KeyStore Storage
Why We're Using React Native Keychain for Secure Private Key Storage
The Problem
In any mobile app that handles cryptographic identities whether for blockchain wallets, end-to-end encrypted messaging, or secure authentication flows securely storing private keys on the user's device is a non-negotiable requirement.
Storing a private key insecurely (e.g., in AsyncStorage, the file system, or an unencrypted database) exposes the user to catastrophic security risks. If someone gains access to that key, they gain complete control over the user's identity or assets.
So the question is not "Should we store private keys?" it's "How can we store them safely, without compromising usability?"
Why React Native Keychain
We use React Native Keychain because it provides:
OS-Level, Hardware-Backed Security
Rather than trusting JavaScript-level storage (which is easily inspected or extracted), Keychain interfaces directly with platform-native secure key storage:
iOS: The private key is stored in the Secure Enclave, a dedicated hardware chip designed to keep cryptographic material isolated even from the OS kernel.
Android: On modern devices, keys are stored using the Android Keystore, often tied to a Trusted Execution Environment (TEE).
This means private keys are protected by the same hardware-level security used to store your phone’s biometrics and unlock credentials.
Perfect Fit for Private Keys
Private keys are a unique class of data: they’re long-lived, high-value, and cannot be reset if leaked. React Native Keychain treats them with the appropriate level of sensitivity:
Encrypted at rest the OS encrypts the data before writing it to disk.
Accessible only to our app other apps can’t query or extract it.
Optional biometric enforcement we can restrict access so that the key is only retrievable when Face ID or fingerprint is successfully validated.
This allows us to safely store key material on-device without ever transmitting it to a server.
What We’re Avoiding
We explicitly chose not to use:
AsyncStorage
Unencrypted, accessible via root; insecure for secrets
File system / SQLite
Requires manual encryption and complex secure bootstrapping
Server-side key storage
Compromises user privacy and decentralization; introduces trust
Security-Usability Tradeoff
Storing private keys in memory or prompting the user every session would maximize security but it kills usability.React Native Keychain lets us hit a sweet spot:
Security: Hardware-backed encryption, OS protections, and biometric gating
User experience: The key is stored once, and reused silently unless stronger protections are needed
Trustlessness: Users retain full custody of their cryptographic keys; nothing is ever synced to a server
Real-World Applications
We use this secure storage in contexts like:
Wallet-based identity: Storing long-term identity keys for signing/verifying actions or authenticating with decentralized services
Encrypted messaging: Persisting asymmetric keys used in establishing forward-secure communication sessions
Quantum-resistant cryptography: Holding ML-KEM keys or post-quantum session secrets locally
Decentralized authentication: Users authenticate using cryptographic signatures rather than usernames/passwords so the private key is the identity
Summary: Why We Trust It
React Native Keychain gives us a battle-tested, OS-native, hardware-backed way to store secrets that balances strong cryptographic hygiene with a smooth user experience.In our app, where security and privacy are core values, it ensures:
The private key never leaves the user’s device
The key is protected by the same systems that protect your phone’s unlock credentials
The experience is seamless but not reckless
Last updated