KeyChain explained: technology behind the key management app of the new generation
Christmas edition. So get cozy and prepare yourself for story time along with a detailed technical specification of the most recent security provider for private keys.
The Christmas tale of KeyChain
Out in the online wallet there lived a Little Bitcoin that was cold and insecure. It looked around and wondered if there was an app somewhere in the world to protect him during long winter nights when Crypto-Grinches are lurking in the corners of blockchains.
One day the Little Bitcoin saw a light — it was coming from the center of the wallet. It descended steadily and confidently until it covered the Little Bitcoin’s shoulders like a warm blanket. From then on, he was no longer feeling so small and cold — it knew it was now warm and protected.
Then a swallow flew up to the Little Bitcoin and asked: “Where did you get this blanket that looks so nice and cozy?”
“This blanket is called KeyChain and I got it from a wallet that was kind enough to integrate it. I don’t think you can get it unless your project downloads it and integrates it through pipes or websockets,” — answered the Bitcoin.
“This sounds like a good idea. But how do I ask them to go through all the trouble if they never saw it with their own eyes like I did? They don’t see how wonderful it is and maybe won’t even try.”
“I’ll tell you how it was woven, so that you can describe its architecture to your product managers and then they will definitely install KeyChain for you.”
Now let’s get a bit more serious and dive deep into the blanket’s fabric. Shall we?
KeyChain architecture
KeyChain is constructed of three security layers that protect each process from malicious attacks on each of the steps that they go through.
Let me walk you through all these layers.
We start at the API layer. You integrate it into your project — be it a website or any external app — through pipes or WebSockets. It is language-neutral. The protocol for the terminal application operates with the JSON format in synchronous request/response way. The main function of the API layer is to transmit and parse commands for the given API. Each request carries information about commands, the type of key user wants to use to sign transactions and other relevant parameters which you can find in the KeyChain Protocol.
Then Security layer receives the commands from the API layer and acts as an OS-specific protection mechanism for the interface window (third layer). It serves as a shield from potential attacks on sensitive data and information. Security layer is tailored for the macOS, Linux, and Windows OS and operates only with permitted files (through admin access). The request, transmitted to the Signing module which holds the private keys, works simultaneously with the Secured input module that uses OS-specific mechanism. The Secured input module protects the passphrase from key grabbers and malware.
The third layer — Representation layer — is the UI window which notifies the user about the details of transactions and necessary actions. The interface window is initiated from Security layer. Once the user inputs the correct passphrase, it sends the permission to the Signing module to unlock the demanded key. The passphrase input field is protected by the secured input module. Security layer decrypts the given key with the correct passphrase entered by the user. In this instance Signing module can operate with the open private key, for example it can extract information, sign transactions, therefore responding to given requests.
Cryptography for private keys
And now, since we are talking about cryptography, — a riddle!
I am symmetric, I am advanced and standard at the same time, I handle 256-bit keys. What am I?
That’s right — AES256 algorithm.
We have decided to use this algorithm to encrypt private keys since today it is one of the most reliable ways of encryption which is used in most security systems. Along with 256-bit keys, we allow 128- and 192-bit keys, thus expanding its functionality.
AES256 was first adopted by the U.S. government and is now used worldwide as a secure and reliable way of protecting information. It stands for Advanced Encryption Standard which handles 256-bit keys. This is a symmetric encryption algorithm that creates an output (ciphertext) from the input (plaintext) in 14 rounds which involve several steps of encryption. These steps combine the procedures of other symmetric encryption algorithms: substitution cipher with a reference table, adding round key, shifting rows, and mixing columns — all performed multiple times.
On top of the three security layers with encrypted keys, KeyChain uses tailored solutions for each operating system, thus ensuring a perfect fit for everyone — morphing into the right form like liquid or cats.
OS-specific security features
Unix-like operating systems
For Linux, we use a unique mechanism created by our team.
Typically, Linux offers the following algorithm of interacting with the user:
However, around 1984, at the time when X11 was created, there existed no such task as performing secure operations via the Internet. The developers of X11 did not set out to protect the user’s data from someone capturing it. Even now, there is still no real mechanism against these types of attacks.
To solve the problem of protecting the data, we have decided to look beyond standard solutions. Instead of receiving a passphrase from a user through the X-server, we have chosen to receive the passphrase from the keyboard driver. This serves as a shortcut that allows KeyChain to work without connecting to the X-server, thus minimizing the risk of someone stealing the passphrase.
Therefore, now instead of the following sequence…
… we have:
The shorter the path, the fewer weak points can be found. We exclude the weakest link (X-server) from the process of entering the passphrase. Thus, for the third party to compromise the passphrase, they will need to intercept it right at the keyboard level, which requires to have root access and hence makes it almost impossible.
You might be asking yourself: if KeyChain functions without connecting to the X-server, why does the user see the dialogue window?
The answer is simple and is motivated by our concern with the user experience. Working through the command line is rather inconvenient for most people. That is why we use an emulator program that imitates the process of inputting the passphrase by receiving events from the KeyChain daemon. Note that no secret data goes into the emulator — like a mirror that only reflects light without absorbing any of it. This allows KeyChain to minimize the risks to the minimum.
Windows
Users of Windows 10 Enterprise Edition can benefit from a new security feature — Isolated User Mode (IUM). It employs a set of modes called Virtual Trusted Levels (VTL) to run processes separately, without accessing each other’s memory.
We launch KeyChain on VTL1 (SecureMode). Any malware that is launched on VTL0 (NormalMode) does not have access to KeyChain. The mechanism of isolating the kernels is executed as a Windows OS process. Learn more about IUM processes in the Microsof Documentation.
To ensure secure passphrase entry, Windows Vista/7/8 and Windows 10(not Enterprise Edition) use a mechanism similar to the one used for User Access Control (UAC). In particular, UAC is used at a program setup to avoid giving a malware access to the system context.
KeyChain gets access to the system environment when it is being installed.
A malware can only access the user context (unless it is installed in the system as a service). The processes that are launched in the user context do not have access to the applications that are launched in the isolated context. Hence, a malware cannot get access to KeyChain data because of the mechanism of separating the access between the levels of the OS. For more information, please refer to Microsoft documentation.
macOS
macOS has an innate security mechanism that does not allow any other program to interfere with a process if it is not the one that started it. Therefore, all we needed to do was to take care of the intermediary step that takes place at the passphrase entry on the keyboard. That is why we incorporated the `EnableSecureEventInput` function that provides a means for a process to protect sensitive data from being intercepted by other processes. Learn more on the Apple developers portal.
Regardless of which operating system you prefer, you can rely on us doing everything it takes to ensure maximum security of your actions with KeyChain. We truly believe it to be a breakthrough in key management systems and hope you see can see why now!
Just to recap, here is what we offer:
- Smart architecture consisting of three security layers
- Advanced Encryption Standard that supports 128-, 192- and 256-bit keys
- Tailored extra safety solutions for each operating system
And this is only the beginning. We are always looking for new ways to improve KeyChain and we’ll be happy to get your feedback and questions about it.
Please do not hesitate to contact us and Merry techy Christmas from Array.IO!
- Stackoverflow: https://stackoverflow.com/users/10429540/array-io
- Telegram: https://t.me/arrayio
- Twitter: https://twitter.com/ProjectArray
- Or you can write us an email to support@array.io
