Skip to content
This repository has been archived by the owner on Jun 3, 2020. It is now read-only.

Commit

Permalink
Encode node (and softsign) private keys as Base64
Browse files Browse the repository at this point in the history
The `subtle-encoding` crate supports constant time Base64 decoding, and
it's a bit more human-friendly than raw binary (and matches what e.g.
`priv_validator.json` does)
tony-iqlusion committed Nov 28, 2018
1 parent 429ee27 commit 4d39fbc
Showing 4 changed files with 8 additions and 8 deletions.
6 changes: 3 additions & 3 deletions src/client.rs
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ use tendermint::{chain, public_keys::SecretConnectionKey};

use config::{ValidatorAddr, ValidatorConfig};
use error::{KmsError, KmsErrorKind};
use keyring::SECRET_KEY_ENCODING;
use keyring::SecretKeyEncoding;
use session::Session;

/// How long to wait after a crash before respawning (in seconds)
@@ -134,7 +134,7 @@ fn unix_session(chain_id: chain::Id, socket_path: &Path) -> Result<(), KmsError>
fn load_secret_connection_key(path: &Path) -> Result<ed25519::Seed, KmsError> {
if path.exists() {
Ok(
ed25519::Seed::decode_from_file(path, SECRET_KEY_ENCODING).map_err(|e| {
ed25519::Seed::decode_from_file(path, &SecretKeyEncoding::default()).map_err(|e| {
err!(
KmsErrorKind::ConfigError,
"error loading SecretConnection key from {}: {}",
@@ -145,7 +145,7 @@ fn load_secret_connection_key(path: &Path) -> Result<ed25519::Seed, KmsError> {
)
} else {
let seed = ed25519::Seed::generate();
seed.encode_to_file(path, SECRET_KEY_ENCODING)?;
seed.encode_to_file(path, &SecretKeyEncoding::default())?;
Ok(seed)
}
}
4 changes: 2 additions & 2 deletions src/commands/keygen.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use abscissa::Callable;
use keyring::SECRET_KEY_ENCODING;
use keyring::SecretKeyEncoding;
use signatory::{ed25519, Encode};
use std::{env, process};

@@ -21,7 +21,7 @@ impl Callable for KeygenCommand {
let output_path = &self.output_paths[0];

let seed = ed25519::Seed::generate();
seed.encode_to_file(output_path, SECRET_KEY_ENCODING)
seed.encode_to_file(output_path, &SecretKeyEncoding::default())
.unwrap_or_else(|e| {
status_err!("couldn't write to {}: {}", output_path, e);
process::exit(1);
4 changes: 2 additions & 2 deletions src/keyring/mod.rs
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@ mod ed25519;

use signatory::ed25519::{PublicKey, Signature};
use std::{collections::BTreeMap, sync::RwLock};
use subtle_encoding::{Identity, IDENTITY};
use subtle_encoding;
use tendermint::public_keys::ConsensusKey;

use config::provider::ProviderConfig;
@@ -15,7 +15,7 @@ use self::ed25519::yubihsm;
use self::ed25519::{softsign, Signer};

/// File encoding for software-backed secret keys
pub const SECRET_KEY_ENCODING: &Identity = IDENTITY;
pub type SecretKeyEncoding = subtle_encoding::Base64;

lazy_static! {
static ref GLOBAL_KEYRING: RwLock<KeyRing> = RwLock::new(KeyRing(BTreeMap::default()));
2 changes: 1 addition & 1 deletion tests/support/secret_connection.key
Original file line number Diff line number Diff line change
@@ -1 +1 @@
TEST KEY ONLY: DO **NOT** USE!!2
VEVTVCBLRVkgT05MWTogRE8gKipOT1QqKiBVU0UhISE=

0 comments on commit 4d39fbc

Please sign in to comment.