-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
26 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
|
|
||
|
|
||
| # Leveraging secure enclave for hardware signing | ||
|
|
||
|
|
||
| ## The Android side | ||
|
|
||
| Android allows for creating and signing with a secure private key that cannot be | ||
| extracted from the device via the secure keystore system. | ||
|
|
||
| [Android Keystore Documentation](https://developer.android.com/privacy-and-security/keystore) | ||
|
|
||
| Some notable features: | ||
| - Extraction prevention: key material cannot be extracted from the deivce in case of theft and | ||
| cannot be accessed by application processes. | ||
| - Hardware security module: similar to a Trusted Execution Environment (TEE), but specifically | ||
| embedded Secure Elements (eSE) or on-SoC secure processing units (iSE) | ||
| - Key use authorizations: specific authorizations can be set (and cannot be changed) to enforce | ||
| key usage to meet certain constraints such as specific algortithms or time intervals. | ||
|
|
||
|
|
||
| ## The Starknet side | ||
|
|
||
| On Starknet, our account implementation needs to allow for this hardware signer. | ||
|
|