How to protect private keys easily and securely?

[mczarnek]

I am working on an app and it will involve holding on to private keys, including Bitcoin private keys.. how can I make this secure and easy for users?

This is a mobile and desktop application.

Thank you!

[DuddlyDoRight]

Android and IOS "keystore" APIs that keep private keys in TEE(hardware isolation even IOS or Android kernel can't touch) where you can send it a pointer/buffer and it decrypts or encrypts to another buffer/pointer.

Only services can read other apps storage and only when the app responds and allows it via API callbacks. The exemptions are jailbroken devices and only where there is a vulnerability known for the TEE kernel that's loaded by a signed bootrom before the OS in to ARM Trustzone, per-app sandbox defeated etc..

I'll tell you how secure Android and IOS TEE kernels are: The one in IOS world class famous hackers can't get around(KPP undefeated by all the dev teams despite efforts by their best) and the Android ones no malware to date have touched and all banking apps and POS devices use it for everything.. A professional researcher found something in one of the many TEE kernels years ago and it went nowhere..

[ctlaltdefeat]

I am working on an app and it will involve holding on to private keys, including Bitcoin private keys.. how can I make this secure and easy for users?

This is a mobile and desktop application.

Thank you!

that's good idea,i think private key should be protected not because it can be see or copied by other person,but if we use mobile online wallet it have potential to known by some application developer,and this is important to make applcation to protect private key,

[Kprawn]

Nobody will trust their private keys to some proprietary software with hidden code. You should create some OpenSource code and submit it on GitHub for scrutiny, before anyone will take it seriously.

I prefer to be in full control of my own private keys and never put it online, until I need to sweep them to my main wallets. You will have a tough time getting people to trust your APP. Good luck

with your project. 

[DuddlyDoRight]

Nobody will trust their private keys to some proprietary software with hidden code. You should create some OpenSource code and submit it on GitHub for scrutiny, before anyone will take it seriously.

I prefer to be in full control of my own private keys and never put it online, until I need to sweep them to my main wallets. You will have a tough time getting people to trust your APP. Good luck

with your project.  

Those API calls in the public GIT repos are all binary without source code. The best possible key manager without additional hardware would use Keystore APIs which never even show you your keys. Encryption is worthless without hardware isolation and good key exchange algorithms.