Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Seed generation, encryption and storage support #1939

Open
shamardy opened this issue Aug 15, 2023 · 2 comments
Open

Seed generation, encryption and storage support #1939

shamardy opened this issue Aug 15, 2023 · 2 comments
Assignees
Labels

Comments

@shamardy
Copy link
Collaborator

shamardy commented Aug 15, 2023

Cryptographic operations shouldn't be the frontend/GUIs responsibility. Instead, they should be handled by the DeFi framework. To achieve this we should:

  • Allow initialization of the framework without a seed, in this case, a seed must be generated, encrypted and saved for reuse in a secure manner. It would also be good to create encrypt/decrypt APIs that GUIs can use to send files/data to the defi framework to encrypt before they can save it on their side or to decrypt after loading it from storage.
  • Seed generation should support BIP39 standard plus any other used/known standards.
  • This can be part of the crypto crate which includes the crypto context for HD/HW/Metamask/etc.. or a new crate can be created specifically for this. The idea is to separate this critical code from other non-critical parts.
  • We already use tiny-bip39 lib to create the HD wallet seed/secret from the Mnemonic phrase passed on initialization. This lib contains implementations for creating a new Mnemonic phrase from entropy. We need to check the library for any known issues before using it for this purpose.

ref: https://github.com/KomodoPlatform/komodo_encryption_tool/pull/1#issuecomment-1651230832, https://github.com/KomodoPlatform/komodo_encryption_tool/pull/1#issuecomment-1678687099
C.C. @ca333 @Alrighttt @yurii-khi

@shamardy
Copy link
Collaborator Author

shamardy commented Nov 10, 2023

For the library to use for mnemonic phrase generation I suggest rust-bip39, it's actively maintained unlike tiny-bip39 which we currently use for converting the phrase to bytes. rust-bip39 is also part of the Rust Bitcoin Community which is maintained by blockstream and the bitcoin community. It also includes pbkdf2 implementation if we decided to use it for seed encryption/hashing, if we decided to use Argon2 instead I suggest this library https://github.com/RustCrypto/password-hashes/tree/master/argon2, Argon2 is slower or more resource-intensive on mobiles or embedded systems though since it requires a large amount of memory.

@Alrighttt @ca333 @DeckerSU I would like your opinion on the above and which of pbkdf2, Argon2d, Argon2i and Argon2id should we use. I also think rust-bip39 should be checked from security perspective before using it, but it's ok for me if you check it on the PR instead since switching libraries shouldn't be a big problem.

@shamardy
Copy link
Collaborator Author

shamardy commented Apr 8, 2024

Checklist

Future:

  • Support different key derivations and encryption algorithms for the framework (SDK)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant