Is it safe to store private keys in the vault?

[dostro]

I'm trying to understand whether this vault can be relied upon to store private keys generated client-side. What are the vulnerabilities here? If access can be limited only to the Internet Identity anchor owner and if that can be guaranteed, I imagine this should theoretically be a completely secure and private place to store sensitive private keys.

@timohanke could you please help us understand how true that is?

[timohanke]

The biggest vulnerability is that a per-device secret is persisted in browser local storage where it could be found by an attacker if the device (or the browser) gets compromised. I think more information is needed to answer the question. For example what are the private keys that are generated client-side, how/where are they generated, how long do they need to live, how frequently are they accessed, how many are there, if there are multiple ones are they independent, i.e. is the break of one as bad as the break of all of them, etc.?

[dostro]

Got it, thank you for this. We're still researching architecture, but thinking along these lines: A substantial number of frequently accessed independent ECDSA keys that might live forever, or at least until users rotate them. Some will be significantly more valuable to safeguard than others, and may never get rotated.