Description
This task follows the initial encryption implementation and adds an additional security layer (defense-in-depth) for mobile platforms.
The goal is to use hardware-backed keys to wrap (encrypt) the software-derived encryption key.
On mobile devices, this ensures that even if the application's memory or local storage is compromised, the encryption key cannot be used without the hardware-protected master key. This key is non-exportable and stored inside the device's Secure Enclave / Trusted Execution Environment (TEE).
Description
This task follows the initial encryption implementation and adds an additional security layer (defense-in-depth) for mobile platforms.
The goal is to use hardware-backed keys to wrap (encrypt) the software-derived encryption key.
On mobile devices, this ensures that even if the application's memory or local storage is compromised, the encryption key cannot be used without the hardware-protected master key. This key is non-exportable and stored inside the device's Secure Enclave / Trusted Execution Environment (TEE).