peppelinux
commented
3 weeks ago I'm prone to introduce a middle color between those two, enabling such hybrid solution you briefly described.
if a PR would be produced by you @surfnet-niels in the meanwhile, that would be appreciated and supported by me
Also with a 'Mobile Wallet Native Application' implementations there may not be a clear distinction between custodial and non-custodial. The key is in that case partially stored on the users device and partially in a HSM. As an example of a real life system (Yivi/IRMA) that used this approach: https://privacybydesign.foundation/irma-explanation/
From their site: "Credentials are cryptographically bound to a mobile phone, and to each other, via a personal secret cryptographic key. This private key is crucial for the security of the Yivi app; it must be stored securely. Such secure local storage is difficult on a mobile phone, since the device may be rooted or hacked. That is why a small but crucial part of this private key is stored outside the phone on a so-called keyshare-server that is operated by the Privacy by Design foundation. The Yivi PIN code is checked by the keyshare server, see the more detailed explanations elsewhere. Only when the PIN checks out, will the server participate with its own small part of the secret personal key, and can attributes be disclosed. The keyshare sever will not see the attributes themselves, nor to whom they are disclosed."