Private key material storage
Family Wallet stores private key material using the keychain APIs provided by iOS. The wallet supports storing private key material as a raw private key as well as using the mnemonic representation.
Access to the keychain entries is only allowed to Family Wallet, and other apps cannot access private key material. If a PIN code or password are configured on the device, the wallet app requires user presence to be established. The access control policy is instantiated as such in LocalProtectedStore::getUserPresentAccessControl
.
do {
// if this fails, we simply do not ask for access control
// this will fail when a passcode is not set.
try self.checkCanAuthenticateUserIsDeviceOwner(using: context)
} catch {
return .success(nil)
}
var error: Unmanaged<CFError>?
var access: SecAccessControl?
access = SecAccessControlCreateWithFlags(nil, kSecAttrAccessibleWhenUnlocked, .userPresence, &error)
We note that kSecAttrAccessibleWhenUnlocked
allows keychain entries to be backed up and transferred to other devices. This means backups of the keychain made (e.g., via iTunes) will contain the (encrypted) private key data. Family Wallet developers could consider using the kSecAttrAccessibleWhenUnlockedThisDeviceOnly
access-control flag to prevent keychain entries from being able to be backed up and transferred to other devices.
This was addressed in the following commit:
20abd9a02bd9da1711f2fc87ca97be3f82790336