![]() ![]() Only a (sufficiently old) mobile device can turn off the mobile-only setting on an account. Notifications that a new device was added to your account so that you can take appropriate action if necessary. In addition to this, you will receive plenty of To protect against someone with access to one of your desktop devices from provisioning a new mobile deviceĪnd using that to gain access to a mobile-only account, the server will not return the encrypted account privateīundle to any mobile devices that are less than 7 days old. Once you set an account to be mobile-only, the server will only return the encrypted account private bundle With the keybase app to retrieve your secret keys. Since mobileĭevice applications have better sandboxing, there is less likelihood of a rogue application interacting Mobile-only modeĪs an extra security measure, you can mark any of your Stellar accounts as "mobile-only". This is so that other users can find which account belongs to you so they can send you Stellar lumens or assets. When you change which Stellar account is your primary account, a link is inserted in your sigchain. The server visible bundle structure is packed into binary data via msgpack. The msgpack data is then encoded into a string via base64. That structure is packed into binaryĭata via msgpack. The encrypted data, nonce, version of encryptedĭata, and generation of the PUK are put into a structure. Random nonce and the derived symmetric key. The account private data is packed into binary data via msgpack. That structure is packed into binary data via msgpack. The encrypted data, nonce, version of encrypted data, and generation of the This is then sealed with a random nonceĪnd the derived symmetric key. The user private data is packed into binary data via msgpack. The keys used for encryption are symmetric NaCL keys derived from the user's PUK seed andĪ constant string specific for these bundles.įor user private bundles, it is: key = hmac(key=, data="Derived-User-NaCl-SecretBox-StellarBundle-1")įor account private, it is: key = hmac(key=, data="Derived-User-NaCl-SecretBox-StellarAcctBundle-1") On PUKs, but a simplistic view of it is a seed that is encrypted for all device keys To encrypt this data, the client uses Per-User Keys. Sign a transaction, the client will fetch the account private bundle and discard it after use. The client will fetch server visible and user privateįrom the server in order to display the wallet accounts, their balances, recent transactions. ![]() It cannot decrypt user private or account privateĪs it does not have the encryption keys necessary. Name: account private.Īll Stellar data are stored in the Keybase database. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |