-
Notifications
You must be signed in to change notification settings - Fork 36.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MacOSX: wallet.dat content should be stored in Mac OSX Keychain #2545
Comments
|
|
I agree it would be nice if the OSX wallet was smart enough to store keys in the OSX keychain; it is exactly the type of thing the keychain is designed for. |
I agree that the keychain is a more appropriate place for private keys than the wallet.dat file. In particular this protects users with unencrypted hard drives and non-admin users on a shared computer (?). An interesting possibility would be to create a fresh keychain specifically for the wallet. I suspect however that it's too much effort to maintain this in a cross platform setup. Some practical of issues I'm seeing:
|
I'm not subscribed to this issue or watching this repo but I just received an email notification for @Sjors comment. Is this a Github bug? |
@Sjors (my answer/thoughts/ideas regarding your comments)
|
I'm going to close this for now. I think the likelihood of us adding more macOS specific code to implement this is very low. |
If Apple ever adds the correct curve to their secure enclave chips on Macs, and allows signing with it, then we should consider adding support for that. |
I'm not sure if it's a good idea, but let's see what others think:
Could we not store the wallet.dat content in the MacOSX keychain?
The keychain then would provide a basic security (secured with the login credentials).
Of course we could keep the wallet encryption function (encrypted wallet in encrypted keychain data).
In my eye it would provide basic security for normal users.
As you noticed, i'm focusing on mac improvements. Windows 8 should also have a encrypted registry like keychain.
What do you think about this? Already discussed?
I could provide the MaxOSX implementation.
It just could be a keychain string store with a base64 string of wallet.dat. Length is limited to NSString length what then would be 2^32 - 1 (4.2 billion chars).
The text was updated successfully, but these errors were encountered: