search

divviup / janus

Experimental implementation of the Distributed Aggregation Protocol (DAP) specification.
Mozilla Public License 2.0
52 stars 14 forks source link

Key generation tool #801

Closed divergentdave closed 1 year ago

divergentdave commented 1 year ago

I think we should write a small CLI tool to generate HPKE keypairs, and output the HPKE config and private key material in the formats Janus expects them. This would simplify the process of manual task provisioning, especially with regards to the collector keypair. Previously, we have written ad-hoc code to help construct task definitions. Providing a keygen tool allows us to ask early partners to generate their own collector private key, and send us the public key/HPKE config. The janus_messages crate would be a good home for this, as another binary alongside dap_decode.

This should take in command line arguments (via clap) for the algorithm choices and HPKE config ID, and output the resulting HpkeConfig and HpkePrivateKey as both YAML documents, for use in Janus task definition files, and as encoded DAP messages, in base64url, for use with the collect CLI. We could write all four representations to standard output, separated by --- YAML document separators, and annotated with comments.

tgeoghegan commented 1 year ago

I previously wrote up https://github.com/divviup/janus/issues/528 which addresses one of the use cases you describe here, but I like how your proposal helps with the case of distributing keys to collectors.

divergentdave commented 1 year ago

Done in #1116, follow-up improvements are tracked in #1182.