0

Say I'm trying to develop a CEX, hence I will hold custody of users' keys. How would I go about doing that and ensuring safety and security?

From what I know, I can generate the users' keys from a seed phrase and store the path used to generate the keys. And these seed phrases will be stored in an HSM.

schroeder
  • 123,438
  • 55
  • 284
  • 319
whitebat 199
  • 1

1 Answers1

1

And these seed phrases will be stored in an HSM

It's a misuse and most likely completely impractical. HSMs are not for storing large amount of arbitrary data, they are optimized to store a finite amount of crypto key created/imported during a key ceremony, then uses them. It would be a lot more practical to encrypt/decrypt those on the fly using a key stored in the HSM.

Most (all?) HSM are accessed using the PKCS#11 API which doesn't provide a clear way to do what you want.

Bruno Rohée
  • 5,221
  • 28
  • 39
  • i see your point, thanks. I'd also like to know if such an approach is secure and sustainable, or what the custodial-industry standard for key management is – whitebat 199 Jun 01 '22 at 11:25
  • I'm unaware of any standard, and given the amount of exchanges compromised I'd assume the industry average practices are a complete shitshow to be honest... – Bruno Rohée Jun 01 '22 at 11:36