Hardkey™ is currently in Beta.
- No Audit: This codebase has not undergone a formal security audit.
- API Stability: APIs are stabilizing but may still change in minor ways before v1.0.
- High-Value Assets: Do not use this library to secure high-value assets (cryptocurrency, sensitive personal data) in production without your own thorough security review.
Hardkey™ relies on the security guarantees of the underlying platform hardware:
| Platform | Security Mechanism |
|---|---|
| iOS | Secure Enclave (Hardware isolation) |
| Android | TEE / StrongBox (Hardware isolation) |
| Web | WebCrypto / WebAuthn (Browser sandbox) |
| Node.js | Software-backed (unless using a TPM) |
See docs/security_model.md for the full threat model.
If you discover a security vulnerability, please do not open a public issue.
Instead, email us at: hello@aifootprint.ai
We will acknowledge your report within 48 hours and work with you to address the issue.
We follow responsible disclosure practices:
- Report the vulnerability privately via email.
- Allow up to 90 days for us to address the issue.
- Coordinate public disclosure after a fix is available.