Private wallet data preferences should be encrypted

[bsclifton]

Description

Carried over from brave/browser-laptop#10705

The wallet private key and passphrase are as sensitive as most passwords, so we should use the Brave password manager encryption key to encrypt them before saving to disk.

[bridiver]

I think the best way to handle this is to add something like LedgerClient::EncryptString/LedgerClient::DecryptString which internally uses os_crypt. It doesn't look like there is "keychain" storage available on all platforms so I think we just need to encrypt before saving to disk (base64 encoded if saving to json). @diracdeltas ?

[diracdeltas]

what does os_crypt use to store the encryption key if a keychain-like mechanism isn't available?

[bridiver]

@diracdeltas os_crypt just encrypts the data using the OS encryption key and then we would just store the output in a file. I'm just saying that it doesn't look like we have a good way to directly store the output in something like macos keychain vs storing the encrypted output in a local file

[diracdeltas]

@bridiver i think we're on the same page here; in the original issue i mean store the encryption key in keyring (or whatever is available on the OS*), not store the private key itself in the keyring. the encrypted output can be stored in regular storage.

* appears this would be keyring on macos / Gnome Keyring or KDE Wallet Manager on linux

[bridiver]

the only concern I have here is that 3rd-party clients may not properly encrypt the data and could make bat-native-ledger/ads look insecure through a poor implementation of the encrypt/decrypt methods. The alternative would be to embed os_crypt into the lib which should be ok because it has code for all platforms including IOS. cc @tmancey @SergeyZhukovsky

[diracdeltas]

Does this not encrypt on windows due to lack of an underlying OS keychain-like mechanism?

[diracdeltas]

we should also encrypt the Authorization token (stored in the Preferences file under external_wallets > token ). @ryanml originally pointed this out in february but shoutout to hihihou on HackerOne for reminding me to put it in this issue since it's part of the same overall problem (sensitive rewards data needs to be encrypted on disk).

[mrose17]

@mrose17 - tracking

[LaurenWags]

Verified passed with

Brave	1.16.50 Chromium: 86.0.4240.55 (Official Build) dev (x86_64)
Revision	a6d625ef6f7fe8ea0675f1cf759155a05ee1be40-refs/branch-heads/4240@{#953}
OS	macOS Version 10.14.6 (Build 18G3020)

Verified plan 1 from brave/brave-core#6213. Confirmed able to connect to Uphold on clean profile and view balance. Confirmed able to 1 time tip. Confirmed able to perform AC and recurring tip.

Verified plan 2 from brave/brave-core#6213. Confirmed brave://rewards was displayed correctly after upgrade from 1.15.x to 1.16.x and Uphold wallet was still connected as expected. After upgrade, confirmed able to 1 time tip. Confirmed able to perform AC and recurring tip.

---

Verification passed on

Brave	1.16.52 Chromium: 86.0.4240.68 (Official Build) dev (64-bit)
Revision	ad72ee9aa8e15ed300df1238e76c7a8f4d686f97-refs/branch-heads/4240@{#1097}
OS	Ubuntu 18.04 LTS

---

Verified plan 1 from brave/brave-core#6213. Confirmed able to connect to Uphold on clean profile and view balance. Confirmed able to 1 time tip. Confirmed able to perform AC and recurring tip.

Verified plan 2 from brave/brave-core#6213. Confirmed brave://rewards was displayed correctly after upgrade from 1.15.x to 1.16.x and Uphold wallet was still connected as expected. After upgrade, confirmed able to 1 time tip. Confirmed able to perform AC and recurring tip.

---

Verification passed on

Brave | 1.16.58 Chromium: 86.0.4240.75 (Official Build) dev (64-bit)
-- | --
Revision | c69c33933bfc72a159aceb4aeca939eb0087416c-refs/branch-heads/4240@{#1149}
OS | Windows 10 OS Version 1903 (Build 18362.1082)

Verified plan 1 from brave/brave-core#6213. Confirmed able to connect to Uphold on clean profile and view balance. Confirmed able to 1 time tip. Confirmed able to perform AC and recurring tip.

Verified plan 2 from brave/brave-core#6213. Confirmed brave://rewards was displayed correctly after upgrade from 1.15.x to 1.16.x and Uphold wallet was still connected as expected. After upgrade, confirmed able to 1 time tip. Confirmed able to perform AC and recurring tip.

[srirambv]

Verification passed on OnePlus 6T with Android 10 running 1.16.62 x64 build

• Verified scenario 1 from Adds encryption on important data brave-core#6213
• Verified able to connect to uphold on a clean profile and able to perform tips/recurring tips/ac
• Verified scenario 2 from Adds encryption on important data brave-core#6213
• Verified able balance shows as expected after upgrading from 1.15.66
• Verified able to still send one-time tip/recurring tip/ac after upgrading

---

Verification passed on Samsung Tab A with Android 10 running 1.16.62 x64 build

• Verified scenario 1 from Adds encryption on important data brave-core#6213
• Verified able to connect to uphold on a clean profile and able to perform tips/recurring tips/ac
• Verified scenario 2 from Adds encryption on important data brave-core#6213
• Verified able balance shows as expected after upgrading from 1.15.66
• Verified able to still send one-time tip/recurring tip/ac after upgrading