Waymont Mobile

Secure-enclave

Private keys stored in Trusted Devices use a combination of iOS offline keychain services and Secure Enclave to maximize security.

Apple built iOS offline keychain services to securely store secrets, like passwords, certificates, and private keys. Some unique properties of the these services include:

  • Items are encrypted using two AES-256-GCM keys

  • Items never leave your device

  • Items cannot be shared between applications

  • Items do not sync to the iCloud

  • Offline keychain items are encrypted using 256-bit keys stored in Apple's Secure Enclave, a dedicated hardware-based key manager isolated from the main processor.

Decrypting the data via the iOS offline keychain requires a roundtrip through your devices Secure Enclave, and requires your biometrics. If the iOS offline keychain or application processor is compromised, Waymont offline keychain items remain encrypted because the encryption key is kept in a hardened hardware module separate from the main processor. iOS offline Keychain and Secure Enclave are Apple implementations and are not specific to Waymont.

Biometric authentication

You’ll be required to authenticate all account actions – including transactions – via Face ID or Touch ID. When you authenticate an action, your private key is securely fetched from the iOS offline keychain, and the ethers-rs-mobile library - written in Rust - generates the signature. The valid signature is passed back through Swift and Javascript to execute transactions.

Client-side transaction checks by Alchemy

Waymont Mobile runs client-side transaction checks directly from Alchemy. This prevents an attacker from simulating false asset changes or transaction data.

Human-readable data

Waymont Web and Waymont Mobile both present data in a human-readable format that is simple to quickly understand. Gone are the days of blind signing, or decoding transaction data.

Last updated

#47:

Change request updated