Author

Topic: Wallet encryption (Read 425 times)

full member
Activity: 148
Merit: 100
Crazy!
February 03, 2014, 10:47:01 PM
#2
I would have expected some answers, nobody cares about wallet encryption?
full member
Activity: 148
Merit: 100
Crazy!
February 02, 2014, 08:59:58 PM
#1
Hello,

I'm currently working on a multi-currencies web wallet.
I'm wondering about the security of the encryption model I chose:

- During wallet setup, the user choose a password
- His browser (using JsEncrypt library) generates RSA (1024 bits) private/public key pairs
- It encodes the user's private key using AES encryption (symetric) and send the encrypted private key + the user's public key to the server for saving (using CryptoJS library)
- Private key of addresses the user generates are encoded using it's public key (this way I don't need to ask the user for its password)
- When signing a transaction, I ask the user for its password, decode its RSA private key using it and then decode the address' private key using the decrypted RSA private key.
- This also have the advantage to permit the user to change its password easily (on the server side I only need to save the new encrypted private key, without changing addresses encrypted private keys)

This seems pretty robust to me. Do you see any weakness in this model?
Jump to: