[HIGH] [Security] Insecure Storage of Encryption Keys in localStorage

[bigtcze]

Severity: High
Description: The application stores the Master Key and Private Key in localStorage (noteer-encryption-keys). This allows any XSS vulnerability to result in total compromise of the user's encrypted data. The code comments incorrectly state that sessionStorage is used.
Complexity: 3
Permalink: https://github.com/bigtcze/noteer/blob/main/frontend/src/stores/encryptionStore.js#L47

[bigtcze]

Analysis: Secure Storage Implementation Proposal

To address the security risk while maintaining usability (avoiding repeated mnemonic entry), we should implement Encrypted Local Storage protected by a session PIN/Password.

Proposed Workflow

1. First Access / Setup:

   • User enters their 24-word mnemonic to derive the Master Key.
   • App prompts user to set a Local PIN/Password (e.g., 6 digits or a short string).
   • App derives a Wrapping Key from this PIN (using PBKDF2 + random salt).
   • App encrypts the Master Key and Private Key using this Wrapping Key.
   • The Encrypted Blob (ciphertext + IV + salt) is stored in localStorage.

2. Subsequent Access (Page Reload/Return):

   • App detects the encrypted blob in localStorage.
   • App prompts user for their Local PIN.
   • App decrypts the keys and loads them into memory.

Security Benefits

• At-Rest Protection: If an attacker steals localStorage (via XSS), they only get encrypted data.
• Attack Mitigation: The attacker would need to brute-force the PIN. We can strengthen this by using a high iteration count for the PIN-to-Key derivation (e.g., PBKDF2 with 600k+ iterations), making brute-force computationally expensive even for simple PINs.
• UX: User only types a short PIN instead of 24 words on every reload.

Implementation Plan

1. Crypto Utilities (src/utils/crypto.js):

   • Add deriveSessionKey(pin, salt) function.
   • Reuse existing AES-GCM functions for encrypting the key bundle.

2. Store Logic (src/stores/encryptionStore.js):

   • Replace direct localStorage.setItem with encryptAndStoreKeys(pin).
   • Add state: hasEncryptedStorage (boolean) to trigger the PIN modal on load.
   • Add action: unlockStorage(pin).

3. UI Components:

   • Create a SessionUnlockModal that appears if hasEncryptedStorage is true and keys are not in memory.
   • Add a "Lock Wallet" button to clear memory but keep the encrypted blob.