WF-I-2 — Credential private keys exported from IndexedDB via XSS
Component: Wallet Frontend. Mitigations: Keys stored JWE-encrypted; decryption requires PRF-backed main key. Action: Maintain CSP hardening (tracked in AV-P-6)
| Property | Value |
|---|---|
| Section | Information Disclosure |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-CRYPTO-01 | PKCS#11 HSM Key Protection |
| SID-HARD-05 | Browser Security Controls |
| SID-KEY-01 | WSCA WebSocket Key Signing Delegation |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md