Closed feliciss closed 7 months ago
The latest updates on your projects. Learn more about Vercel for Git ↗︎
When to unlock the private key?
When decrypting private key, the user would need to provide:
To decrypt the private key and sign the transaction, by design.
Discussion:
argon2
hash to key store for password verification.TODO: do some refactor to key store and retrieve decrypted private keys from key store params in signing functions.
It may take some days and if it isn't included in Q3 release, I will handle this issue at a stable pace.
This design may need further refactor:
nonce
shouldn't be used twice for Argon2 and ChaCha20Poly1305 cipher in encrypt_private_key
.encrypt_password
, considering generate a random salt
or encrypt current private_key
as salt.Merge this PR first or wait to implement the password option to decrypt private key for commands, like rooch move run
, rooch move publish
, etc.
Merge this PR first or wait to implement the password option to decrypt private key for commands, like
rooch move run
,rooch move publish
, etc.
You can merge this PR first and then I will refactor key store, yaml, etc. and test the signature verification feature with encrypted key pair.
The password option has already been added to those commands to decrypt the private key.
Some tests need to be fixed.
This command will fail:
rooch move run --function 0x3::empty::empty --sender-account 0xac00d67a15ae97af88aff69cd80befdfe430330a08a6092163de84753cb220c4 --session-key 975a3d052b5ee4bdcc7c8c8a16ae878ef427b4fe6ecb1aa9088b43645111ae20 --password false
The session key 975a3d052b5ee4bdcc7c8c8a16ae878ef427b4fe6ecb1aa9088b43645111ae20
seems not have been saved properly, and it results the error:
Sign message error: signature error: Cannot find SessionKey for address: [0xac00d67a15ae97af88aff69cd80befdfe430330a08a6092163de84753cb220c4]
The new structure of the key store:
keys:
0xac00d67a15ae97af88aff69cd80befdfe430330a08a6092163de84753cb220c4:
RoochKeyPairType:
hashed_password: $argon2id$v=19$m=19456,t=2,p=1$7vLoelDnzdybYdaHLYZXYQrqYSyOix7z5jC6Imf175A$jvcGd8dyjCrG4tAhYTqyq9J1aI54Ugvr0bUYdB9ygSo
...
I don't know the session key's design since the structure of the key store has been changed to eliminate the key pair, but is it required to save the session key as key pair in key store or in session_keys: {}
?
We can merge this PR first and discuss some refactors later:
--password false
options?We can merge this PR first and discuss some refactors later:
- Should every private key have a new password? Or the whole keystore uses one password.
- Is it possible to eliminate the
--password false
options?
account list
when different keys have different passwords.""
password string.2. Yes. We can eliminate the option and make every key encrypted with
""
password string.
I didn't mean to remove the password prompt. But it is OK. I will merge this PR first, and we discuss how to refactor it.
Summary
ChaCha20Poly1305
to encrypt the key pair.Argon2id
to encrypt password in plaintext and use input password compared with cipher password.nonce
,ciphertext
,tag
,password
from key store to compare with input password and if successful, retrieve the private key and form a key pair to sign transactions.ChaCha20Poly1305 is a standardized encryption algorithm (AEAD) widely used by network softwares:
Argon2id is a password encryption algorithm recommended by OWASP in their recent document:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html