You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For security reasons, the application would benefit from restricting the derivation paths available to it. While the current app database format allows specifying unrestricted access with "path": [null], a more secure configuration would specify explicit derivation paths, such as "path": ["44'/1'", "48'/1'", "49'/1'", "84'/1'", "86'/1'"]. However, the SDK currently lacks a function to return the master key fingerprint directly, forcing the app to derive the master pubkey instead.
Proposed Solution
Introduce a dedicated SDK function to return the 32-bit master key fingerprint without requiring the derivation of the master public key on the app's side. This would allow for more secure path restriction by eliminating the need for "path": [null] and to align the app database records with the current wallet apps' security requirements.
Remark
The corresponding Issue #821 was created in the ledger-secure-sdk to ask for this feature. If SDK maintainers consider that addition, this issue in the ledger-app-database could be closed as a duplicate.
The text was updated successfully, but these errors were encountered:
Description
For security reasons, the application would benefit from restricting the derivation paths available to it. While the current app database format allows specifying unrestricted access with "path": [null], a more secure configuration would specify explicit derivation paths, such as "path": ["44'/1'", "48'/1'", "49'/1'", "84'/1'", "86'/1'"]. However, the SDK currently lacks a function to return the master key fingerprint directly, forcing the app to derive the master pubkey instead.
Proposed Solution
Introduce a dedicated SDK function to return the 32-bit master key fingerprint without requiring the derivation of the master public key on the app's side. This would allow for more secure path restriction by eliminating the need for "path": [null] and to align the app database records with the current wallet apps' security requirements.
Remark
The corresponding Issue #821 was created in the ledger-secure-sdk to ask for this feature. If SDK maintainers consider that addition, this issue in the ledger-app-database could be closed as a duplicate.
The text was updated successfully, but these errors were encountered: