feat: Keyring

cli/config.go

@@ -36,6 +36,7 @@ var configPaths = []string{
 	"datastore.badger.path",
 	"api.pubkeypath",
 	"api.privkeypath",
+	"keyring.path",
 }
 
 // configFlags is a mapping of config keys to cli flags to bind to.
@@ -71,6 +72,8 @@ func defaultConfig() *viper.Viper {
 	cfg.SetConfigType("yaml")
 
 	cfg.SetDefault("datastore.badger.path", "data")
+	cfg.SetDefault("keyring.path", "keys")
+
 	cfg.SetDefault("net.pubSubEnabled", true)
 	cfg.SetDefault("net.relay", false)
 	cfg.SetDefault("log.caller", false)

cli/keyring.go

@@ -0,0 +1,127 @@
+// Copyright 2024 Democratized Data Foundation
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+package cli
+
+import (
+	"crypto/rand"
+	"errors"
+	"syscall"
+
+	"github.com/99designs/keyring"
+	"github.com/libp2p/go-libp2p/core/crypto"
+	"github.com/spf13/cobra"
+	"golang.org/x/term"
+)
+
+const (
+	peerKeyName             = "peer_key"
+	badgerEncryptionKeyName = "badger_encryption_key"
+)
+
+// openKeyring attempts to open the keyring file from the given directory.
+//
+// If the directory is an empty string the best option for the current OS will be used.
+func openKeyring(cmd *cobra.Command, dir string) (keyring.Keyring, error) {
+	var allowedBackends []keyring.BackendType
+	if dir != "" {
+		// only allow file backend if a directory is specified
+		allowedBackends = append(allowedBackends, keyring.FileBackend)
+	}
+
+	prompt := keyring.PromptFunc(func(s string) (string, error) {
+		cmd.Print(s)
+		pass, err := term.ReadPassword(int(syscall.Stdin))
+		return string(pass), err
+	})
+
+	return keyring.Open(keyring.Config{
+		AllowedBackends:         allowedBackends,
+		ServiceName:             "defradb",
+		KeychainName:            "defradb",
+		KeychainPasswordFunc:    prompt,
+		FilePasswordFunc:        prompt,
+		FileDir:                 dir,
+		KeyCtlScope:             "user",
+		KeyCtlPerm:              0, // TODO
+		KWalletAppID:            "defradb",
+		KWalletFolder:           "defradb",
+		LibSecretCollectionName: "defradb",
+		PassPrefix:              "defradb",
+		WinCredPrefix:           "defradb",
+	})
+}
+
+// generateAES256 generates a new random AES-256 bit encryption key.
+func generateAES256() ([]byte, error) {
+	data := make([]byte, 32)
+	_, err := rand.Read(data)
+	return data, err
+}
+
+// loadOrGenerateAES256 attempts to load the AES-256 bit key with the given name.
+//
+// If the key does not exist a new random key is generated and stored in the keyring.
+func loadOrGenerateAES256(kr keyring.Keyring, name string) ([]byte, error) {
+	item, err := kr.Get(name)
+	if err == nil {
+		return item.Data, nil
+	}
+	if !errors.Is(err, keyring.ErrKeyNotFound) {
+		return nil, err
+	}
+	key, err := generateAES256()
+	if err != nil {
+		return nil, err
+	}
+	err = kr.Set(keyring.Item{
+		Key:  name,
+		Data: key,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return key, nil
+}
+
+// generateEd25519 generates a new random Ed25519 private key.
+func generateEd25519() (crypto.PrivKey, error) {
+	key, _, err := crypto.GenerateKeyPair(crypto.Ed25519, 0)
+	return key, err
+}
+
+// loadOrGenerateEd25519 attempts to load the Ed25519 private key with the given name.
+//
+// If the key does not exist a new random key is generated and stored in the keyring.
+func loadOrGenerateEd25519(kr keyring.Keyring, name string) (crypto.PrivKey, error) {
+	item, err := kr.Get(name)
+	if err == nil {
+		return crypto.UnmarshalPrivateKey(item.Data)
+	}
+	if !errors.Is(err, keyring.ErrKeyNotFound) {
+		return nil, err
+	}
+	key, err := generateEd25519()
+	if err != nil {
+		return nil, err
+	}
+	data, err := crypto.MarshalPrivateKey(key)
+	if err != nil {
+		return nil, err
+	}
+	err = kr.Set(keyring.Item{
+		Key:  name,
+		Data: data,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return key, nil
+}

cli/start.go

@@ -14,7 +14,6 @@ import (
 	"fmt"
 	"os"
 	"os/signal"
-	"path/filepath"
 	"syscall"
 
 	"github.com/libp2p/go-libp2p/core/peer"
@@ -84,23 +83,32 @@ func MakeStartCommand() *cobra.Command {
 			}
 
 			if cfg.GetString("datastore.store") != configStoreMemory {
-				// It would be ideal to not have the key path tied to the datastore.
-				// Running with memory store mode will always generate a random key.
-				// Adding support for an ephemeral mode and moving the key to the
-				// config would solve both of these issues.
 				rootDir := mustGetContextRootDir(cmd)
-				key, err := loadOrGeneratePrivateKey(filepath.Join(rootDir, "data", "key"))
-				if err != nil {
-					return err
-				}
-				netOpts = append(netOpts, net.WithPrivateKey(key))
-
 				// TODO-ACP: Infuture when we add support for the --no-acp flag when admin signatures are in,
 				// we can allow starting of db without acp. Currently that can only be done programmatically.
 				// https://github.com/sourcenetwork/defradb/issues/2271
 				dbOpts = append(dbOpts, db.WithACP(rootDir))
 			}
 
