Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat!: Identity master key can be used only to update identity #384

Merged
merged 31 commits into from
May 13, 2022
Merged

feat!: Identity master key can be used only to update identity #384

merged 31 commits into from
May 13, 2022

Conversation

shuplenkov
Copy link
Collaborator

Issue being fixed or feature implemented

From security considerations, the master key should be used only for updating and disabling identity. For signing other state transitions we need to create another authorization key with security level - high.

What was done?

Changed state transition signature validation

How Has This Been Tested?

With tests

Breaking Changes

"High" security level keys must be used insted of "master"

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added or updated relevant unit/integration/functional/e2e tests
  • I have made corresponding changes to the documentation

For repository code-owners and collaborators only

  • I have assigned this pull request to a milestone

Konstantin Shuplenkov added 4 commits May 11, 2022 17:46
Konstantin Shuplenkov added 2 commits May 12, 2022 13:48
WIP
8b18426
Merge branch 'v0.23-dev' into master-key-validation
799fe9b 
# Conflicts:
#	packages/js-dpp/lib/stateTransition/validation/validateStateTransitionIdentitySignatureFactory.js
shumkov
shumkov requested changes May 12, 2022
View reviewed changes
Copy link
Member

@shumkov shumkov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

signatureSecurityLevelRequirement in DataContract shouldn't allow to set MASTER

shumkov
shumkov approved these changes May 13, 2022
View reviewed changes
Copy link
Member

@shumkov shumkov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job! 👍

@shuplenkov shuplenkov merged commit 1375ee9 into v0.23-dev May 13, 2022
@shuplenkov shuplenkov deleted the master-key-validation branch May 13, 2022 15:56
@thephez thephez added this to the v0.23.0 milestone May 16, 2022
@thephez thephez mentioned this pull request Jul 5, 2022
Merged
3 tasks
@qrayven qrayven mentioned this pull request Sep 21, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shumkov shumkov shumkov approved these changes

@antouhou antouhou Awaiting requested review from antouhou

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.23.0
Development

Successfully merging this pull request may close these issues.
3 participants
@shuplenkov @shumkov @thephez