we should use a security way to save user's private key

xiaoch05 commented 3 years ago

right now we have many private keys save in the configure file, it's not safe. we may use some other ways such as key-store or other crypto ways to save them.

hackfisher commented 3 years ago

There was an handy cmd tool in old bridger implementation:

https://github.com/darwinia-network/bridger/blob/fd1c67bacafd42f0e350653e45a162aeeb57218a/provider/darwinia-bridger/src/cmd/encrypt_key.rs#L11

We might need to move it or reimplement it in new bridger implementation.

fewensa commented 3 years ago

It's solved by this commit https://github.com/darwinia-network/bridger/pull/203/commits/263354e297481757fffc505b74b6518da2784951.

For examples.

#[derive(BridgeCrypto)]
pub struct Foo {
    #[crypto(is_enable)]
    enable: bool,
    #[crypto(decrypt)]
    name: String,
    #[crypto(decrypt)]
    country: String,
    power_level: u64,
}

this will be expand

pub struct Foo {
    #[crypto(is_enable)]
    enable: bool,
    #[crypto(decrypt)]
    name: String,
    #[crypto(decrypt)]
    country: String,
    #[crypto(decrypt)]
    power_level: u64,
}
impl Foo {
    pub fn name_decrypt(&self, password: impl AsRef<str>) -> anyhow::Result<String> {
        if !self.enable {
            return Ok(self.name.clone());
        }
        let crypto = bridge_primitives::crypto::Crypto::new();
        crypto.decrypt(password.as_ref(), &self.name)
    }
    pub fn country_decrypt(&self, password: impl AsRef<str>) -> anyhow::Result<String> {
        if !self.enable {
            return Ok(self.country.clone());
        }
        let crypto = bridge_primitives::crypto::Crypto::new();
        crypto.decrypt(password.as_ref(), &self.country)
    }
}

The bridge-primitives crate is required.

Use it.

let foo = Foo { .. }
let name = foo.name_decrypt("password").except("failed to decrypt name");

darwinia-network / bridger

we should use a security way to save user's private key #140