Notifications that a new device was added to your account so that you can take appropriate action if necessary. In addition to this, you will receive plenty of To protect against someone with access to one of your desktop devices from provisioning a new mobile deviceĪnd using that to gain access to a mobile-only account, the server will not return the encrypted account privateīundle to any mobile devices that are less than 7 days old.
Once you set an account to be mobile-only, the server will only return the encrypted account private bundle With the keybase app to retrieve your secret keys. Since mobileĭevice applications have better sandboxing, there is less likelihood of a rogue application interacting
Mobile-only modeĪs an extra security measure, you can mark any of your Stellar accounts as "mobile-only". This is so that other users can find which account belongs to you so they can send you Stellar lumens or assets. When you change which Stellar account is your primary account, a link is inserted in your sigchain. The server visible bundle structure is packed into binary data via msgpack. The msgpack data is then encoded into a string via base64. That structure is packed into binaryĭata via msgpack. The encrypted data, nonce, version of encryptedĭata, and generation of the PUK are put into a structure. Random nonce and the derived symmetric key. The account private data is packed into binary data via msgpack. That structure is packed into binary data via msgpack. The encrypted data, nonce, version of encrypted data, and generation of the This is then sealed with a random nonceĪnd the derived symmetric key. The user private data is packed into binary data via msgpack. The keys used for encryption are symmetric NaCL keys derived from the user's PUK seed andĪ constant string specific for these bundles.įor user private bundles, it is: key = hmac(key=, data="Derived-User-NaCl-SecretBox-StellarBundle-1")įor account private, it is: key = hmac(key=, data="Derived-User-NaCl-SecretBox-StellarAcctBundle-1")
On PUKs, but a simplistic view of it is a seed that is encrypted for all device keys To encrypt this data, the client uses Per-User Keys. Sign a transaction, the client will fetch the account private bundle and discard it after use. The client will fetch server visible and user privateįrom the server in order to display the wallet accounts, their balances, recent transactions. It cannot decrypt user private or account privateĪs it does not have the encryption keys necessary. Name: account private.Īll Stellar data are stored in the Keybase database. Per-account encrypted data containing the private stellar account key necessary for signing a transaction.the account name) about all the stellar accounts in the user's keybase wallet. A global bundle of encrypted data containing secret metadata (i.e.A bundle of plaintext data, visible to user and server with information about the stellar accounts in the user's keybase wallet.Links in the sigchain for your primary Stellar account ID.Keys on the Keybase servers allows you to have all your Stellar accounts on all your devices. The key is then erased from memory as soon as it is no longer needed.Īlthough the keys are stored on the Keybase servers, the private keys are encrypted withĪ client-side key that the Keybase servers do not have access to. Key bundle from the Keybase servers, decrypts it to get the key, and signs the transaction. When you need a Stellar private key to make a payment, the client downloads the account Other users can find a Stellar address to send you payments. A sigchain link is created for your primary account so A bundle of all your Stellar account information When you add a Stellar account to your Keybase wallet, the private key and the name of theĪccount are encrypted by your client. The Keybase Stellar wallet keeps your Stellar account keys secure yet conveniently available
0 kommentar(er)
