Store Session data encrypted in IndexedDB with WebCrypto API

[borngraced]

In the current implementation of WalletConnect, session data is stored unencrypted.

One way to implement this is by using the Web Crypto API to generate and manage encryption keys securely. The CryptoKey object can be used to encrypt and decrypt session data. However, a key point to consider is that these keys should be non-extractable, meaning they cannot be easily accessed or tampered with. Instead, the CryptoKey object itself can be securely stored and retrieved from IndexedDB for use in future encryption/decryption operations.

I’ve created a JavaScript gist that demonstrates how to use the Web Crypto API for securely managing encryption keys and storing them in IndexedDB. This method ensures that the key material is protected, and only the necessary cryptographic operations are exposed.

Implementing a similar approach in WalletConnect would significantly enhance the security of session data and safeguard user information from potential breaches.

Here's an example gist on how this can work
https://gist.github.com/borngraced/e0ae3546338cf707cc5b6462d774e69b

refs:
https://w3c.github.io/webcrypto/#security-developers
https://w3c.github.io/webcrypto/#security-implementers
https://w3c.github.io/webcrypto/#concepts-key-storage
https://w3c.github.io/webcrypto/