fluidkey
Wallet attribute: Private key access security
Great idea by @PatrickAlphaC on the wallet stage system issue #173:
Key is stored in encrypted form
This seems like an important security attribute, for which we should have feature data. Currently we don't have anything.
I'd generalize this attribute to "is the private key securely accessed?", as this is a less-implementation-prescriptive way to express the same idea. Namely, this generalizes to also allow:
- Keys stored in hardware enclaves only that can't get out of it, without the wallet software having to implement encryption itself. Example: a mobile wallet that stores keys in enclaves.
- Keys stored in plaintext in confines of the filesystem that can't be accessed by other applications, as enforced by the operating system. For example, I believe Android apps' application-internal storage is confined to that application, and such enforcement is done by sandboxing other applications away from having access to these files. So the keys are safe from being read by any other application, even if the keys are stored in plaintext.
- Wallets that don't store keys at all. Example: Smart wallets for which the account is secured by a passkey managed outside of the wallet, and for which the passkey verification is done onchain (so not in the wallet software itself).
I'm wrong about there being no feature data on this; we do have some things around key handling in src/schema/features/security/keys-handling.ts. However it is hardware-wallet-focused, and also subjective (the KeysHandlingType enum is a tri-state PASS/PARTIAL/FAIL rather than objective criteria). We should probably revamp this and make this meaningful for both hardware and software wallets.