The Strike wallet program is built using a Solana program PDA, the structure of which has no private key such as one might typically find in an EOA wallet such as Phantom. Instead, the Strike wallet program relies on the ability for a group of signers to to securely store their private keys so that they can approve any transactions with a threshold of signatures.
A significant factor affecting the integrity of the wallet therefore is the ability of users to reliably maintain secure access to their private keys. Strike leverages the security and infrastructure of mobile phones to achieve reliable and secure private key access. Mobile devices are the default choice for the generation and storage of private keys, although Strike can also operate with alternatives that will be discussed below.
In the process of activating their wallet, a user generates a keypair and initializes their mobile app (which is discussed in more detail below), and the following are created;
- public / private key pair
- random 32 byte password
- random IV
- an AES-256 encrypted version of the private key using the password and the random IV.
In all cases, the encrypted version of the private key is backed up by Strike Protocols and optionally the user.
There are alternative options for approaching the storage of the password.
A full recovery requires not only the encrypted version of the private key, but the password as well, and it is useful to explain the different approaches users have for recovery.
Users may employ 3 fundamental approaches to provide a backup or recovery mechanism to handle the case of a lost or destroyed phone:
- 1.Keychain sync to backup the password
- 2.Password manager to store the password
- 3.Alternate key signer creation, password is discarded
When a new user (signer) is added to the Strike:
- during the signup process the user must download and initialize the Strike security mobile app.
- the app will require biometric authentication for any use
- the app generates an ed25519 keypair and a 32 byte random password and 32 byte random IV.
- the private key is stored in the local keychain of the user
- The private key is encrypted using AES256 with the random IV and the random password as the secret key
- The public key and encrypted private key are registered with Strike Protocols
- After Strike successfully reports that they have been stored, the public and private key are stored in the user’s local keychain (not sync-able).
- the user is presented with a choice for password backup as outlined above
- Keychain backup. This is the default option. The password will be stored in the user’s global keychain, marked as sync-able and the user is notified to turn on Apple or Google backup of their keychain.
- Password manager. the user is presented for one time the ability to copy the password and put it into their password manager
- Discard the password because user is going to create an alternate key for this signer.
When a user (signer) logs in in to approve a transaction:
- On logins, the phone checks to see if it has a keypair in the local keychain, and, if so, that the public key held by Strike Protocols matches (if it doesn’t match, an error is thrown)
- If it does not have a keypair, then it checks to see if it has a saved password. If so, it makes a request to Strike Protocols for the encrypted private key, decrypts it with the saved password, derives the public key from it, and then stores the resulting keypair into the keychain. If there is no saved password but Strike has a public key, then an error is shown
- the app uses biometrics to verify the user
- the app displays approval text and computes a hash which is passed to the program
- the app uses the private key to sign the transaction
If the user’s phone is lost or destroyed, the exact method of recovery will depend upon how the user decided to store their password
- Keychain sync - User downloads the Strike security app on a new mobile device, logs in and sets up biometrics on the app and their key will be recovered and operational.
- Password manager - User downloads the Strike security app on a new mobile device, logs in and sets up biometrics on the app and enters their key password their key will be recovered and operational.
- Alternate key - User downloads the Strike security app on a new mobile device, logs in and sets up biometrics on the app. A configuration request for the new device will be generated and the user can approve with their alternate key.
Strike Protocols does not have a copy of the password used to encrypt the users private key and only stores or passes encrypted data. Strike Protocols does not have the ability to access or recover a user’s private key.