feat: use hardware backed keys #125
Conversation
berendsliedrecht
commented
Jul 16, 2024
•
berendsliedrecht
commented
- Just waiting on a new release of credo.
berendsliedrecht
force-pushed
the
use-hardware-backed-keys
branch
from
122fe1e to
1bd09fb
Compare
| keyBackend: KeyBackend.SecureElement, | ||
| }) | ||
| .catch(() => { | ||
| throw new Error(`Could not create a hardware-backed key for keytype: '${keyType}'. Only P-256 is supported`) |
There was a problem hiding this comment.
How do we want to deal with this? Do we want to make sure secure element is only used for specific credentials? Only using secure env keys makes the wallet useless for phones without one.
There was a problem hiding this comment.
I think we should have a way to detect PID/QEAA usage, and if so, require hardware. But otherwise not use it.
Not sure how yet ... Maybe it can be an app.json config for now (like mediatorDid). As for Funke we now only have to deal with PIDs
There was a problem hiding this comment.
How do we want to do that? Maybe the VCT scheme in the app.json?
There was a problem hiding this comment.
So I think for now just make it a true/false whether to use hardware keys. If yes, you can only use hardware P-256. If no, you can only use software keys
berendsliedrecht
force-pushed
the
use-hardware-backed-keys
branch
from
1bd09fb to
fd39886
Compare
|
We can add patches for now (i had to do this for a separate branch recently). Pushed it to this PR |
berendsliedrecht
force-pushed
the
use-hardware-backed-keys
branch
2 times, most recently
from
19a18ad to
2672603
Compare
Signed-off-by: Berend Sliedrecht <[email protected]>
Signed-off-by: Timo Glastra <[email protected]>
Signed-off-by: Timo Glastra <[email protected]>
berendsliedrecht
force-pushed
the
use-hardware-backed-keys
branch
4 times, most recently
from
e3f6085 to
cd03489
Compare
Signed-off-by: Berend Sliedrecht <[email protected]>
berendsliedrecht
force-pushed
the
use-hardware-backed-keys
branch
from
cd03489 to
d77d6a6
Compare
