EOSIO™ Alpha Release: Android Keystore Plugin for the EOSIO SDK for Java
Block.one is committed to supporting a wider range of security solutions for applications built on EOSIO. Sensitive data requires secure methods for storage and retrieval, and for a thriving blockchain application ecosystem, safeguarding private keys is essential. Our latest software release is geared towards seeking to address security for private keys on Android devices.
We previously released software development kits (SDKs) for Swift and Java that support the rapid development of EOSIO blockchain applications on mobile platforms. This alpha release of our Android Keystore Signature Provider builds upon our EOSIO SDK for Java, allowing developers to engineer a hardware-backed keystore into mobile applications on Android operating systems. If a hardware option is unavailable, the keys will default down to a secure software container environment.Tools that Improve Private Key Management
In the past, we introduced the concept of signature providers as a guide for the development community at large to adopt better security practices for private keys. These plugins demonstrate how it is possible to limit vulnerabilities by signing transactions without exposing private keys. Ultimately, with the right implementation and tooling, developers can improve the experience of users by avoiding unnecessary handling of private keys.
The Android Keystore plugin allows developers to store cryptographic keys in a secure container on the device making them more difficult to extract. Once keys are in the Keystore, they can be used to sign transactions without exposing them to external applications.
The intention is that no-one can see the private key except the secured hardware, not even the user, once the keys are stored inside an Android device that supports the hardware-backed keystore. This hardware solution should offer superior security as opposed to alternati...