Softsign cannot import keys #290
Comments
|
This is how I tried to "import" the key: |
|
As you noted this is a dupe of #135, however #135 was closed by its original reporter without ever receiving a proper fix so the issue got lost in the shuffle. Thanks for reopening it.
It's not recommended for production usage (we could perhaps have some clearer documentation and messaging around that) and therefore receives less attention and automated testing than the HSM backends, but it is not "EOL" and will continue to be supported as a signing method at least for the immediate future. |
|
There are different use cases for soft sign. E.g.: first step of transition to HSM, testnets or a disaster recovery option. We are trying to use this feature for some security checks (non-production) and we need to import a test key (without forking and modifying the kms source code). |
|
Can @tarcieri kindly help community on how to solve this issue please. |
|
@valuead I plan on working on it in the next few days |
|
Hi Folks, is there a branch with these changes someplace? |
|
@AFDudley unfortunately I haven't gotten to it yet, but plan on it this week |
|
Biggest dilemma is to export private key. We solve that issue from the
point I wrote initial request for assistance.
…On Sun, Jul 21, 2019 at 1:49 PM Tony Arcieri ***@***.***> wrote:
@AFDudley <https://github.com/AFDudley> unfortunately I haven't gotten to
it yet, but plan on it this week
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#290>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACGHNVU2KJ6CNCNDB57DX63QATDV5ANCNFSM4H6UIHFA>
.
|
This fixes the inconsistencies between Base64 and binary/"raw" private keys, and adds key conversion which can take a `priv_validator.json` file or a "raw" (i.e. binary) private key and convert it to the Base64 format used by the `softsign` backend. This should be sufficient to resolve the problems in #290, although I also plan on making the private key format a configuration option.
…subcommand softsign: Fix private key decoding + import command (closes #290)
|
Fixed in #304, which provides a wide range of options for key format support, both for the softsign provider itself, and as a CLI subcommand ( |
|
Thank you!!!
…On Wed, Jul 24, 2019 at 11:23 PM Tony Arcieri ***@***.***> wrote:
Fixed in #304 <#304>, which
provides a wide range of options for key format support, both for the
softsign provider itself, and as a CLI subcommand (tmkms softsign import)
for converting key formats.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#290>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACGHNVUIAMLIGKKEMTY5FJDQBFBFTANCNFSM4H6UIHFA>
.
|
It is not possible to test tmkms using softsign based on an existing priv_validator.json.
I don't know how this line got there, but it should be rather SecretKeyEncoding::default() instead of IDENTITY:
https://github.com/tendermint/kms/blob/20172d91e270a39907d2e96fde1b94bf9958c961/src/keyring/ed25519/softsign.rs#L21
It seems that #135 already stated this issue. Is softsign eol?
The text was updated successfully, but these errors were encountered: