From 4d39fbc13d83e4ea9fb7847054211082d05bb35d Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 27 Nov 2018 20:00:54 -0800 Subject: [PATCH] Encode node (and softsign) private keys as Base64 The `subtle-encoding` crate supports constant time Base64 decoding, and it's a bit more human-friendly than raw binary (and matches what e.g. `priv_validator.json` does) --- src/client.rs | 6 +++--- src/commands/keygen.rs | 4 ++-- src/keyring/mod.rs | 4 ++-- tests/support/secret_connection.key | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/client.rs b/src/client.rs index 915a6f8..004723b 100644 --- a/src/client.rs +++ b/src/client.rs @@ -17,7 +17,7 @@ use tendermint::{chain, public_keys::SecretConnectionKey}; use config::{ValidatorAddr, ValidatorConfig}; use error::{KmsError, KmsErrorKind}; -use keyring::SECRET_KEY_ENCODING; +use keyring::SecretKeyEncoding; use session::Session; /// How long to wait after a crash before respawning (in seconds) @@ -134,7 +134,7 @@ fn unix_session(chain_id: chain::Id, socket_path: &Path) -> Result<(), KmsError> fn load_secret_connection_key(path: &Path) -> Result { if path.exists() { Ok( - ed25519::Seed::decode_from_file(path, SECRET_KEY_ENCODING).map_err(|e| { + ed25519::Seed::decode_from_file(path, &SecretKeyEncoding::default()).map_err(|e| { err!( KmsErrorKind::ConfigError, "error loading SecretConnection key from {}: {}", @@ -145,7 +145,7 @@ fn load_secret_connection_key(path: &Path) -> Result { ) } else { let seed = ed25519::Seed::generate(); - seed.encode_to_file(path, SECRET_KEY_ENCODING)?; + seed.encode_to_file(path, &SecretKeyEncoding::default())?; Ok(seed) } } diff --git a/src/commands/keygen.rs b/src/commands/keygen.rs index d3b17d4..6c3d9d3 100644 --- a/src/commands/keygen.rs +++ b/src/commands/keygen.rs @@ -1,5 +1,5 @@ use abscissa::Callable; -use keyring::SECRET_KEY_ENCODING; +use keyring::SecretKeyEncoding; use signatory::{ed25519, Encode}; use std::{env, process}; @@ -21,7 +21,7 @@ impl Callable for KeygenCommand { let output_path = &self.output_paths[0]; let seed = ed25519::Seed::generate(); - seed.encode_to_file(output_path, SECRET_KEY_ENCODING) + seed.encode_to_file(output_path, &SecretKeyEncoding::default()) .unwrap_or_else(|e| { status_err!("couldn't write to {}: {}", output_path, e); process::exit(1); diff --git a/src/keyring/mod.rs b/src/keyring/mod.rs index cd6b2ee..9245c39 100644 --- a/src/keyring/mod.rs +++ b/src/keyring/mod.rs @@ -4,7 +4,7 @@ mod ed25519; use signatory::ed25519::{PublicKey, Signature}; use std::{collections::BTreeMap, sync::RwLock}; -use subtle_encoding::{Identity, IDENTITY}; +use subtle_encoding; use tendermint::public_keys::ConsensusKey; use config::provider::ProviderConfig; @@ -15,7 +15,7 @@ use self::ed25519::yubihsm; use self::ed25519::{softsign, Signer}; /// File encoding for software-backed secret keys -pub const SECRET_KEY_ENCODING: &Identity = IDENTITY; +pub type SecretKeyEncoding = subtle_encoding::Base64; lazy_static! { static ref GLOBAL_KEYRING: RwLock = RwLock::new(KeyRing(BTreeMap::default())); diff --git a/tests/support/secret_connection.key b/tests/support/secret_connection.key index b1deb3c..bc00c14 100644 --- a/tests/support/secret_connection.key +++ b/tests/support/secret_connection.key @@ -1 +1 @@ -TEST KEY ONLY: DO **NOT** USE!!2 \ No newline at end of file +VEVTVCBLRVkgT05MWTogRE8gKipOT1QqKiBVU0UhISE= \ No newline at end of file