SID-KEY-01 — WSCA WebSocket Key Signing Delegation

Property	Value
Status	verified
Owner	platform
Category	technical
CSF Function	protect
Group	Key Management Controls

Description

Wallet Secure Cryptographic Application: signing operations delegated to frontend via authenticated WebSocket. Backend requests signing; frontend executes with local keys in the encrypted keystore. Keys never transmitted to backend.

Components

Wallet Frontend
Wallet Backend (Go)
WSCA / HSM

Source References

go-wallet-backend/websocket/manager.go

Audit Findings

Finding	Severity	Status
EN-P-2 — WSCD/WSCA via FIDO sign extension	critical	in progress
EN-P-5 — Partial user authentication and session controls	high	in progress
EN-P-6 — Partial key management and credential operations	medium	in progress

Description​

Components​

Source References​

Audit Findings​

Description

Components

Source References

Audit Findings