Improve vault encryption

Open gantunesr opened this issue 2 years ago • 1 comments

Description

As part of the new KeyringController API, there's a need to improve the current encryption logic for the vault.

Today the user's password directly encrypts the vault, there's an improvement opportunity where the KeyringController can use an encryption key to encrypt the vault. Next is presented the specific steps for two use cases,

Use Case: Lock the vault

Create or get encryption-key
Encrypt vault with encryption-key
Encrypt encryption-key with password

Use Case: Unlock the vault

Decrypt encryption-key with password
Decrypt vault with encryption-key

Acceptance Criteria

[ ] The encryption key must have a defined use policy
[ ] All new code must have tests
[ ] All new code must be document

Reference

API Re-design Proposal

Apr 05 '23 19:04 gantunesr

Encrypted Vault Example

{
  cipher: "YUxHweDzSJEUBiXhAI6x7lvOfSy7H3t5ywpTdCEgMK4N6DaZo/FGEIoxuwBSzGWU5zxeVhOOeEMMsHpG+RNsNZNHwwxYU54s3guo3iYbaOfC+0B7RXgFcFLAdH55aIfTqhQ7gbsGsWTav0k4BIBxULW/uS3JIE0LDN8K0r6LXtDM9NFuyc2+m1aOH4/T2HpejT7yJWizy7R4WaN9Q7Cy20phOZ35beNPon62ZoIg7N57zwNtbYI9/Rg/vCq2Ds8dNuHg1VZkxtJLH1DpAeQZZr2XIEzflMgSdaPNvfPH8Sv2OxLmwcmxwSCC2jF0lyfON2VLx8tZz5pBD5BL1mN8RwWHb8VkWSAGTAa3ENUy3xpBBMEOQAMtmH+Gy7WdPuuvw9YwpVqS3FaucerMWWqvHvr/l8OE6MvwWsLiimAxElHFPkztNuR5QwHcQ9Q1hEn2+1LLXmZttjrJ9QiZBPnOaoZMCDkJsbQmJjP/JVrViNTbPRzbsZ9tRpRvdoWJ7IWBE9SIe3wgMcj3yG1koUP7YEOSdYcRY1grm4PSiTkja/lZE+OZzwQddxrKNAjXLnpkPbtss9oI6ZBi0PxmU4djfflhAKMMioXIN0k5U6LY58VR2EUXxbZrh+rLz8ybtcOK0vi4hE5Zfiz7Kb/ceeZHh7OeyaboqryBQZryOHLTJ4RZ62wa4r+D9VQStWz+/zi7pQmqQHbbFAfWsnv002c+htmG4KRG9Ss16wM3oqgrQW5XmaTHpWIN5u/J/Zef3Q0r5sQE3C1cW+tjI3ZnH82iuGvyBFxztKo3atjtaogkKrQbqYtOlCT+q/L9Gz9Gil+HzdYjK1nylP2kE2+5kMmOc/szyW4umMcK0HrQjoxZbaYm+rXAObzaONXpkRaEWr2NPPk5DYe+hALtgziK05aS8t1HgRrR0d2XZxwDwW7y/SBKppi8F76sR1IuWTQLRtko06e0yWBuUy4ThOnlpC4GrYWyLbm0MW56g2FxEUKybJwi+hLmt8zumDmPePAeKYvp",
  iv: "fd98fce552738df2a183da14acc9b8e2",
  salt: "/w1IHCoSZrPcUZMlLzq0qw==",
  lib: "original"
}

Decrypted Vault Example

[
  // HD Keyring
  {
    data: {
      hdPath: "m/44'/60'/0'/0",
      mnemonic: [110, 111, 98, 108, 101, 32, 99, 114, 117, 105, 115, 101, 32, 114, 105, 99, 104, 32, 112, 117, 98, 108, 105, 99, 32, 112, 114, 105, 115, 111, 110, 32, 115, 101, 109, 105, 110, 97, 114, 32, 102, 101, 119, 32, 115, 101, 99, 111, 110, 100, 32, 115, 116, 101, 101, 108, 32, 97, 120, 105, 115, 32, 99, 114, 97, 102, 116, 32, 115, 117, 114, 102, 97, 99, 101],
      numberOfAccounts: 1
    },
    type: "HD Key Tree"
  },
  // Simple Keyring
  {
    data: ["08dbe017e1fd5ddb709de0456ba602b630025449dc8313ebab22d624e5208a69"],
    type: "Simple Key Pair"
  },
  // QR Keyring
  {
    data: {
      accounts: [],
      childrenPath: "0/*",
      currentAccount: 0,
      hdPath: "",
      indexes: {},
      initialized: false,
      keyringAccount: "account.standard",
      keyringMode: "hd",
      name: "QR Hardware",
      page: 0,
      paths: {},
      perPage: 5,
      version: 1,
      xfp: "",
      xpub: "",
    },
    type: "QR Hardware Wallet Device"
  }
]

Apr 12 '23 02:04 gantunesr

KeyringController KeyringController copied to clipboard

Improve vault encryption

Description

Acceptance Criteria

Reference

KeyringController
KeyringController copied to clipboard