New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] - cardano-cli named pipe for signing key: fails, does not block #4101
Comments
This may also relate to #4235 |
i did a test, this is working with cardano-cli 1.35.3-rc1: tmpKey=$(cat ${fromAddr}.skey)
${cardanocli} transaction sign --tx-body-file ${txBodyFile} --signing-key-file <(echo "${tmpKey}") ${magicparam} --out-file ${txFile}
|
but this output redirection to the stdout is not working for the VRF-Key creation: $ cardano-cli node key-gen-VRF --verification-key-file "test.vrf.vkey" --signing-key-file /dev/stdout
cardano-cli-1.35.3-rc1: /dev/: openTempFile: permission denied (Permission denied) Why the heck on earth wants cardano-cli to write a TempFile in the path given for the output signing key!? |
It also promotes security when we can read a VRF signing key from a pipe, like we ourselves often do when generating the
|
@disassembler said it's most likely caused by libsodium, thats the only exposed cli function that uses libsodium. i recently updaten my SPO scripts to do .skey encryption/decryption on the fly. and catching a generated signing-key via a pipe is working with all commands. but the key-gen-VRF is the only one that is not working. |
When reading a key from a file, `readFile` from ByteString was used. Unfortunately this operation doesn't play nicely with pipes. We now use `openFileBlocking` so that we can wait for data which comes from a pipe. Fixes #4101
4342: Use openFileBlocking for reading signing keys r=newhoggy a=LudvikGalois When reading a key from a file, `readFile` from ByteString was used. Unfortunately this operation doesn't play nicely with pipes. We now use `openFileBlocking` so that we can wait for data which comes from a pipe. Fixes #4101 Co-authored-by: Robert 'Probie' Offner <robert.offner@iohk.io>
When reading a key from a file, `readFile` from ByteString was used. Unfortunately this operation doesn't play nicely with pipes. We now use `openFileBlocking` so that we can wait for data which comes from a pipe. Fixes #4101
When reading a key from a file, `readFile` from ByteString was used. Unfortunately this operation doesn't play nicely with pipes. We now use `openFileBlocking` so that we can wait for data which comes from a pipe. Fixes #4101
When reading a key from a file, `readFile` from ByteString was used. Unfortunately this operation doesn't play nicely with pipes. We now use `openFileBlocking` so that we can wait for data which comes from a pipe. Fixes IntersectMBO/cardano-node#4101
When reading a key from a file, `readFile` from ByteString was used. Unfortunately this operation doesn't play nicely with pipes. We now use `openFileBlocking` so that we can wait for data which comes from a pipe. Fixes IntersectMBO/cardano-node#4101
Internal/External External
Category CLI syntax, argument processing, file system interface
Either
cardano-cli
does not block when given a named pipe as an argument for--signing-key-file
(and possibly other option arguments) or it fails because the named pipe is not recognised as a file.Steps to reproduce
The final command above fails with this error message immediately.
Expected behaviour
The proper behaviour would be for the
cardano-cli transaction sign
to block until it receives an EOF from reading/tmp/sign-through-fifo.skey
(after someone or something else has written the key file contents into that file). From https://linux.die.net/man/3/mkfifo -System info (please complete the following information):
OS Name: Ubuntu 5.4.0-121-generic
OS Version: 20.04 focal
Context & reasoning
There is an argument, presented here: https://forum.cardano.org/t/cardano-cli-signing-a-transaction-without-directly-accessing-the-skey-file-in-plain-text/103742/11
... that any effort to "secure"
cardano-cli
's handling of private keys is actually forcing the private keys into files, where as cleartext they are the least secure of all, not to mention subject to many types of remanence of the file system... especially theext4
journal which makes files practically impossible to delete.If security reservations are still maintained by the node developers then we need them to be publicly discussed here (or cited, if this deliberation has already taken place). Until then I propose this is a "bug" since whatever sanity check is being done on the key file argument simply does not recognise the presence of a named pipe.
The text was updated successfully, but these errors were encountered: