Add ability to export encrypted key

[ligi]

A user forgot his pin and he wants to brute-force it. When not having a rooted phone you cannot access the encrypted key. We should have such an option for it - maybe a bit hidden so normal users are not confused by it - just for support cases.

[jlmxyz]

beside this and for more security, I prefer my key not to be stored in the app's files. I'm new the eth and crypto concurency but I'm used to public/privates keys as a user I would like to store my private key on a secured encrypted storage :

• created by myself and stored only where I know and only me know how to uncrypt the storage
• not on the phone
• only have the public key stored on the phone/web (if everything works the way I think it works, the public key is used from someone to send some ETH to me, and the private allow me to store into my wallet or to access the wallet content (eg, decrypt it) )

so as a user :

1. I would like to have to "open" the private key (and enter password/pin) when I want to send something or when I want to see what is my wallet,
2. the key should be kept in memory the time the wallet app is open, but not stored in non volatile storage
3. key memory should be wiped as soon as possible (by option : after screen off, when loosing focus, on hibernation)

also if my phone crash and that I have to do a factory reset I MUST be able to restore the key, and for this I MUST be able to backup it.

I don't trust clouds that "OWN" my keys and provide me some series of words to restore the key (what if the server is hacked? what if the firm dies and no more access to the server? everything will be lost?) and I don't trust phone storage to be a good place to have the keys stored, it's easy as the user don't have to select a file and enter a password each time, but totaly unsafe.

accessing the storage is really easy and unless the phone is crypted, anyone can have access (and anyway even if the phone is crytped, the crypto isn't as strong as having the keys stored elsewhere, as long as the keys are stored within the volume, it's just a matter of time)

[ligi]

WallETH already supports "watch only" mode (private key not on the phone) - also supports TREZOR, KeyCard and KeepKey where the key is not on the phone. Also you are able to export keys that are on your phone - but in case it is protected by a pin/password you need that to do so. In this case a user wanted the encrypted key to brute force it off the phone. Not really see any action WallETH can take in the text you wrote.

[jlmxyz]

also supports TREZOR, KeyCard and KeepKey where the key is not on the phone. <= I don't trust something :

1. that can be lost without backups, and if I've backups, I've no way to invalidate the key that was lost
2. can stop working due to hardware issue (either because of miss-use (fall into water for example) or just because hardware issue (ho! too bad the capacitor died!!! you lost everything!!! oh the NFC antenna dies, you lost everything)
3. won't follow cryptography evolution, and will eventually be hacked (in particular not updatable firmwares)
4. store information somewhere else and I'm not sure that it isn't shared without my consent... I don't know what Trezor devices do... I've no way to rebuild the hardware (it's not open hardware, neither open software), I've no way to investigate security appart trusting marketing... my government already sell my medical datas, and I've to trust a firm to not do so????
5. if updatable, that can die during update...

Also you are able to export keys that are on your phone <= How? did not found

actions WallEth can do :

1. ask for my private key file EACH TIME IT IS REQUIRED and ask me to unlock it, secure wipe memory used to store any information that I entered during this time
2. SECURE WIPE memory right after using it, (for example :
   1. app is in foreground => ok the user use it, the key can be kept in memory
   2. app is in foreground but no action for a "user tunnable time" => secure wipe the private key memory
   3. phone locks and the "user tunnable time" expire => secure wipe the private key memory
   4. app goes into background, "user tunnable time" expire => secure wipe the private key memory (to allow the user to go check some information for a short time)
   5. android send "hibernation" events => secure wipe the private key memory
   6. android poweroff => secure wipe the private key memory
   7. ...

by "secure wipe" I means : overwrite the whole memory used with random data

[ligi]

you see an export key button when editing the account

[jlmxyz]

I created a password protected key using wallEth, let wallEth without use for 1 night, opened wallEth when you said I can export

1. the account is displayed, and password was not asked
2. when I go into accounts, I see
   1. Goerli pusher
   2. Goerli simple faucet
   3. Goerli social faucet
   4. LIGI
   5. Michael Cook
   6. Rinkeby Faucet

and? where is my account created????

on main screen, I've a copy icon, a (i) icon, a photo icon..... (i) leads to a text, copy copy the ethereum id nothing in preference nothing in security/Privacy.....

[ligi]

The account you created should be in the list of accounts. I cannot reproduce the problem you have. Did you really finish the account creation?

[jlmxyz]

yes, I did even be able to export the eth id...

[ligi]

And you did not delete the account? Can you repoduce it? What version are you using? First time I hear about such a problem

[jlmxyz]

seems that the issue is with the "first time creation" at startup if I go into account->(+) then I create an account with same behavior (password protected), now the account is listed... by the way, I don't know if eth permit it, but I think you should also provide "keyfiles" selection for passwords, like veracrypt, this improve greatly the security, and as well some ghosting...

keyfiles increase security because

1. the person has to know the keyfile used
2. a keyfile can be outrageous long while a password is always short compared to 3MB of random data
3. the attacker has to know that there is one or more keyfiles to provide in addition to the password
4. the keyfile can be any "regular" data found on a phone, a picture, a sound file, some text files, a video...
5. there is 100000000 files on a regular phone 1000000000000000000000000000 on some sdcard

ghosting is also mandatory for security because if someone point a gun on a member of your familly, asking to unlock the eth account, you must have a way to show him a fake account or another account that have few eth on it so that he can steal them (even if there is some kind of tracking with blockchains, nothing prevent some one patient to steal 2000Eth, wait years and use them years later when prescription occured.... ) ghosting allow to unlock a crypted data with an alternate key that show the "non sensitive datas" in this case an account that have a balance that don't worth it...