Security

Security

Here are some details about how the security is managed in the application. To read more about our security model, please refer to the security whitepaper (opens in a new tab).

How private data is stored by CLI

Goals

  • Data is stored encrypted on disk.
  • Store the master password, so it is possible to decrypt the transactions whatever derivation method is used.
  • Store the device secret key, so it is possible to synchronize the transactions.
  • Don't store the above secrets unencrypted, so if the computer/disk is stolen it is impossible to retrieve them.
  • Allow secret retrieval without use of OS keychain if it is not available (e.g. on some Linux distributions).
  • Allow secret retrieval without storing the master password in order to guarantee a manual action.
  • The two above cases are the same because, if the master password is required to get access to the local key, it is useless to store the master password encrypted by the local key.

Solution used

  • The OS password management system (Keychain for macOS, Credential Vault for Windows and libsecret for Linux) is used to store the randomly generated local key. It is then the responsibility of the OS keychain to encrypt this local key.
  • The secrets (master password and device secret key) are encrypted using the local key and stored into the DB.
  • To be able to retrieve the local key if the master password is known, it is encrypted using the master password and stored into the DB. Then, even without access to the OS keychain it is possible to retrieve all the secrets. If you don't want to use the OS keychain and/or store your master password encrypted, you can use the command dcli configure save-master-password false.
  • To encrypt the local key using the master password a derivate has to be generated. However, at this point no derivation settings are known, so it is hard-coded via a fake transaction generated by getDerivationParametersForLocalKey in keychainManager.ts.

Other considerations

  • You can disable the use of the OS keychain by using the command dcli configure save-master-password false. In this case, you will be asked for the master password every time you start the application.
  • You can enable biometrics unlock by using the command dcli configure user-presence --method biometrics. In this case, you will be asked for a user presence check (e.g. fingerprint) every time you start the application before the OS password management system is requested.