow tied to a user entered PIN ?
As I understand, both Android and IOS support some type of Secure OS or something of that nature to store sensitive information that would be much more difficult to retrieve even on a rooted device. https://support.apple.com/en-ca/guide/security/sec59b0b31ff/web https://www.trustonic.com/technical-articles/what-is-a-trusted-execution-environment-tee/
In theory the wallet key could be stored there so it is better protected.. Does that sound correct ?
Thanks
The wallet key is derived from a generated salt + user PIN.
at the moment , we are using react-native-keychain to provide the keychain abstraction between iOS/Android, but it does leverage platform/OS specific secure Keychain/Keystore
The wallet key is derived from a generated salt + user PIN.
* The generated salt is always [stored in a secure keyckain](https://github.com/openwallet-foundation/bifold-wallet/blob/ea2300f5186539d23cc401b90b92cb859f24a9e6/packages/legacy/core/App/services/keychain.ts#L69) * If the user has biometric authentication enabled, the wallet key is stored in a [secured keychain with biometrics protection](https://github.com/openwallet-foundation/bifold-wallet/blob/main/packages/legacy/core/App/services/keychain.ts#L61) * if the user has biometric authentication disabled, then the wallet key is [re-created](https://github.com/openwallet-foundation/bifold-wallet/blob/ea2300f5186539d23cc401b90b92cb859f24a9e6/packages/legacy/core/App/services/keychain.ts#L61) by retrieving the salt and combining with the user's PIN
at the moment , we are using react-native-keychain to provide the keychain abstraction between iOS/Android, but it does leverage platform/OS specific secure Keychain/Keystore
This is perfect, thanks so much
@cvarjao thanks for your response! I have a few more queries regarding your response.
I have rooted my android phone and installed bifold, then issued some credentials. As the phone is rooted, I can explore its root files.
This is the root folder of the application.
I found this sqlite database in the root folder. I also checked it by db browser, but no readable data could retrived. Everything is encrypted.
These are the files of shared_pref folder. Inside that folder there is an rn_keychain.xml file where salt value can be found. But I am not sure are they encrypted or not.
This is the rn_kechain.xml file.
Now my question is:
Thanks for your time!
I am wondering if we can make some changes to not have it stored in that file.
We are using Keychain.SECURITY_LEVEL.ANY. There are a lot inconsistence in the way that vendors support hardware encryption (Keychain.SECURITY_LEVEL.SECURE_HARDWARE). I also noticed we are a couple of versions behind, that things have changed in that react-native-keychain library.
Any help in this space would be very much appreciated.
Ideally the salt should be in the keystore backed by the secure area (SE/TEE). This requires a biometric or device PIN/passcode to enable the encryption. There is an option in the core wallet to turn on a feature that requires biometrics (PIN and Biometrics). This has better security at the cost of usability, as not everyone can or wants to use biometric authentication.
Unfortunately, even if the salt is part of the encrypted key store (backed by the secure area), it will still be accessible (with some effort) if you can access the device directly - e.g., you can shim the crypto libraries and extract the salt or the key directly.
To truly secure the key as a hardware cryptographic device (as per NIST) you need to create the keys in the secure area. This is only supported for EcDSA keys. There is a plugin in development for Askar that will support hardware backed keys.
The solution required depends on the level of assurance that you need for your use case.
I have a few questions regarding the cryptographic key security in the Bifold wallet:
I appreciate any insights or recommendations on these topics. Thank you.