By Benjamin Fuentes
In the first part, we talked about different solutions for signing Tezos transactions on Android but there is no native solution with the highest protection (part 1).
Now, we will see what would be the perfect UX.
A quick reminder of available algorithms on Tezos by address:
- tz1 : ed25519
- tz2 : secp256k1
- tz3 : NIST p256r1 (secp256r1 with Blake2B hash)
- tz4 : BLS-MinPk
Signing requires an asymmetric keypair and a hash algorithm. These algorithms have been selected for Blockchain performance and security purposes.
The Android Keystore system lets you store cryptographic keys in a container to make them more difficult to extract from the device. Once keys are in the keystore, you can use them for cryptographic operations, with the key material remaining non-exportable.
This is the most secure way to handle security and integrate the Biometrics feature. An alternative would be to use another keystore that will do software-security protection and encrypt a file on the system. This later solution is less secure and does not leverage Biometrics support.
Once we go with the Android Keystore we have access to a limited list of supported algorithms
|AES in either CBC or GCM mode with 256-bit keys (such as AES/GCM/NoPadding)
|SHA-2 family (such as SHA-256)
|SHA-2 family HMAC (such as HMACSHA256)
|SHA-2 family with ECDSA (such as SHA256withECDSA)
Sadly, there is no match between Tezos algorithms and Android ones. The closest match is :
- Tezos : secp256r1 + BLAKE2B
- Android : secp256r1 + SHA256
This solution is not optimal because the RSA key needs to decrypt the private key on the phone for signing transactions, at this point the Tezos private key is plaintext and this is potentially dangerous
If you want to learn more about this announcement, please read our blog post on Marigold website Native signing on Tezos with Android Biometrics (Part 2)