Keymaster Update – May 29, 2019
Today we're releasing an update to Casa Keymaster that gives users more direct control over their mobile keys.
Seed Phrase Export
We've built Keymaster to be seedless, using multisig to eliminate the need for storing recovery seed phrases. With multisig, if you lose a key, you can rotate it out and recover your funds to the new wallet using the remaining keys, rather than restoring the lost key from a seed phrase. This is important for security and usability, and we'll explain why in a future post.
In today's Keymaster update, we're adding the ability to export the seed phrase for mobile keys in Basic Multisig (2-of-3) and Single Key.
We still believe that users shouldn't have to store seed phrases, so this is not meant as a feature to back up your mobile key onto a piece of paper. We already back up your mobile keys securely and encrypt them so only you can access them, as Jameson Lopp explains in this post.
We built the ability to export your mobile key seed phrase as a resiliency feature for a worst case scenario: the very unlikely case where Casa has a catastrophic failure and disappears completely and instantly.
In this scenario, you could export your mobile key seed phrase (since the key is stored in your phone's secure enclave), then import it into a different wallet software to recover funds.
Once the seed phrase is exported, the key is no longer safe to be used in Casa. It's been exposed outside of your phone's secure enclave, and is therefore open to access by attackers. To defend against this, we automatically mark the key as compromised in the Casa app after the seed is exported. While this doesn't really matter in a case where Casa disappears completely, it does matter in the more likely situation of a curious person testing out the seed phrase export while Casa is still around.
We hope this feature will never need to be used, but we believe in building our products for resiliency, which means ensuring our users can retain control over their keys even in the worst case scenario.
- Fixed a bug where users would see an incorrect keyset state if they haven't opened the app for a week. Previously, logging out and back in would fix this, but now it won't happen at all. (iOS)
- Fixed a bug where the phone's language setting would cause the currency symbol to show the native country currency, but the value would still be in USD. Now the dollar sign properly shows in all countries. We are working on adding native currency support for other countries. (Android)
Sign up for Keymaster, the best personal key manager on the planet, today!