0

In my app, the user must use a private key to sign a transaction (on a blockchain). (It is quite common)

I am facing questions regarding how to store my user's private key on the device. I am to use a keychain module to store the private key in the phone memory, so that the User does not have to copy / paste it every time he/she wants to make a transaction etc.(That I know is dangerous)

But I suddenly wonder if I should not also encrypt the private key (so that it is not stored in clear view in the register). I would make an https request to my server to request the decryption key each time I have to use the key chain content (which contains the user's block chain private key).

Or, is the Android / iOS keychain already secure enough and I can leave the key clear in the phone memory?

Let me know if more details are needed.

Raphael St
  • 101
  • 1
  • 1
    Keys stored in Android keystore can only be used, not extracted from the device. If your app process gets compromised, attackers can sign or encrypt data but cannot read your private key. Keys are never exposed to your app memory. – b4da Nov 09 '21 at 22:27
  • 2
    Does this answer your question? [Secure way to hold private keys in the Android app](https://security.stackexchange.com/questions/242385/secure-way-to-hold-private-keys-in-the-android-app) – defalt Nov 10 '21 at 04:34
  • That is what I wanted to know. I wanted to make sure that keys are safe in Android and Ios Keystore, for users to sign transactions offline. – Raphael St Nov 10 '21 at 14:41

0 Answers0