SECURITY

Key encryption

Tab's wallet keys live encrypted at rest, both on the device and in any cloud backup the user has opted into. Here's exactly what algorithms run and where.

What we encrypt

A 32-byte secp256k1 private key. That's it. We don't encrypt transaction history (it's public), we don't encrypt the handle (also public), we don't encrypt the user's email (it's stored hashed for lookups). The private key is the only thing that needs secrecy.

How we encrypt it

AES-256-GCM. Authenticated encryption — if the ciphertext is tampered with by a single bit, decryption fails loudly instead of producing garbage. Each blob has its own randomly generated 96-bit IV, which is stored alongside the ciphertext.

How we derive the key

PBKDF2-HMAC-SHA-256 with a high iteration count and a unique per-user salt. The PIN is six digits, which means there are only one million possible PINs — the iteration count is what turns that into something that takes real time to brute force.

What happens with cloud backup

The user signs in with Google and uploads the encrypted blob to their own Drive. We never see the blob, and Google never sees the plaintext key. If the user loses the device, signing back in with Google retrieves the blob, and entering the PIN decrypts it.

Why this works

Two independent secrets are needed to recover the key: possession of the encrypted blob (in the user's storage or their Drive) and knowledge of the PIN (in the user's head). An attacker who only has one of those is stuck. Tab has neither.