@jbrnt, @gweedo need you help guys.
As I told we are working on secure wallet.
We have some variants how to make secure EASY-to-use mobile wallet:
1. User generates key on the client side, Key saved in device LocalStorage encrypted with 4 digit PIN. User is offered to click backup to save the key encrypted with PIN on our server.
2. User do all stated above, but he is offered to encrypt backup key one more time with additional PASSPHRASE.
If key is backup-ed:
First variant means that we can theoretically steal money, but hackers can't.
Second means that even we will hardly decrypt the key. But he will probably LOSE his key (clearing the cache) and forget PASSPHRASE.
What do you think is the best variant to do it?
Don't encrypt with just a 4 digit PIN unless you going to have a huge salt that goes with it that is very random.
I don't know what you are exactly asking? The user generated key should never leave the device, in an unencrypted form, and should be stored on the phone in an encrypted form. That requires the user to unlock.
You shouldn't need to access to the key, the javascript should be able to sign the transaction and you broadcast it for them. Unless you are doing multi-sig then you have them sign the transaction and then you sign the transaction with your own key.
We can technically do all the stuff.
I mean if we store only on device, what if user lose device? or clear cookies. He will not have any way to restore it from our server. right?
So we think probably we can store key encrypted on our server as a backup.
The questions are: Do we need a backup? Crypt one time? Or crypt 2 times?
I would do a secure backup making it impossible for you to read but just hold. I would also have a way so the user can back it up without your service. So like a random string that being hashed can be regenerate their keys. Like BIP 32
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawikiThat will be done in main web Wallet with storage, I'm telling about a wallet, which can be set up without a PC in just few seconds.
User can't copy long numbers from phone screen and so on. But we will do BIP 32 or HD wallet as a main wallet. Mobile wallet will be for spendable needs and must be a bit more easy to use.
Makes sense?
So I think your advice is encrypting on the phone local storage + having the way to encrypt it more, like one more encryption level, and backup on the server (when we don't know the pass-phrase to decrypt).
Correct?