search

capsule-corp-ternoa / worker

SubstraTEE worker for SubstraTEE node
Apache License 2.0
0 stars 0 forks source link

[client] keyvault interaction #4

Closed brenzi closed 3 years ago

brenzi commented 3 years ago

according to #1

For simplicity keyvault list returns all urls registered in the enclave registry, without checking MRENCLAVE

keyvault provision

  1. read aes256 key from file
  2. M = number of lines in urllist
  3. N = arg
  4. shamir split aes256 key into M shares, of which any N are needed for key recovery (consider https://crates.io/crates/sharks)
  5. for all urls in list a. send ith share to url_i b. verify availability

edge cases

url may not be responsive -> ignore for now

keyvault check

query keyvault if single share for NFTid is in store

keyvault get

query single key share

haerdib commented 3 years ago

EDIT: 4: shamir split aes256 key into M shares, of which N are needed for key recovery

haerdib commented 3 years ago

@brenzi: keyvault list is within the keyvault section, but it actually does not interact with the keyvault .. or does it? I've understood the keyvault list more like a differently named list-workers .

Update: Yes, keyvaults are queried from onchain

haerdib commented 3 years ago

To read aes256 key from file an extra input (file name ) for provision call is needed on client side.