crypto and key-management api for DeepKey: Keystore & PassphraseManager #1104

zippy · 2019-03-09T12:29:30Z

This PR

creates a Keystore implementation in dpki crate which has the functions necessary for crypto to be usable both by DPKI and other apps that want to do secure crypto functions. The work is based on this spec:
https://hackmd.io/tVy22HhJQPuHO28gtD_UTQ?both
and this diagram:
https://realtimeboard.com/app/board/o9J_kycnaks=/
creats a PassphraseManager service/trait for getting passphrases from somewhere (either testing environments, or UIs)
Makes Keystores persistable (with encryption using the passphrase)

What it does not do, and needs to be done in future prs is:

Actually implement a UI passphrase service
Wrap the keystore functions in hdk functions available to running in zomes.
Follow the designed bootup sequence, using an instance of DeepKey to actually generate agent keys instead of using our current hc keygen solution

I have added a summary of my changes to the changelog

…text

dpki/src/seed.rs

dpki/src/key_blob.rs

dpki/src/key_bundle.rs

dpki/src/keypair.rs

dpki/src/seed.rs

dpki/src/keystore.rs

conductor_api/src/keystore.rs

neonphog · 2019-03-20T22:02:31Z

conductor_api/src/keystore.rs

+            }
+        };
+        self.cache
+            .insert(id_str.clone(), Arc::new(Mutex::new(secret)));


I'm uncertain about having a cache here. Part of the point of the passphrase manager is to give users control over "locking" their authorizor capabilities after an expiration timer, but if they authorize something and their authorizor key gets cached here, then we have to coordinate expiring the cache when the passphrase expires?

Hm, I get that.

But we do need to hold some secrets unencrypted indefinitely: agent keys in particular.

I would say we might need to add more complexity around this cache so that agent keys stay in, even after the PassphraseManager locks itself up. But everything else gets cleared from the cache at some point, as a default that applies in particular to seeds.. Maybe dependent on the secret type? Or everything gets cleared except for PRIMARY_KEYBUNDLE_ID? What do you think?

I guess I was imagining anything that needed persistence like for the app keys handling it on that end... i.e. keeping a copy of the secret after requesting it. But definitely something we can iterate on to see what works.

conductor_api/src/keystore.rs

neonphog

Nice 👍 This is starting to come together! Couple questions / change requests above.

…conductor-1

neonphog

Wooo, crypto incoming! lgtm

zo-el

👍

renaming device->indexed seeds for generalization and created SeedCon…

64ed4b9

…text

zippy added the review label Mar 9, 2019

zippy and others added 15 commits March 9, 2019 18:45

wip adding KeyStore implementation

d812b76

wip added crypo.rs for conductor

8302845

added sign function

ba84993

fixed breaking test

422a03c

moved keystore into dpki crate

9fbb6ce

rename hc_dpki crate dir to just dpki

a6fd424

Merge branch 'develop' into crypto-conductor-1

2413d7b

added keystore.verify function

2907bc9

Small fix in keystore

af2e66f

added verify trait for provenance

ffcb386

wip: merge develop into crypto-conductor-1

4145827

refactored verify into trait and implemented on provenance

5fba5cb

rename add_dervied_seed to add_seed_from_seed

f214328

implemented sign_one_time

b56054b

fixes for CI test passing

ff4e2ad

zippy requested review from lucksus, zo-el and neonphog and removed request for lucksus March 12, 2019 21:25

zippy changed the title ~~WIP: crypto and key-management api for DeepKey~~ crypto and key-management api for DeepKey Mar 12, 2019