10 min read
Your Identity Is a Seed
A CardanoWall identity is one 32-byte Identity Seed. Save that seed and you can restore your signing and receive keys in any Label 309 tool; lose it and you lose future use of that identity.
SecurityGuides
Posts tagged “security”
10 min read
Why Your Keys Never Leave the Device
In CardanoWall, signing, sealing, and decryption all happen locally — the gateway publishes proofs and stores ciphertext but is designed never to receive your private keys.
Security
10 min read
Build a Verifiable Security Incident Timeline Without Going Public
How a security team can timestamp and seal incident evidence as it is collected — a durable, independently verifiable timeline that proves what existed when, without publishing sensitive details.
SecurityCompliance & Legal
9 min read
How CardanoWall Stores Your Identity
CardanoWall stores your identity as encrypted vault ciphertext, never plaintext seeds. Here is exactly what the server holds, what only your passkey can open, and why your seed is the real backup.
Security
8 min read
How Passkeys Protect Your Identity Vault in CardanoWall
A passkey does not become your CardanoWall identity — it unlocks an encrypted vault that only your authenticators can open. Here is how WebAuthn PRF makes daily access easy without making CardanoWall a seed custodian.
Security
8 min read
Where CardanoWall Keeps Your Keys in the Browser
In the browser, CardanoWall keeps unlocked keys in session memory and writes only encrypted vault ciphertext to IndexedDB — never plaintext Identity Seeds or private keys.
Security
7 min read
Public Computer Mode: Using CardanoWall on a Shared Device
Public computer mode stops CardanoWall from writing identity data to the browser, so a shared device keeps no trace after you leave. It does not make a compromised machine safe while you are signed in.
SecurityGuides
7 min read
Synced Passkeys vs Hardware Keys for Your Identity Vault
Synced passkeys roam across your devices; hardware keys stay device-bound and physically controlled. CardanoWall can use either to unlock your identity vault when WebAuthn PRF is supported — and the Identity Seed stays your real backup either way.
Security
7 min read
What Happens If You Remove a Passkey in CardanoWall?
Removing a passkey re-encrypts your current CardanoWall identity vault to the remaining factors and hard-deletes the old ciphertext — real revocation going forward, but it cannot undo access that already happened.
Security
8 min read
What CardanoWall Can See (and What It Can't)
CardanoWall sees account, billing, and public proof data. By design it does not see your plaintext Identity Seed, your private keys, or the plaintext of a sealed file.
Security
6 min read
Verify a Recipient Before You Seal a File
A receive address is a public key, not a name. Before you seal a sensitive file, confirm the recipient's address through a trusted channel — encryption can work perfectly and still send to the wrong person.
SecurityGuides