# Encryption Keys The Database Encryption Key `encryptionKey` is a 32-byte hexadecimal string (length 64). ```typescript const encryptionKey: string = '0101010101010101010101010101010101010101010101010101010101010101'; ``` This key is used to safeguard the user’s mnemonic and wallet keys from attackers. We recommend an encryption key that is generated with entropy or `pbkdf2` hash from a strong user-provided password or PIN. Keep the encryption key extremely safe, as it grants access to the user's wallets and mnemonics. On Mobile iOS, consider storing the Encryption Key in [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web). #### Example: Create and store encryption key to local storage ```typescript // hash-service.ts import { pbkdf2 } from '@railgun-community/wallet'; import { Pbkdf2Response } from '@railgun-community/shared-models'; export const hashPasswordString = async ({ secret, salt, iterations }): Promise => { return pbkdf2(secret, salt, iterations); }, ``` ```typescript import { getRandomBytes } from '@railgun-community/wallet'; import { hashPasswordString } from './hash-service'; export const setEncryptionKeyFromPassword = async (password: string): Promise => { // Desired `password` comes from user input const salt = getRandomBytes(16); // Generate salt const [encryptionKey, hashPasswordStored] = await Promise.all([ hashPasswordString(password, salt, 100000), // Generate hash from password and salt hashPasswordString(password, salt, 1000000), // Generate hash for stored password. Use more iterations for the stored value. ]); await Promise.all([ ..., // Save `hashPasswordStored` to local storage ..., // Save `salt` to local storage ]); return encryptionKey; }; ``` #### Example: Get encryption key from local storage ```typescript import { hashPasswordString } from './hash-service'; export const getEncryptionKeyFromPassword = async (password: string): Promise => { // `password` comes from user input const [storedPasswordHash, storedSalt] = await Promise.all([ ..., // Fetch the previously stored password hash from local storage ..., // Fetch the previously stored `salt` from local storage ]); const [encryptionKey, hashPassword] = await Promise.all([ hashPasswordString(password, storedSalt, 100000), // Same iterations as when generated, i.e. 100000 hashPasswordString(password, storedSalt, 1000000), // Same iterations as when generated, i.e. 1000000 ]); if (hashPasswordStored !== hashPassword) { throw new Error('Incorrect password.'); } return encryptionKey; } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.railgun.org/developer-guide/wallet/private-wallets/encryption-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.