Storage of communication keys
As noted above, to gain access to the communication key, we need two components:
Ylide password created by the user;
“fixed string + ylide password” signed by his wallet (in the data signing request).
Surely, asking for each operation inside the application to enter two passwords (Ylide and signing request) creates a weak User Experience.
Therefore, in the standard scheme, immediately after generating a communication key, Ylide SDK encrypts it using the same password, and stores it in the user’s local storage.
Then to confirm any message, it is enough for the user to specify only one password. It’s more comfortable but still not the best.
Therefore, the Ylide SDK provides several scenarios with different levels of security, so that users can choose the most suitable option.
1. Storing communication key in memory in clear text (for one session), and in local storage - in encrypted form
When prompted for a Ylide password, the user is provided with an option to “remember for this session”. As a result, the user’s password will be stored in the RAM until the end of the session. The communication key will be encrypted and stored in the local storage.
This will allow the user to read (decrypt) emails without entering any passwords. To send a letter, the user will only need to confirm transaction to broadcast the message to the blockchain.
2. Storing communication key in the local storage in clear text (for several days)
The user can choose “remember for 5 days” option. The user’s password will be stored in the local storage, and even if the user closes the application or browser, he will not have to specify the password the next time he logs in. After a few days, the Ylide SDK will remove this password from storage and ask you to enter it again.
As in the previous version, this will allow you to read letters without passwords, and send them only with a wallet confirmation.
3. Storing communication key in the local storage in encrypted form
The communication key will be stored in local storage, but encrypted with the Ylide password.
In this case, the user will have to additionally enter the Ylide password to read and send every email.
4. Paranoid mode: don’t store the communication key at all
Despite ultimate safety this approach makes your application really hard to use.
For each read and send, the user will have to enter both the Ylide password and his wallet’s password. The key will appear in the RAM only for a moment necessary to proceed with the message. After it is immediately erased from the RAM.
Last updated