Bitcoin Forum
November 12, 2024, 05:54:44 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Wallet encryption  (Read 423 times)
crazydownloaded (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100

Crazy!


View Profile
February 03, 2014, 01:59:58 AM
Last edit: February 03, 2014, 03:02:06 AM by crazydownloaded
 #1

Hello,

I'm currently working on a multi-currencies web wallet.
I'm wondering about the security of the encryption model I chose:

- During wallet setup, the user choose a password
- His browser (using JsEncrypt library) generates RSA (1024 bits) private/public key pairs
- It encodes the user's private key using AES encryption (symetric) and send the encrypted private key + the user's public key to the server for saving (using CryptoJS library)
- Private key of addresses the user generates are encoded using it's public key (this way I don't need to ask the user for its password)
- When signing a transaction, I ask the user for its password, decode its RSA private key using it and then decode the address' private key using the decrypted RSA private key.
- This also have the advantage to permit the user to change its password easily (on the server side I only need to save the new encrypted private key, without changing addresses encrypted private keys)

This seems pretty robust to me. Do you see any weakness in this model?

Est. February 2012
crazydownloaded (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100

Crazy!


View Profile
February 04, 2014, 03:47:01 AM
 #2

I would have expected some answers, nobody cares about wallet encryption?

Est. February 2012
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!