Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

store encryption key with Android's keystore

See original GitHub issue

If I’m not mistaken, BlueWallet on Android does NOT use Android’s KeyStore to store the wallet’s encryption key, but derives an encryption key from the wallet passphrase that is then used to decrypt the wallet. Is my understanding correct?

If this is the case, then I strongly suggest that the encryption key should be stored with Android’s KeyStore, which is backed by hardware security for many Android devices and is thus significantly harder to extract or bruteforce than the software key derivation (which can be performed via an offline attack on much more powerful hardware after getting hold of the encrypted wallet).

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:7 (5 by maintainers)

github_iconTop GitHub Comments

Overtormentcommented, Dec 14, 2020

if youre intereted, transaction data (which contains no secrets) is offloaded to Realm database (that’s faster) and this tx data is encrypted via the same user’s password or default password. all encryption is AES256.

marcosrdzcommented, Dec 13, 2020

That is correct. The file class/app-storage.js is where this takes place.

Read more comments on GitHub >

github_iconTop Results From Across the Web

how to securely store encryption keys in android?
Generate a RSA key pair into Android Keystore, and encrypt the AES key using RSA ... Store encrypted AES key into Android SharedPreferences....
Read more >
Using the Android Keystore system to store and retrieve ...
The Android Keystore system lets you store cryptographic keys in a container to make it more difficult to extract from the device.
Read more >
Storing Secret Keys in Android - CodePath Cliffnotes
A public/private key RSA pair is generated, which is stored in the Android device's keystore and protected usually by the device PIN. An...
Read more >
How to use the Android Keystore to store passwords and other ...
The Android keystore provides a secure system level credential storage. With the keystore, an app can create a new Private/Public key pair, and ......
Read more >
How to Encrypt Data Safely on the Device and Use the ...
We need to keep track of the keys we use in our Android app. So, on Android, we have something called the Android...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found