This post was originally published on Medium: https://medium.com/@congruent_tim/announcing-signata-cd86001dd846
We released something new to the world this past weekend.
Signata is a Cryptocurrency Vault Service. Crypto vaults are not a new concept, but we wanted to address three glaring problems in the market:
- If you use an existing vault service with an exchange, they still hold control over your crypto keys,
- Offline tools for personal offline storage are clunky and rely a lot on you, the user, to make sure you manage your data properly, and
- Hardware wallets are quite expensive. Especially if you want spares.
So how did we fix these problems? Well for starters we picked a piece of hardware that is ever-growing in popularity, the Yubico Yubikey, and we wrote a platform designed with a user-controlled security focus in mind.
User-Controlled Security
As a company we’ve worked out we will inevitably have one of these 3 scenarios happen. If you think your company won’t, then you are simply naive or your company just isn’t worth enough:
- We will get breached/hacked.
- We have a large enough Ops team that keeps breaches/hackers at bay.
- We will have a software bug or caching problem that exposes data unintentionally.
- (bonus) All of the above.
We wanted to take the value of a breach out of the equation, so we built our product so that we don’t get to see your private cryptocurrency keys at all.
We don’t ever want to see them. Keep them to yourself.
Instead, we use an Asymmetric key pair that you create and control to encrypt all private data that we hold of yours. And when you want to use your private data, for example to send coins to an address, you need to physically insert your Yubikey to unlock it.
Desktop apps aren’t dead
Most of what Signata does lives within our Desktop application. As much as we would’ve loved to have kept everything contained within our website, the realities of communicating to hardware devices in more uncommon protocols just become impossible or too risky with web browsers.
And, to maintain the user-controlled security model we have built, leaving cryptographic operations on the desktop is a far better approach for security.
Yubikey Integration
Yubikeys are an interesting product. They’re one of a very small number of devices on the market that provide multiple features at once. OTP, U2F, CCID, PGP — that’s a lot of bang for the buck.
We looked at ways we could use the OTP or U2F features with Signata, but ultimately those are really just applicable to authentication workflows and not much else. The CCID feature is far more interesting and useful.
(Apologies in advance if this is getting a little too technical…)
By using the PIV applet in the CCID feature, we can store an encryption key on the device itself, and utilise it for decrypting private data, such as cryptocurrency keys. We don’t store the cryptocurrency keys on the device as (a) there’s a limit of the number of keys we could put in there, and (b) there are much tighter restrictions on cryptographic algorithms available for use on hardware devices.
The best balance between usability and security is for us to store a single encryption key on the device and just rely on that to protect everything else — we then also get the ability to rotate that one key periodically.
What about crypto? You didn’t write it yourself did you?
Definitely not. Most of Signata is written in JavaScript, and we quickly found the different crypto libraries available were all a pain to work with (incomplete, or data structures that had issues converting between formats). Instead, we’ve used a python library for all key generation and encryption operations, ensuring that (a) we’re using the local Operating System random number generators and (b) we’ve got a consistent and predictable crypto implementation.
What about Mobile apps?
If we can get the hardware integration working, then yes totally we’ll add mobile phone apps into the mix. From what we’ve seen so far, it looks like it’s feasible, but we need to make a proof of concept first.
How can you be trusted?
We’ve already been asked when pitching this to someone: “what’s stopping you just intercepting all the traffic and just stealing all the keys?” Frankly, that’s a hard question to answer without saying “just trust us”, but I think we achieve it in the following ways:
- Our service is a paid offering. We’re not trying to cover operating costs by using advertisements or stealing information/keys from our customers.
- We operate from a jurisdiction that isn’t considered as high a risk as others.
- We’re governed by legal status and documentation (see the Signata website).
- It would be super obvious if someone used wireshark to watch the outbound traffic from our desktop app.
We’re considering other approaches to build trust too — for example adding in more controls on supply-chain for the apps, open-sourcing what components that we can, and just time in general to build trust.
You can check out Signata at https://signata.net. We are running it currently as a controlled beta, but if you want in there’s a form linked at the bottom of the website where you can request access. Just please be prepared to run into bugs until we release the first full version.
You can also email us at support@signata.net if you want access to the beta, want to chat, want questions answered, or have feature recommendations :)