New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure key management #855
Comments
From #856 we can use a mnemonic to create iov-core compatible account sequences. For secure key management, we should:
Reference code for handling password input securely: https://github.com/cosmos/cosmos-sdk/blob/master/client/keys/utils.go#L40-L77 |
For actual encryption/decryption, we can use the following (unless there is a better suggestion): This uses |
This task includes the key derivation as mentioned in #856 (comment) . |
Addresses contain a key prefix in iov-core
|
This requires the following software-based key derivation:
|
Instead of generating a random private key use algorithm described in https://github.com/iov-one/iov-core/blob/master/docs/address-derivation-v1.md to create a mnemonic and later use that mnemonic to create a private key. resolve #855 Tests are missing.
cmd/bnscli: use mnemonic to generate private key Instead of generating a random private key use algorithm described in https://github.com/iov-one/iov-core/blob/master/docs/address-derivation-v1.md to create a mnemonic and later use that mnemonic to create a private key. resolve #855
Reopening as only the derivation part of this ticket is done, the key store (described in issue body) hasn't been approached yet. |
As discussed today during our call, @webmaster128 and @davepuchyr will decide what functionality we want to provide in |
Implement Secure key management.
It is best to use key storage with the ability to set the current key. Then when we use bnscli it just automagically takes the chosen key or errors out if none is chosen. We won't have to tell bnscli anything then as it will already know.
Proposal (by @ruseinov):
to store data.
3. Use the flow described in #855 (comment) for create/list/sign.
Key derivation
See #856 (comment) for details
The text was updated successfully, but these errors were encountered: