Securely store:

• Seed phrases
• Private keys

Each element stored is associated with an ID that we plan to store in clear in a database (e.g.: Hive). It will be used to list all the seed phrases and private keys we have for example.

For a given private key ID or seed phrase ID, we can then retrieve the key stored securely using our secure storage.

How to store data securely?

iOS and MacOS

Use the secure enclave when available, fallback to password protected storage.

See below for more example for the Secure Storage implementation.

Android

Use biometric_storage if biometric authentication is available.

It stores data in an encrypted file using AES 256 GCM

• Key is generated with a KeyStore
  • Uses StrongBox when possible (with its instabilities)
  • Requires authenticated user with fingerprint

If biometry is not available, fallback to password protected storage implementation.

Windows / Linux / Web

Password protected storage.

Password protected storage implementation

Encrypt the private key using AES 256 with a password from the user.