Secure key management

[kmw101]

Implement Secure key management.

It is best to use key storage with the ability to set the current key. Then when we use bnscli it just automagically takes the chosen key or errors out if none is chosen. We won't have to tell bnscli anything then as it will already know.

Proposal (by @ruseinov):

1. Use Encrypt/Decrypt from cosmos-sdk as described here: Secure key management #855 (comment) to encrypt/decrypt the file.
2. Use protobuf objects like these (write them into two separate files):

message EncryptedStore {
   string mnemonic = 1;
   repeated Key keys = 2; ( { name, hexEncodedprivateKey }, sequence is an index within the array
}

message PublicStore {
  repeated PubKey keys = 1; ({ name, pubKey, address}), sequence and name correspond to those of encryptedStore
}

to store data.
3. Use the flow described in #855 (comment) for create/list/sign.

Key derivation

See #856 (comment) for details

[ethanfrey]

From #856 we can use a mnemonic to create iov-core compatible account sequences.

For secure key management, we should:

• store the info in an encrypted file
• prompt user for a password (on stdin) to decrypt the file when we sign
• use account sequences (0, 1, 2) and optional names with each key to identify it.
• default to --account=0 if nothing is provided
• add bnscli key create [name] to create the next sequence with an optional name (this requires a password to access the mnemonic)
• add bnscli key list to show all keys and addresses (ideally without requiring a password, we can store the public info unencrypted)
• bnscli sign [-keyfile=<file>] [-account=N] will load keys from the keyfile (provide default path) and select account by sequence or name

Reference code for handling password input securely: https://github.com/cosmos/cosmos-sdk/blob/master/client/keys/utils.go#L40-L77
Reference code for handling keys (and persisting encrypted to disk): https://github.com/cosmos/cosmos-sdk/blob/master/crypto/keys/keybase.go

[ethanfrey]

For actual encryption/decryption, we can use the following (unless there is a better suggestion):

• Encrypt
• Decrypt

This uses bcrypt as a KDF, along with xsalsa20 for encryption. I do think iov-core's use of scrypt with argon2 KDF and Xchacha20poly1305Ietf encryption is more modern and arguably more secure. (In fact both algorithms are the named successors to those used in cosmos-sdk). However, importing the cosmos-sdk encyption is a no-brainer and has been audited. Discuss which approach to take before starting.

[alpe]

This task includes the key derivation as mentioned in #856 (comment) .

[alpe]

Addresses contain a key prefix in iov-core

• "iov" mainnet prefix
• "tiov" testnets

[webmaster128]

This requires the following software-based key derivation:

1. Generate and English BIP39 compatible mnemonic (See Create the base secret)
2. Store this secret on disk (using whatever encryption; we can start unencrypted)
3. Use a BIP39 library to create the seed with no password (see From_mnemonic_to_seed; test vectors)
4. Have a SLIP-0010 library derive the first Ed25519 keypair using derivation path m/44'/234'/0' (See docs; test vectors)
5. Derive weave address from Ed25519 pubkey (see docs; test here is based on weave test vecors)
6. Derive Bech32 address from weave address (see docs; test vectors)

[ruseinov]

Reopening as only the derivation part of this ticket is done, the key store (described in issue body) hasn't been approached yet.

[husio]

As discussed today during our call, @webmaster128 and @davepuchyr will decide what functionality we want to provide in bnscli. The current implementation and possible improvements were discussed. Now we need a decision what changes do we need to apply to complete key management functionality in bnscli