The secure enclave is a piece of isolated hardware inside your mobile phone. It is air-gapped and cannot be read from external sources, much like a Trezor device.
When the mobile phone needs to use it, it can only send a request for which the enclave then sends back a payload. Nobody can retrieve the keys from the enclave.
Implementation in iOS and Android
While both iOS and Android don’t support storing ethereum keys directly in its secure enclave, it is possible to create a key in the enclave which is then used to encrypt the ethereum key.
In Android, this is done directly by creating an AES key in the enclave which can encrypt/decrypt the ethereum key.
iOS must do an extra step because only EC keys are supported. EC keys cannot encrypt directly but can be used to derive another key which then encrypts the ethereum key.
Despite this, the users ethereum key is still secure as the only way to decrypt it is to use the keys stored in the enclave. If someone gains access to your encrypted key, they will not be able to decrypt it and take the money.
Handy hints to let you know how safe you are
Our apps now give you an idea of how safe your keys are by presenting a coloured bar.
Users who have ‘locked’ their keys with the secure enclave and have a full backup will receive a green bar to let them know they have leveraged the full security features of AlphaWallet.
No lock means no protection from the enclave and will show an orange colour and a warning message.
No backup or lock is the lowest form of protection and will display a red bar plus a warning banner reminding you to backup.