Freedom Factory
  • Welcome
  • Build
    • Quickstart
    • JVM SDK
    • Expo SDK
    • Test ethOS in an Emulator
  • docs
    • Airdrop to dGEN1 devices
    • ethOS Security Model
    • dApp Store
Powered by GitBook
On this page
  1. docs

ethOS Security Model

A primer on how the keystorage works

PreviousAirdrop to dGEN1 devicesNextdApp Store

Last updated 5 months ago

The ethOS wallet implements a robust security model to ensure private keys are protected and only used under authorized conditions. The system is built around two primary services: the Public Wallet Service and the Private Wallet Service, both of which interact through a Shared State mechanism to handle cryptographic signing requests.

Components:

  1. App:

    • The application (App) initiates requests to sign transactions or data, which are routed to the Public Wallet Service.

  2. Public Wallet Service:

    • This service acts as the interface for the application. It handles incoming signing requests and saves them in the Shared State. The Public Wallet Service does not have access to the private key itself.

    • After receiving a request, the service prompts the user to authenticate the action using biometrics.

  3. SystemUI:

    • Upon request, the SystemUI prompts the user for biometric authentication. This ensures that only the legitimate user can authorize sensitive operations such as signing.

  4. Private Wallet Service:

    • The Private Wallet Service holds the private key and only signs requests once proper biometric authentication has been verified through the SystemUI.

    • After signing, it updates the Shared State to reflect the fulfilled request, completing the transaction.

  5. Shared State:

    • This serves as the communication bridge between the Public and Private Wallet Services. It tracks the status of each signing request, ensuring that the Private Wallet Service only fulfills requests that have been properly authenticated and authorized.

Workflow:

  1. The App sends a signing request to the Public Wallet Service.

  2. The Public Wallet Service stores the request in the Shared State.

  3. The SystemUI prompts the user for biometric authentication.

  4. Upon successful biometric verification, the Private Wallet Service, which holds the private key, executes the signing operation.

  5. The signed request is updated in the Shared State, signaling the completion of the transaction.

Security Considerations:

  • The private key is never exposed outside the Private Wallet Service, ensuring maximum security.

  • Biometric authentication acts as a safeguard, ensuring that only authorized users can initiate signing operations.

  • The Shared State ensures seamless communication between the public-facing and private services without directly exposing sensitive data like the private key.

Contact the team for any questions on discord or email at hi@freedomfactory.io