Pillar 2: Security - Key Management and Generation

openwallet-foundation / safe-wallet-sig

This special interest group (SIG) will create, distribute and promote a set of material that will become the de-facto way to determine how "safe" the new breed of digital wallets is, and be able to compare them effectively. This SIG is a sub-group reporting to the OpenWallet Foundation's Technical Advisory Committee.

Creative Commons Attribution 4.0 International

9 stars 8 forks source link

Pillar 2: Security - Key Management and Generation #44

Open tlodderstedt opened 2 months ago

tlodderstedt commented 2 months ago

"Backup and Recovery: A robust key recovery system, or process, is critical to ensure users can regain access to their wallet(s)if the private keys are lost or compromised"

Can you please shed some light on how backup and recovery of keys should work if the wallet manages the keys in hardware? I think both aspects mutual exclude each other.

"Key Revocation: Processes for revoking and replacing compromised keys"

Wouldn't the issuer revoke the credential in case of a key compromise? I'm not aware of standards for key revocation.

"Private Key Management to prevent exposure during the rendering of transaction processes"

What does this mean?

andy-tobin commented 2 months ago

On your first point, we aren't going to specify particular implementation methods - those will be up to developers to execute. We acknowledge that there may be restrictions on backup/recovery mechanisms e.g. due to tight credential/device coupling (like in mDL) or restrictions on private key backup from secure areas. There are likely to be other credential types that are lower assurance level or 1-time issuance that have different requirements. We will add "where possible" to the text.

On the last point, thanks, we will expand on the explanation of "rendering" in that sentence.

jcafik commented 2 months ago

What does this mean? "Private Key Management to prevent exposure during the rendering of transaction processes" :

While the rendering process itself is not typically involved in accessing private keys, there are potential security risks if vulnerabilities exist in the software or hardware used for rendering. For example, if a rendering application has a security flaw, it could be exploited by malicious actors to gain unauthorized access to sensitive data, including private keys

To mitigate such risks, it’s crucial to ensure that all software, including rendering applications, is kept up-to-date with the latest security patches. Additionally, using strong encryption and secure key management practices can help protect private keys from unauthorized access