-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypted Key Store #1078
Encrypted Key Store #1078
Conversation
In addition to
@ec2 I'd like your opinions on these:
I think 2 & 3 these are nice-to-haves, maybe I can put them in a separate issue, when we have the option for running in "production" mode vs "development" mode. |
Also @connormullett , check this out:
Though, should we be able to encrypt a private key that's already be written to the keystore, or should we only write freshly encrypted keys? |
* WIP RPC API for encrypted keystore unlock method. * Updates based on PR review feedback.
…e/forest into connor/1033-encrypted-key-store
… KDF. Replace hostname-based salt with random generated salt.
72c2764
to
5620ac8
Compare
loop on incorrect passphrase
fix conflicts; refactor tests for new keystore API;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just tested it out, it works great!
Great work, @connormullett, and a fantastic first contribution!
key_management/src/keystore.rs
Outdated
} | ||
} | ||
pub enum KeyStoreConfig { | ||
Memory(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: we don't need the ()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that's fair. I just figured it looked more consistent that way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Refactored.
key_management/src/keystore.rs
Outdated
encryption: None, | ||
}), | ||
KeyStoreConfig::Persistent(location) => { | ||
let file_path = location.join(Path::new(KEYSTORE_NAME)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can just pass KEYSTORE_NAME
to join, as it accepts anything that implements AsRef and &str does: https://doc.rust-lang.org/std/path/struct.PathBuf.html#method.join
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. It does seem like if you use encrypted mode, you cant access your unencrypted keys. I wonder if we want that functionality in the future...
While the daemon is running, yes; However, the file still exists. Switching the daemon off to use another set of keys doesn't sound ideal so I agree.
key_management/src/keystore.rs
Outdated
) -> Result<Vec<u8>, EncryptedKeyStoreError> { | ||
let ciphertext = &msg[..msg.len() - 24]; | ||
|
||
let nonce = match secretbox::Nonce::from_slice(&msg[msg.len() - 24..]) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok_or
is perfect for these situations where we want to return an Err
in None
match arm.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes it much cleaner (cause ?
op). Thanks for this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, i love how std lib APIs compose well together
Awesome work! Let's get this merged |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. It does seem like if you use encrypted mode, you cant access your unencrypted keys. I wonder if we want that functionality in the future...
Summary of changes
Changes introduced in this pull request:
Reference issue to close (if applicable)
Closes #1033
Thank you 🔥