could you include in the description/documentation where the private keys are stored and how access to them is secured ? It's quite sensitive to upload a private key, without knowing where it is going ...
Great job anyway ! Thanks !
The text was updated successfully, but these errors were encountered:
I did consider storing the private keys in the iOS Keychain. What made me decide against it, is that Apple encourages users (maybe it's even the default?) to sync the Keychain via iCloud.
While this happens end-to-end encrypted, one cannot be certain that Apple doesn't (have to) have a master key.
(This is also the reason why there is currently no option to "remember" the passphrases for private keys.)
That said, I am open for discussion on this topic.
Indeed, the 'weak' point will be if and when data is stored on iCloud, either the Keychain or CoreData database.
It would be interesting to compare how other crypto apps did address this (e.g. https://github.com/status-im).