|
Title: Wallet encryption Post by: crazydownloaded on February 03, 2014, 01:59:58 AM Hello,
I'm currently working on a multi-currencies web wallet. I'm wondering about the security of the encryption model I chose: - During wallet setup, the user choose a password - His browser (using JsEncrypt library) generates RSA (1024 bits) private/public key pairs - It encodes the user's private key using AES encryption (symetric) and send the encrypted private key + the user's public key to the server for saving (using CryptoJS library) - Private key of addresses the user generates are encoded using it's public key (this way I don't need to ask the user for its password) - When signing a transaction, I ask the user for its password, decode its RSA private key using it and then decode the address' private key using the decrypted RSA private key. - This also have the advantage to permit the user to change its password easily (on the server side I only need to save the new encrypted private key, without changing addresses encrypted private keys) This seems pretty robust to me. Do you see any weakness in this model? Title: Re: Wallet encryption Post by: crazydownloaded on February 04, 2014, 03:47:01 AM I would have expected some answers, nobody cares about wallet encryption?
|