[Proposal] Persist UserStorageController e2ee content keys #5128
Assignees
Labels
team-identity
Identity Team changes. https://github.com/orgs/MetaMask/teams/identity
Comments
mirceanis
added
the
team-identity
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The UserStorageController e2e encryption keys are derived from a
storageKeythat is specific to the user profile. The key derivation function used is scrypt, with parameters recommended for password inputs. This means that it's a very costly operation (on the order of seconds on a 2024 mobile device).These derived keys are cached in memory for the lifetime of the controller instance, but a better approach would be to use a Key Store, to persist the derived keys in a safe manner. This would avoid the rerun of the costly key derivation operation on every app restart.
In preparation for a multi-device / multi-SRP user profile (and user storage) world, the KeyStore should wrap keys using a deterministic approach. See upgrade plan for details.
A proposed approach to enable this is to use the preinstalled message-signing-snap encryption capabilities
The text was updated successfully, but these errors were encountered: