Softsign cannot import keys

Question

Softsign cannot import keys

1ultimat3 opened this issue 5 years ago · comments

It is not possible to test tmkms using softsign based on an existing priv_validator.json.

I don't know how this line got there, but it should be rather SecretKeyEncoding::default() instead of IDENTITY:
https://github.com/tendermint/kms/blob/20172d91e270a39907d2e96fde1b94bf9958c961/src/keyring/ed25519/softsign.rs#L21

It seems that #135 already stated this issue. Is softsign eol?

mate · Answer 1 · Sun Jul 07 2019 05:12:08 GMT+0800 (China Standard Time)

This is how I tried to "import" the key:
https://gist.github.com/mateuszk87/628283e1581d8e247807e819c2913cab

Tony Arcieri · Answer 2 · Sun Jul 07 2019 08:24:33 GMT+0800 (China Standard Time)

As you noted this is a dupe of #135, however #135 was closed by its original reporter without ever receiving a proper fix so the issue got lost in the shuffle. Thanks for reopening it.

Is softsign eol?

It's not recommended for production usage (we could perhaps have some clearer documentation and messaging around that) and therefore receives less attention and automated testing than the HSM backends, but it is not "EOL" and will continue to be supported as a signing method at least for the immediate future.

mate · Answer 3 · Sun Jul 07 2019 14:24:53 GMT+0800 (China Standard Time)

There are different use cases for soft sign. E.g.: first step of transition to HSM, testnets or a disaster recovery option. We are trying to use this feature for some security checks (non-production) and we need to import a test key (without forking and modifying the kms source code).

ValueAd · Answer 4 · Wed Jul 10 2019 09:28:29 GMT+0800 (China Standard Time)

Can @tarcieri kindly help community on how to solve this issue please.

Tony Arcieri · Answer 5 · Wed Jul 10 2019 09:44:11 GMT+0800 (China Standard Time)

@valuead I plan on working on it in the next few days

A. F. Dudley · Answer 6 · Mon Jul 22 2019 03:09:24 GMT+0800 (China Standard Time)

Hi Folks, is there a branch with these changes someplace?

Tony Arcieri · Answer 7 · Mon Jul 22 2019 04:49:32 GMT+0800 (China Standard Time)

@AFDudley unfortunately I haven't gotten to it yet, but plan on it this week

ValueAd · Answer 8 · Mon Jul 22 2019 05:29:52 GMT+0800 (China Standard Time)

Biggest dilemma is to export private key. We solve that issue from the point I wrote initial request for assistance.

…

On Sun, Jul 21, 2019 at 1:49 PM Tony Arcieri ***@***.***> wrote: @AFDudley <https://github.com/AFDudley> unfortunately I haven't gotten to it yet, but plan on it this week — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#290>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACGHNVU2KJ6CNCNDB57DX63QATDV5ANCNFSM4H6UIHFA> .

Tony Arcieri · Answer 9 · Thu Jul 25 2019 14:23:19 GMT+0800 (China Standard Time)

Fixed in #304, which provides a wide range of options for key format support, both for the softsign provider itself, and as a CLI subcommand (tmkms softsign import) for converting key formats.

ValueAd · Answer 10 · Thu Jul 25 2019 14:24:17 GMT+0800 (China Standard Time)

Thank you!!!

…

On Wed, Jul 24, 2019 at 11:23 PM Tony Arcieri ***@***.***> wrote: Fixed in #304 <#304>, which provides a wide range of options for key format support, both for the softsign provider itself, and as a CLI subcommand (tmkms softsign import) for converting key formats. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#290>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACGHNVUIAMLIGKKEMTY5FJDQBFBFTANCNFSM4H6UIHFA> .