Support reading Secp256k1KeyIdentity from pem

Question

Support reading Secp256k1KeyIdentity from pem

ncpenke opened this issue 2 years ago · comments

Is your feature request related to a problem? Please describe.
Currently, it's not possible to read a Secp256k1KeyIdentity in agent-js via pem. This is possible in agent-rs.

Describe the solution you'd like
Support reading pem format in Secp256k1KeyIdentity.

Describe alternatives you've considered
Custom parsing solutions, and using to/fromJSON, which seems incompatible with agent-rs.

Additional context
This work came out of dscvr.one, where we're migrating some existing javascript to rust. A key issue was sharing keys in a format that worked for both agent-js and agent-rs. We've implemented a solution using the https://github.com/starkbank/ecdsa-node package, which supports reading from a key pair generated by openssl. This format is also compatible with agent-rs. If this is within the scope of this package, I can submit a patch.

Kai Peacock · Answer 1 · Wed Sep 07 2022 03:27:08 GMT+0800 (China Standard Time)

I've debated it for a while - I'm hesitant to support fromPem and fromSeed, out of the concern that it might encourage risky patterns of UX flows where users copy around high-sensitivity secrets and increase the risk of clipboard and phishing attacks.

The benefits of supporting Node.js application developers probably outweigh those concerns though, and I think that you can go ahead with that PR, @ncpenke

Chandra Penke · Answer 2 · Mon Sep 12 2022 07:37:03 GMT+0800 (China Standard Time)

Thanks @krpeacock. I ran into an issue: the ecdsa-node package we used is pure javascript, and doesn't yet have typescript bindings.

Three approaches come to mind:

Add a minimal set of typescript bindings to ecdsa-node. But I didn't see any other @types used as dependancies, so wasn't sure if this was something you were intentionally avoiding.
Add DER decode logic for private keys and the necessary PEM parsing code.
Abandon this issue in this package, and add support to import JSON keys to agent-rs.

Our primary use-case in dscvr, which could be useful to the broader community is interoperability between agent-rs and agent-js, so 3 would be sufficient to achieve this as well. Please let me know what you think would be the best. Thank you!

Kai Peacock · Answer 3 · Tue Oct 11 2022 05:27:45 GMT+0800 (China Standard Time)

We aren't deliberately avoiding @types - we just try to keep our dependencies minimal, and most of the packages we've gone with had typescript support.

I think the bigger issue would be new node-specific dependencies.

@ncpenke an easier workflow would probably be to add seed phrase import support to Secp256k1KeyIdentity, and to ensure it matches dfx identity import --seed-file. What do you think?

Chandra Penke · Answer 4 · Wed Oct 12 2022 03:26:02 GMT+0800 (China Standard Time)

@krpeacock That sounds great! Only use-case this doesn't handle is if there are key pairs generated by agent-js that are stored in JSON form, that would be useful to use via agent-rs. Do you think it would make sense to support JSON key/pairs in agent-rs?

Kai Peacock · Answer 5 · Thu Oct 13 2022 00:09:02 GMT+0800 (China Standard Time)

I think that sounds reasonable