+			if !cfg.GetBool("keyring.disabled") {
+				keyring, err := openKeyring(cmd, cfg.GetString("keyring.path"))
+				if err != nil {
+					return err
+				}
+
+				peerKey, err := loadOrGenerateEd25519(keyring, peerKeyName)
+				if err != nil {
+					return err
+				}
+				netOpts = append(netOpts, net.WithPrivateKey(peerKey))
+
+				encryptionKey, err := loadOrGenerateAES256(keyring, badgerEncryptionKeyName)
+				if err != nil {
+					return err
+				}
+				storeOpts = append(storeOpts, node.WithEncryptionKey(encryptionKey))
+			}
+
 			opts := []node.NodeOpt{
 				node.WithPeers(peers...),
 				node.WithStoreOpts(storeOpts...),

cli/utils.go

@@ -16,7 +16,6 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/libp2p/go-libp2p/core/crypto"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 
@@ -153,46 +152,6 @@ func setContextRootDir(cmd *cobra.Command) error {
 	return nil
 }
 
-// loadOrGeneratePrivateKey loads the private key from the given path
-// or generates a new key and writes it to a file at the given path.
-func loadOrGeneratePrivateKey(path string) (crypto.PrivKey, error) {
-	key, err := loadPrivateKey(path)
-	if err == nil {
-		return key, nil
-	}
-	if os.IsNotExist(err) {
-		return generatePrivateKey(path)
-	}
-	return nil, err
-}
-
-// generatePrivateKey generates a new private key and writes it
-// to a file at the given path.
-func generatePrivateKey(path string) (crypto.PrivKey, error) {
-	key, _, err := crypto.GenerateKeyPair(crypto.Ed25519, 0)
-	if err != nil {
-		return nil, err
-	}
-	data, err := crypto.MarshalPrivateKey(key)
-	if err != nil {
-		return nil, err
-	}
-	err = os.MkdirAll(filepath.Dir(path), 0755)
-	if err != nil {
-		return nil, err
-	}
-	return key, os.WriteFile(path, data, 0644)
-}
-
-// loadPrivateKey reads the private key from the file at the given path.
-func loadPrivateKey(path string) (crypto.PrivKey, error) {
-	data, err := os.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-	return crypto.UnmarshalPrivateKey(data)
-}
-
 func writeJSON(cmd *cobra.Command, out any) error {
 	enc := json.NewEncoder(cmd.OutOrStdout())
 	enc.SetIndent("", "  ")

docs/config.md

@@ -92,3 +92,13 @@ Logger config overrides. Format `<name>,<key>=<val>,...;<name>,...`.
 ## `log.nocolor`
 
 Disable colored log output. Defaults to `false`.
+
+## `keyring.path`
+
+Path to store encrypted key files in. Defaults to `keys`.
+
+When set to an empty string the default OS key management will be used.
+
+## `keyring.disabled`
+
+Disable the keyring and generate ephemeral keys instead. Defaults to `false`.

go.mod

@@ -3,6 +3,7 @@ module github.com/sourcenetwork/defradb
 go 1.21.3
 
 require (
+	github.com/99designs/keyring v1.2.2
 	github.com/bits-and-blooms/bitset v1.13.0
 	github.com/bxcodec/faker v2.0.1+incompatible
 	github.com/cosmos/gogoproto v1.4.12
@@ -48,6 +49,7 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.25.0
 	go.uber.org/zap v1.27.0
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/term v0.19.0
 	google.golang.org/grpc v1.63.2
 	google.golang.org/protobuf v1.33.0
 )
@@ -65,7 +67,6 @@ require (
 	cosmossdk.io/x/tx v0.13.1 // indirect
 	filippo.io/edwards25519 v1.0.0 // indirect
 	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
-	github.com/99designs/keyring v1.2.1 // indirect
 	github.com/DataDog/datadog-go v3.2.0+incompatible // indirect
 	github.com/DataDog/zstd v1.5.5 // indirect
 	github.com/Jorropo/jsync v1.0.1 // indirect
@@ -295,7 +296,6 @@ require (
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/sys v0.19.0 // indirect
-	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.18.0 // indirect
 	gonum.org/v1/gonum v0.14.0 // indirect

go.sum

@@ -32,8 +32,8 @@ filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5E
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 h1:/vQbFIOMbk2FiG/kXiLl8BRyzTWDw7gX/Hz7Dd5eDMs=
 github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4/go.mod h1:hN7oaIRCjzsZ2dE+yG5k+rsdt3qcwykqK6HVGcKwsw4=
-github.com/99designs/keyring v1.2.1 h1:tYLp1ULvO7i3fI5vE21ReQuj99QFSs7lGm0xWyJo87o=
-github.com/99designs/keyring v1.2.1/go.mod h1:fc+wB5KTk9wQ9sDx0kFXB3A0MaeGHM9AwRStKOQ5vOA=
+github.com/99designs/keyring v1.2.2 h1:pZd3neh/EmUzWONb35LxQfvuY7kiSXAq3HQd97+XBn0=
+github.com/99designs/keyring v1.2.2/go.mod h1:wes/FrByc8j7lFOAGLGSNEg8f/PaI3cgTBqhFkHUrPk=
 github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M=
 github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=

node/store.go

@@ -74,5 +74,12 @@ func NewStore(opts ...StoreOpt) (datastore.RootStore, error) {
 	badgerOpts.ValueLogFileSize = options.valueLogFileSize
 	badgerOpts.EncryptionKey = options.encryptionKey
 
+	if len(options.encryptionKey) > 0 {
+		// Having a cache improves the performance.
+		// Otherwise, your reads would be very slow while encryption is enabled.
+		// https://dgraph.io/docs/badger/get-started/#encryption-mode
+		badgerOpts.IndexCacheSize = 100 << 20
+	}
+
 	return badger.NewDatastore(options.path, &badgerOpts)
 }