Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Where/How to Store Private Keys for Web Wallet 2FA Support? #149

Open
mattlockyer opened this issue May 21, 2020 · 1 comment
Open

Where/How to Store Private Keys for Web Wallet 2FA Support? #149

mattlockyer opened this issue May 21, 2020 · 1 comment
Labels
enhancement New feature or request

Comments

@mattlockyer
Copy link
Contributor

Looking for feedback on this.

We need to come up with a secure method of storing our keys that provide the 2nd Factor for users that have enabled 2FA with web wallet.

Since we need the keys to be usable we will have to have access via code + env vars, but they should be encrypted at rest.

I'm a little in the dark re: this repo's deployment, where the postgres database is hosted, if there are any protections already in place and if they are sufficient. Please illuminate!

@mattlockyer mattlockyer added the enhancement New feature or request label May 21, 2020
@mattlockyer mattlockyer changed the title Where/How to Store Private Keys for Web Wallet 2FA Support Where/How to Store Private Keys for Web Wallet 2FA Support? May 21, 2020
@mattlockyer mattlockyer added this to the Web Wallet 2FA milestone May 21, 2020
@vgrichina
Copy link
Contributor

We can generate effectively unlimited number of keys from one private seed (supplied in env variable) and account name. Ideally that would happen on some kind of HSM, but I think it is out of scope for MVP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants