search

ecadlabs / signatory

Signatory - A Tezos Remote Signer for signing block-chain operations with private keys using YubiHSM, AWS, GCP, Ledger's or Azure Key Vault
https://signatory.io
Apache License 2.0
62 stars 18 forks source link

signatory to display the public key (not hash) of a given cloud kms #362

Open nicolasochem opened 1 year ago

nicolasochem commented 1 year ago

I am writing a tutorial on how to use signatory + consensus key + google KMS and I am hitting the following problem:

[venv] nochem@peck ~/workspace/sandbox/gcp-kms-signatory $ ./signatory-cli  list -c signatory.yaml --base-dir .
INFO[0000] Initializing vault                            vault=cloudkms vault_name=gcp
Public Key Hash:    tz3iGkaoKJ5uZ51gotVp6x7wMkGPX1U5jNo5
Vault:              CloudKMS
ID:                 projects/tezos-baker-kms/locations/us-west1/keyRings/tezos-baker-kms/cryptoKeys/tezos-baker-kms/cryptoKeyVersions/1
Active:             false
nochem@peck ~/workspace/tezos () $ ./octez-client  register key alice as delegate with consensus key tz3iGkaoKJ5uZ51gotVp6x7wMkGPX1U5jNo5                                            
Warning:                                                                                                                                                                             

                 This is NOT the Tezos Mainnet.                                                                                                                                      

           Do NOT use your fundraiser keys on this network.                                                                                                                          

Error:                                                                                                                                                                               
  Erroneous command line argument 9 (tz3iGkaoKJ5uZ51gotVp6x7wMkGPX1U5jNo5).                                                                                                          
  no public_key alias named tz3iGkaoKJ5uZ51gotVp6x7wMkGPX1U5jNo5                                                                                                                     
  cannot read file (Unix.Unix_error(Unix.ENOENT, "open", "tz3iGkaoKJ5uZ51gotVp6x7wMkGPX1U5jNo5"))                                                                                    
  Error while parsing URI: PK_URI needs a scheme                                                                                                                                     
  Could not parse input.

I can solve it by signing a reveal operation and looking at the result on-chain but it's unnecessary; can we modify signatory to display the pubkey in addition to the hash? many thanks.

stephengaudet commented 1 year ago

regarding "no public_key alias" from octez-client, possible you still need to import into octez-client private keys, the Signatory URI, and use that alias going forward https://signatory.io/docs/cli#configuring-octez-client-to-use-signatory-for-remote-signing

I can understand wanting to get the public key value from signatory-cli before activating it, makes sense. one way to get the public key from Signatory is to make the key Active by configuring it in the tezos section of signatory.yaml. once active, the key's URI can be queried for the public key: % curl localhost:6732/keys/tz1VSUr8wwNhLAzempoch5d6hLRiTh8Cjcjb {"public_key":"edpkvGfYw3LyB1UcCahKQk4rF2tvbMUk8GFiTuMjL75uGXrpvKXhjn"}

nicolasochem commented 1 year ago

Yes, I figured this shortly after writing this ticket, and it works. Still it doesn't hurt to display it, but feel free to close otherwise.