Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better defaults for ipfs key export (PEM, PKCS) #8594

Closed
lidel opened this issue Dec 8, 2021 · 4 comments
Closed

Better defaults for ipfs key export (PEM, PKCS) #8594

lidel opened this issue Dec 8, 2021 · 4 comments
Assignees
@schomatis
Labels
effort/days Estimated to take multiple days, but less than a week exp/intermediate Prior experience is likely helpful help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature topic/security Topic security
Milestone
Best Effort Track

Comments

@lidel
Copy link
Member

lidel commented Dec 8, 2021
edited

Current implementation

Right now, the ipfs key export -o foo.key just spits out the key in proprietary Protobuf, without any protection:

This is not only a dangerous default, but makes it difficult to interop with the outside world.
People building on IPFS asked for the ability to generate keys outside go-ipfs and/or export them in a form that is useful out of the box, or a safer way to export a key to move it to a different box.

Ref. https://discuss.ipfs.io/t/importing-pem-encoded-private-key/12770/9

Proposed fix

We should fix the default behavior and do what js-ipfs does:

ipfs.key.export(name, password, [options]):
Export a key in a PEM encoded password protected PKCS 8

Namely:

  • never export unencrypted keys by default
  • leverage well-established open standards to maximize interoperability and improve devexp

Some implementation suggestions:

  • change the default to produce something like well-established PEM 8 (https://en.wikipedia.org/wiki/PKCS)
  • make --format=pem-pkcs8-encrypted the implicit default
    • this ensures the default is sane: requires password and produces encrypted key
    • it is ok to allow unencrypted export via explicit opt-in --format=pem-pkcs8-cleartext
  • handle legacy format: allow users to export to the old format via something like --format=libp2p-protobuf-cleartext
  • import should be smart enough to detect the key format based on a few first bytes, but it should also take explicit --format and return error if input does not match expected format

Update: turns out js-ipfs uses PEM only for RSA keys, Ed25519 (current default) use custom format encrypted with aes-gcm (details in #8616 (review)) – I suggested focussing on cleartext (unencrypted) PEM for now, as it the most interoperable with external software.
@lidel lidel added kind/enhancement A net-new feature or improvement to an existing feature help wanted Seeking public contribution on this issue topic/security Topic security exp/intermediate Prior experience is likely helpful effort/days Estimated to take multiple days, but less than a week labels Dec 8, 2021
@lidel lidel changed the title Better default for ipfs key export Better defaults for ipfs key export (PEM, PKCS, encrypt with passphrase) Dec 8, 2021
@schomatis

This comment has been minimized.

Sign in to view
@schomatis schomatis self-assigned this Dec 13, 2021
@schomatis schomatis mentioned this issue Dec 16, 2021
Merged
@lidel

This comment has been minimized.

Sign in to view
@BigLep BigLep added this to In Review in Maintenance Priorities - Go Jan 5, 2022
@BigLep BigLep added this to In Review in Go IPFS Roadmap Jan 5, 2022
@lidel
Copy link
Member Author

lidel commented Jan 19, 2022
edited

Turns out js-ipfs uses PEM only for RSA keys, Ed25519 keys (current default) use custom format encrypted with aes-gcm (details in #8616 (review))
Due to this, we are focussing on cleartext (unencrypted) PEM for now, as it the most interoperable with external software, and we will not be changing any defaults at this time. Such decision requires cleaning up interop with js-ipfs first.

👉 Opt-in support for keys in cleartext PEM files is being implemented in #8616, this should be enough to allow cool interop with other software: using IPFS keys in other apps, or generating (deriving) a key by a third party app and then importing and using it for IPNS.

@lidel lidel moved this from In Review to Backlog in Maintenance Priorities - Go Jan 19, 2022
@lidel lidel removed this from In Review in Go IPFS Roadmap Jan 19, 2022
@BigLep BigLep removed this from Backlog in Maintenance Priorities - Go Mar 10, 2022
@BigLep BigLep added this to the Best Effort Track milestone Mar 10, 2022
@schomatis
Copy link
Member

schomatis commented Mar 17, 2022

Done in #8616.

@lidel lidel changed the title Better defaults for ipfs key export (PEM, PKCS, encrypt with passphrase) Better defaults for ipfs key export (PEM, PKCS) Mar 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schomatis schomatis

Labels
effort/days Estimated to take multiple days, but less than a week exp/intermediate Prior experience is likely helpful help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature topic/security Topic security
Projects
Kubo IPFS Stewards (PL EngRes)
Status: ☑️ Done (Archive)
Milestone
Best Effort Track
Development

No branches or pull requests
3 participants
@BigLep @lidel @schomatis