How signer keys are stored

This article provides insights into how key management is done in the Safe Android and iOS app.

Tobias Schubotz avatar
Written by Tobias Schubotz
Updated over a week ago

It is possible to confirm and reject Safe transactions with the Safe Mobile apps. As a prerequisite, you need to import an owner key by importing a seed phrase or directly a raw private key.

Note: When using import via seed phrase, the apps do not store the entire seed phrase, rather just the private key of the account selected. To add multiple accounts from a single seed phrase, you will have to go through the import flow multiple times.

We recommend to always have a device password/PIN set up for additional access control.


Signing keys are stored in the native iOS Keychain Services, as recommended by Apple. The keychain ensures that only the Safe app can access your keys. Please refer to the Keychain Services Developer Documentation for all details.

We use the access control rule "when unlocked", which means access to the keychain (and thereby the keys) is restricted according to the unlock state of the entire device. The app will only be able to access your keys when the device is unlocked.


We store signing keys encrypted in the local app database on the device. This database is accessible from the app only.

For the encryption, an app key is used, which is stored using the android keystore system. Android keystore system stores cryptographic keys in a container to make it more difficult to extract from the device. Once keys are in the keystore, they can be used for cryptographic operations with the key material remaining non-exportable.

The above-mentioned app key is randomly generated on the first app start. To access the app key in order to decrypt signing keys we use a locking mechanism. Access to the app key is granted if the correct device passcode is entered. This locking mechanism is ignored if the passcode check was disabled by the user.

Did this answer your question?