github/inji-wallet
1
1
Fork 0
mirror of https://github.com/mosip/inji-wallet.git synced 2026-01-09 13:38:01 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
inji-wallet/docs/key-management-support.md
Swati Goel 3187538611 [INJIMOB-3503] - Add ietf sd-jwt vp support in openid4vp doc (#2078) 
Signed-off-by: swatigoel <meet2swati@gmail.com>
2025-09-12 14:02:44 +05:30

142 lines
5.7 KiB
Markdown
Raw Permalink Blame History

# Inji Wallet - Key Management Feature
## Overview
The Inji Wallet supports **RSA, EC R1, EC K1, and ED** keys for signing operations. This document provides a detailed breakdown of the key management process for each key type and its interaction with different system components.
## Supported Key Types
- RSA-2048
- EC R1
- EC k1
- Ed25519
---
## Key Management Flow:
***RSA & EC R1***
***Android Flow***
```mermaid
sequenceDiagram
participant User
participant Inji Wallet
participant Secure-Keystore(Android)
participant Hardware Keystore
Inji Wallet ->> Secure-Keystore(Android):EC R1|RSA Keys Generation Request
Secure-Keystore(Android) ->> Hardware Keystore:EC R1|RSA Keys Generation Request
Hardware Keystore ->> Hardware Keystore:Generate and store EC R1|RSA Keys
Inji Wallet ->> Secure-Keystore(Android): Data Signing Request
Secure-Keystore(Android) ->> Hardware Keystore: Retrieve EC R1|RSA Keys Request
Hardware Keystore ->> Secure-Keystore(Android): Request Authentication
Secure-Keystore(Android) ->> User: Request Authentication
User -->> Secure-Keystore(Android): Provide Authentication
Secure-Keystore(Android) -->> Hardware Keystore: Authentication Success Response
Hardware Keystore -->> Secure-Keystore(Android): Return Key Alias
Secure-Keystore(Android) ->> Hardware Keystore: Sign Data Request
Hardware Keystore -->> Secure-Keystore(Android): Return Signed Data
Secure-Keystore(Android) -->> Inji Wallet: Return Signed Data
```
***iOS Flow***
```mermaid
sequenceDiagram
participant User
participant Inji Wallet
participant Secure-keystore(iOS)
participant iOSKeychain
participant SecureEnclave
Inji Wallet ->> Secure-keystore(iOS): EC R1|RSA Keys Generation Request
Secure-keystore(iOS) ->> Secure-keystore(iOS): Generate EC R1|RSA Keys
Secure-keystore(iOS) ->> iOSKeychain: Store EC R1|RSA Keys Request
iOSKeychain ->> SecureEnclave: Encrypt Keys
SecureEnclave -->> iOSKeychain: Encrypted Keys
iOSKeychain ->> iOSKeychain: Store encrypted EC R1|RSA Keys
Inji Wallet ->> Secure-keystore(iOS): Data Signing Request
Secure-keystore(iOS) ->> iOSKeychain: Retrieve Encrypted EC R1|RSA Keys Request
iOSKeychain ->> Secure-keystore(iOS): Request Authentication
Secure-keystore(iOS) ->> User: Request Authentication
User -->> Secure-keystore(iOS): Provide Authentication
Secure-keystore(iOS) -->> iOSKeychain: Authentication Success Response
iOSKeychain ->> SecureEnclave: Decrypt keys Request
SecureEnclave -->> iOSKeychain: Return Decrypted Keys
iOSKeychain -->> Secure-keystore(iOS): Return Decrypted Keys
Secure-keystore(iOS) ->> Secure-keystore(iOS): Sign Data
Secure-keystore(iOS) -->> Inji Wallet: Return Signed Data
```
The RSA and EC R1 keys are directly supported by the android hardware-keystore, hence all cryptographic operations like signing take place there itself.
For iOS we make use of keyWrapping to store the keys safely in keychain, and use them for necessary operations.
---
***EC K1 & ED***
***Android Flow***
```mermaid
sequenceDiagram
participant User
participant Inji-Wallet
participant Secure-Keystore(Android)
participant EncryptedPreferences
participant HardwareKeystore
Inji-Wallet ->> Inji-Wallet: Generate EC K1|ED25519 Keys
Inji-Wallet ->> Secure-Keystore(Android): Store EC K1|ED25519 Keys Request
Secure-Keystore(Android) ->> EncryptedPreferences: Store EC K1|ED25519 Keys Request
EncryptedPreferences ->> HardwareKeystore: Encrypt Keys
HardwareKeystore -->> EncryptedPreferences: Encrypted keys
EncryptedPreferences ->> EncryptedPreferences: Store Encrypted Keys
Inji-Wallet ->> Secure-Keystore(Android): Request EC K1|ED25519 Keys For Data Signing
Secure-Keystore(Android) ->> User: Request Authentication
User -->> Secure-Keystore(Android): Provide Authentication
Secure-Keystore(Android) ->> EncryptedPreferences: Retrieve EC K1|ED25519 Keys
EncryptedPreferences ->> HardwareKeystore: Decrypt Keys
HardwareKeystore -->> EncryptedPreferences: Decrypted Keys
EncryptedPreferences -->> Secure-Keystore(Android): Return Decrypted Keys
Secure-Keystore(Android) ->> Inji-Wallet: Return Decrypted Keys
Inji-Wallet ->> Inji-Wallet: Sign Data
Inji-Wallet ->> Inji-Wallet: Return Signed Data
```
***iOS Flow***
```mermaid
sequenceDiagram
participant User
participant Inji-Wallet
participant Secure-Keystore(iOS)
participant iOSKeychain
participant SecureEnclave
Inji-Wallet -->> Inji-Wallet: Generate EC K1|ED25519 Keys
Inji-Wallet ->> Secure-Keystore(iOS): Store EC K1|ED25519 Keys Request
Secure-Keystore(iOS) ->> iOSKeychain: Store EC K1|ED25519 Keys Request
iOSKeychain ->> SecureEnclave: Encrypt Keys
SecureEnclave -->> iOSKeychain: Encrypted Keys
iOSKeychain ->> iOSKeychain: Store encrypted EC R1|RSA Keys
Inji-Wallet ->> Secure-Keystore(iOS): Request EC K1|ED25519 Keys For Data Signing
Secure-Keystore(iOS) ->> iOSKeychain: Retrieve Encrypted EC K1 | ED25519 Keys
iOSKeychain ->> Secure-Keystore(iOS): Request Authentication
Secure-Keystore(iOS) ->> User: Request Authentication
User -->> Secure-Keystore(iOS): Provide Authentication
Secure-Keystore(iOS) -->> iOSKeychain: Authentication Success Response
iOSKeychain ->> SecureEnclave: Decrypt Keys
SecureEnclave -->> iOSKeychain: Return Decrypted Keys
iOSKeychain-->>Secure-Keystore(iOS): Return Decrypted Keys
Secure-Keystore(iOS) ->> Inji-Wallet: Return Decrypted Keys
Inji-Wallet ->> Inji-Wallet: Sign Data
Inji-Wallet ->> Inji-Wallet: Return Signed Data
```
The EC K1 and Ed25519 keys are not directly supported by hardware keystore in android or iOS, hence in both platforms we make use of secure storage areas; encryptedPreferences in android, keychain in ios, with the help of key wrapping.
---
Reference in New Issue View Git Blame Copy Permalink