search

Encryption Keys

The Database Encryption Key encryptionKey is a 32-byte hexadecimal string (length 64).

const encryptionKey: string = '0101010101010101010101010101010101010101010101010101010101010101';

This key is used to safeguard the user’s mnemonic and wallet keys from attackers. We recommend an encryption key that is generated with entropy or pbkdf2 hash from a strong user-provided password or PIN.

Keep the encryption key extremely safe, as it grants access to the user's wallets and mnemonics. On Mobile iOS, consider storing the Encryption Key in Secure Enclavearrow-up-right.

hashtag
Example: Create and store encryption key to local storage

// hash-service.ts
import { pbkdf2 } from '@railgun-community/wallet';
import { Pbkdf2Response } from '@railgun-community/shared-models';

export const hashPasswordString = async ({ secret, salt, iterations }): Promise<Pbkdf2Response> => {
  return pbkdf2(secret, salt, iterations);
},
import { getRandomBytes } from '@railgun-community/wallet';
import { hashPasswordString } from './hash-service';

export const setEncryptionKeyFromPassword = async (password: string): Promise<string> => {
  // Desired `password` comes from user input

  const salt = getRandomBytes(16); // Generate salt
  const [encryptionKey, hashPasswordStored] = await Promise.all([
    hashPasswordString(password, salt, 100000), // Generate hash from password and salt
    hashPasswordString(password, salt, 1000000), // Generate hash for stored password. Use more iterations for the stored value.
  ]);

  await Promise.all([
    ..., // Save `hashPasswordStored` to local storage
    ..., // Save `salt` to local storage
  ]);

  return encryptionKey;
};

hashtag
Example: Get encryption key from local storage

PreviousEncryption Keys (new)NextRAILGUN Wallets

Last updated