Seed encryption at rest (Argon2id + ChaCha20-Poly1305) + HW wallet plan
keystore.rs:
- Passphrase prompted on init (hidden input, echo disabled)
- Empty passphrase = plaintext (for testing/scripting)
- Encrypted format: MAGIC("WZS1") + salt(16) + nonce(12) + ciphertext(48)
- Argon2id for key derivation (memory-hard, GPU-resistant)
- ChaCha20-Poly1305 AEAD for encryption
- Backwards compatible: auto-detects plaintext vs encrypted on load
- Keys zeroized after use
DESIGN.md:
- Added hardware wallet section (Ledger/Trezor via USB/BT HID)
- Ed25519 signing delegated to device, seed never exported
- BIP44 derivation path m/44'/1234'/0'
- Phase 2 feature, protocol unchanged
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
12
DESIGN.md
12
DESIGN.md
@@ -42,6 +42,18 @@ seed (32 bytes) → Ed25519 signing keypair + X25519 encryption keypair
|
||||
| CLI | `~/.warzone/identity.seed` (encrypted with passphrase via Argon2 + ChaCha20) |
|
||||
| Browser | IndexedDB (non-extractable CryptoKey) + seed backup prompt on first run |
|
||||
| Mobile (PWA) | Same as browser, seed shown as QR code for device transfer |
|
||||
| Hardware wallet | Seed never leaves device. Ledger/Trezor sign via USB/BT HID. (Phase 2) |
|
||||
|
||||
### Hardware Wallet Support (Phase 2)
|
||||
|
||||
Ledger and Trezor can act as the key storage backend:
|
||||
- Seed lives on the hardware wallet, never exported
|
||||
- Ed25519 signing delegated to device (BIP44 path `m/44'/1234'/0'`)
|
||||
- X25519 encryption key derived from Ed25519 via birkhoff conversion, or separate derivation path
|
||||
- Client sends challenge → wallet displays → user confirms on device → signed response
|
||||
- No passphrase needed (device handles authentication)
|
||||
- Crates: `ledger-transport` (Ledger), `trezor-client` (Trezor)
|
||||
- Protocol is unchanged — only the `KeyStore` backend differs
|
||||
|
||||
### Device Transfer
|
||||
|
||||
|
||||
Reference in New Issue
Block a user