Block.one is committed to supporting a wider range of security solutions for applications built on EOSIO. Sensitive data requires secure methods for storage and retrieval, and for a thriving blockchain application ecosystem, safeguarding private keys is essential. Our latest software release is geared towards seeking to address security for private keys on Android devices.
We previously released software development kits (SDKs) for Swift and Java that support the rapid development of EOSIO blockchain applications on mobile platforms. This alpha release of our Android Keystore Signature Provider builds upon our EOSIO SDK for Java, allowing developers to engineer a hardware-backed keystore into mobile applications on Android operating systems. If a hardware option is unavailable, the keys will default down to a secure software container environment.
In the past, we introduced the concept of signature providers as a guide for the development community at large to adopt better security practices for private keys. These plugins demonstrate how it is possible to limit vulnerabilities by signing transactions without exposing private keys. Ultimately, with the right implementation and tooling, developers can improve the experience of users by avoiding unnecessary handling of private keys.
The Android Keystore plugin allows developers to store cryptographic keys in a secure container on the device making them more difficult to extract. Once keys are in the Keystore, they can be used to sign transactions without exposing them to external applications.
The intention is that no-one can see the private key except the secured hardware, not even the user, once the keys are stored inside an Android device that supports the hardware-backed keystore. This hardware solution should offer superior security as opposed to alternatives like computer backups, password managers, or even a piece of paper.
This plugin for Android Keystore is similar to the support we released in the past for Apple’s Secure Enclave, in that it allows developers to store private keys on the device and the plugin manages keys and transaction signing. This measure, coupled with in-device biometric authentication, provides a simple, more secure option for private key management.
Providing a more streamlined method for users to sign transactions without exposing their private keys will improve user experience and security, helping to accelerate the adoption of blockchain applications. Follow the instructions in the Android Keystore Signature Provider plugin repository to learn how to extract and convert public keys from Android Keystore using the EOSIO SDK for Java library.
In order to better serve a growing community of EOSIO blockchain developers, Block.one is committed to creating an open forum for community feedback. If you would like to offer input and work more closely with our team to improve EOSIO for developers, you can send our developer relations team an email at firstname.lastname@example.org.
Join our EOSIO mailing list to stay up to date on the latest news, events, and releases for EOSIO.
Important Note: All material is provided subject to this important notice and you must familiarize yourself with its terms. The notice contains important information, limitations and restrictions relating to our software, publications, trademarks, third-party resources and forward-looking statements. By accessing any of our material, you accept and agree to the terms of the notice.
Originally published at https://eos.io.
EOSIO™ Alpha Release: Android Keystore Plugin for the EOSIO SDK for Java was originally published in eosio on Medium, where people are continuing the conversation by highlighting and responding to this story.
Community | 상장사 이름을 알려주세요
좋은정보 감사용 추천하고 갑니다 코로나 조심하시고 예수님 믿고 구원 받으세요
Community | [crypto cash] 크립토 캐시 그것이 알고싶다.
토큰뱅크 가입당시 휴대폰의 otp 를, 새로운 휴대폰으로 바꾼후 구글 otp다운로드후 사용 안되나요??? 지금 상황이 가입당시 휴대폰이 아니라서요;;
Community | otp인증
opt앱의 시간을 동기화하라는데 아이폰에는 앱구동시키면 설정하는 란이 없어요 ;;
Community | otp인증
Community | 후오비토큰(HT), 거래소 코인 최초 일본 금융청(FSA) 공식 승인
Write a post
Are you sure you want to delete this post?
Are you sure you want to delete this comment?
Purchase has been completed.
닉네임을 설정 후 작성해주세요.