search

CREDITSCOM / node

Credits Node is the main module that provide an opportunity to run a node and participate in CREDITS blockchain network.
https://developers.credits.com/
GNU Affero General Public License v3.0
151 stars 16 forks source link

use client wallet to remotely validate a node #24

Closed micmac0 closed 5 years ago

micmac0 commented 5 years ago

Is your feature request related to a problem? Please describe. Many Credits followers will use some VPS to run their node. Also, storing keys even encrypted can be a problem of confidence with VPS operators as admin may access to vm if not well protected. Also, even for home nodes, running a system 24h/24 can bring security issues. So I do not know if this idea is doable, but your feedback could be interesting for me to read.

Describe the solution you'd like 1 / Generate from a client a new wallet (cscrypto, desktop or whatever) 2/ push only public key to the node 3/ start the node, node will connect to blockchain but can not participate to consensus until it s verified with a message signed by private key 4/ From client (with desktop wallet for exemple) ask node to sign a phrase 5/ Node generate a phrase to sign and send it back to client wallet 6/ Client wallet sign with local private key the phrase and send it to node 7/ node/chain verify signature and activate node if signature is ok

kondrashovsv commented 5 years ago

From the above it is not clear where the private key of the node is stored? Without a private key, the node will not be able to sign any message.

The following option is considered. when the client starts on the command line, we will specify the argument, and the node will request the private key in an interactive mode (by analogy with entering the ssh password). The entered key will not be stored on the VPS file system in any way.

micmac0 commented 5 years ago

interactive mode can be ok. My idea was a little different :

Node have only public key on system. Private and Public keys are stored somewhere with user (on his computer, on a paper wallet or whatever)

User desktop wallet (on user PC remotely) put at login page public and private key of his node (and also configure properties file to connect to his node). This way wallet is connected to the node which is not acivated. Then wallet ask to node a random String to sign Wallet send signature to node Node compare signature with random String generated previously and public key and if ok activate node for consensus.

This way private key is never used on remote system. Private key never cross network Only a sign message is used to verify the key

micmac0 commented 5 years ago

sorry you right I missed it : "Without a private key, the node will not be able to sign any message." so bad idea. or may be would need something much more complicated such as subaddress associated to the main one and this subaddress would generated on the fly when node is activated. This way subaddress sign for node and has 50k from main and pay main address. Do not know if doable and if so should take time so ok to close this this thread

kondrashovsv commented 5 years ago

In the future, you can see the possibility of implementing the connection services for storing keys, such as Azure Key Vault, Hashicorp vault and the like. But we must carefully evaluate all the risks