feat: Encrypting the content of the rln credential file #1114

staheri14 · 2022-09-01T18:36:36Z

The rln credential file contains privacy-sensitive membership information of the user and should be encrypted. Currently, it is a plaintext file. This would not cause any serious issue as long as we are running on the Ethereum testnet, but when moving to the mainnet then membership credentials will have actual financial value.
Relevant part of the code https://github.com/status-im/nwaku/blob/982fb08c7735c131ecacc801f21ac56d15286567/waku/v2/protocol/waku_rln_relay/waku_rln_relay_utils.nim#L1131

NA

At a high level, the rlnCredentials.txt should only contain encrypted credentials but not plain ones. The decryption power should be given to the user to unlock the file when needed. The use of Keystore is one way to achieve so.

The text was updated successfully, but these errors were encountered:

rymnc · 2023-02-28T13:41:04Z

Addressed with the usage of waku keystore in #1466

staheri14 added the track:production label Sep 1, 2022

jm-clius added this to Vac Research and Waku Sep 1, 2022

staheri14 added the track:rln RLN Track (Secure Messaging/Applied ZK), e.g. relay and applications label Sep 1, 2022

staheri14 mentioned this issue Sep 1, 2022

RLN-Relay testnet feedbacks #1069

Closed

15 tasks

jm-clius removed this from Waku Sep 2, 2022

staheri14 moved this to Later/Icebox in Vac Research Sep 13, 2022

staheri14 mentioned this issue Oct 14, 2022

Encryption of RLN credentials #1041

Closed

staheri14 moved this from Later/Icebox to Next/Backlog in Vac Research Oct 14, 2022

rymnc moved this from Next/Backlog to Later/Icebox in Vac Research Jan 19, 2023

rymnc added track:rlnp2p and removed track:rln RLN Track (Secure Messaging/Applied ZK), e.g. relay and applications labels Jan 19, 2023

rymnc closed this as completed Feb 28, 2023

github-project-automation bot moved this from Later/Icebox to Done in Vac Research Feb 28, 2023

Provide feedback