Strategies for storing secrets in NDEF containers

Hi all,

Call it a shower-thought but I’ve been thinking about this and conclude that storing a secret encrypted for my PGP key may be the ‘safest’ way although not 100% practical to get at super quickly/without a computer and the right software.

The idea is that any NDEF capable implant could store serve as a store for a secret such as wallet seed, master password etc, but not be a concern should someone scan your implant.

Does anyone else have a suggestion?

BIP38 is an existing solution for BTC wallets. Not sure about what to use for arbitrary data but this could be good idea for a new android app.

1 Like

I’ve played with a similar thought here Secure auth with dumb chips, secret outside of NDEF (xSIID?)

Conclusion was “wait for apex”.

I mean, if your password is sufficiently long and complex (whatever sufficiently means), then yeah, it’s “secure”.

For storage like this I’d still prefer an Apex tho, where we could have an applet that e.g. destroys the data after 10 failed attempts to enter a password. But at that point, why not just use the Apex to do all the PGP magic?

I guess this is the limiting factor here? I mean nothing will ever happen and it seems like it can’t be avoided in this scenario, but I do not like the idea of “storing PGP key on NDEF”.

If someones less lazy than me, then they might wanna search for and check this NFC read/write app someone on the forum made. IIRC it has encryption built in. EDIT: It’s BioCom!

1 Like

I’m not sure if it’s the one you mean, but @hoker made this one

“- Prompting for decrypting PGP encrypted NDEF records”

I believe he was working on a new one, but not sure of the details


Yes yes, see my edit 2 mins ago :wink: I saw you typing but I legit just stumbled upon the app.

1 Like

Ha, I know, I read it your unedited post, I wrote my reply , I posted and there was your edit…

1 Like

@Pilgrimsmaster @yeka ok cool, fits with my general idea too which is to store PGP encrypted text in a normal NDEF text record.