This key is used to safeguard the user’s mnemonic and wallet keys from attackers. We recommend an encryption key that is generated with entropy or pbkdf2 hash from a strong user-provided password or PIN.
Keep the encryption key extremely safe, as it grants access to the user's wallets and mnemonics. On Mobile iOS, consider storing the Encryption Key in Secure Enclave.
Example: Create and store encryption key to local storage
import { getRandomBytes } from'@railgun-community/wallet';import { hashPasswordString } from'./hash-service';exportconstsetEncryptionKeyFromPassword=async (password:string):Promise<string> => {// Desired `password` comes from user inputconstsalt=getRandomBytes(16); // Generate saltconst [encryptionKey,hashPasswordStored] =awaitPromise.all([hashPasswordString(password, salt,100000),// Generate hash from password and salt hashPasswordString(password, salt, 1000000), // Generate hash for stored password. Use more iterations for the stored value.
]);awaitPromise.all([...,// Save `hashPasswordStored` to local storage...,// Save `salt` to local storage ]);return encryptionKey;};
Example: Get encryption key from local storage
import { hashPasswordString } from'./hash-service';exportconstgetEncryptionKeyFromPassword=async (password:string):Promise<string> => {// `password` comes from user inputconst [storedPasswordHash,storedSalt] =awaitPromise.all([...,// Fetch the previously stored password hash from local storage...,// Fetch the previously stored `salt` from local storage ]);const [encryptionKey,hashPassword] =awaitPromise.all([hashPasswordString(password, storedSalt,100000),// Same iterations as when generated, i.e. 100000hashPasswordString(password, storedSalt,1000000),// Same iterations as when generated, i.e. 1000000 ]);if (hashPasswordStored !== hashPassword) {thrownewError('Incorrect password.'); }return encryptionKey;}