-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Keychain and 'self' key #1138
Comments
Here'a quick ipfs search and libp2p search for |
Older repos are automatically upgraded to a keychain when the '--pass' is present. Helps #1138
@richardschneider anything I can do to empower you to finish this work? |
Older repos are automatically upgraded to a keychain when the '--pass' is present. Helps #1138
@diasdavid RE: removing PrivKey from .config This will introduce a major breaking change. The --pass option will be required, otherwise the peer's private key cannot be fetched from the keychain. |
@richardschneider doesn't have to need a breaking change. The node can check if there is a key on the config and move it to the keychain on first run.
Why? That should be just if we want to store the private key encrypted. |
This is what is does now!
This is all about SECURITY. Keys should never be in plain text. NIST SP 800-132 requires a minimum of 20 chars for a passphrase to a key. Basically, I want to mandate that the user knows the passphrase. Otherwise, the private key is not private (as is the current case with it being stored in This is the same approach that @ianopolous took in peergos. |
@richardschneider I believe we are having a communication issue. First, my suggestion for a migration of the key from the config.json to keychain was based on your comment above. If that is already implemented, great. Let's try to communicate all the features and notes in advance so that there are no misunderstandings. Second, yes I do understand the security concerns of storing a key in plaintext. However, the ipfs daemon has historically enabled users to do so and changing that behaviour would be breaking the interface. We need to enable both storage of plaintext + encrypted and then provide security recommendations for our users. If we decide as a project to stop supporting plaintext keys, then we will make sure that users have a good transition process. So here is the path to move forward:
|
@fiatjaf commented
The keychain was designed to protect private keys by encrypting them with a pass phrase, hence the password-PBKDF2 stuff. As @diasdavid points out, perhaps we should use "" as the pass phrase when not specified by the user. |
js-ipfs is being deprecated in favor of Helia. You can #4336 and read the migration guide. Please feel to reopen with any comments before 2023-06-05. We will do a final pass on reopened issues afterward (see #4336). |
The
self
key is the local peer's identity, commonly referred to asPrivKey
. This key is currently stored in.config
and is naked. It should be placed onto the keychain, see ipfs/kubo#4240 (comment).ipfs init
requires --pass to create the keychainipfs init
should store peer identity asself
in the keychainPrivKey
in .config into the keychainipfs init
should not storePrivKey
in .configPrivKey
should errorThe text was updated successfully, but these errors were encountered: