Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Keep wallet key in Hardware Security Module or Key Management Service... #3381

Open
mgajda opened this issue Jul 9, 2022 · 2 comments
Open
Labels
ADDING FEATURE Mark a PR as adding a new feature, for auto-generated CHANGELOG Deposit IMPROVEMENT Mark a PR as an improvement, for auto-generated CHANGELOG

Comments

@mgajda
Copy link

mgajda commented Jul 9, 2022

The problem that you wish to solve

Wallet private key should be impossible to steal even if attacker manages to hack the cardano-wallet.

The best way to assure that would be to hold private key in Hardware Security Module, like the ones provided by Thales, Yubi.

Note that these are specifically designed for use on the server, and indeed available on Azure and IBM clouds.

(I omit AWS solution, since it does not seem to support EdDSA Ed25519 yet. Google allows co-location of custom HSMs only, standard HSM does not support Ed25519. However, next NIST signing standard is expected to include EdDSA and Ed25519, so I expect it will become supported in few years.)
Future version of TPM may also support this feature.

Description

To support signing by Hardware Security Module, we need the abstract private key API that allows to offload signing and encryption to the HSM device.

Implementation suggestions

Abstract API that allows us to:

  • generate key within HSM or import it to HSM without leaving it in memory, nor on disk,
  • signing with a HSM key id, by passing payload string, and receiving signed payload.

Later this API can be implemented to support all HSM and KMS solutions that support Ed25519 yet, or will support future FIPS signing standard. Possibly will include TPM 3.0, AWS/Google/Azure KMS solutions, and USB keys with signing capability.

@mgajda mgajda added ADDING FEATURE Mark a PR as adding a new feature, for auto-generated CHANGELOG IMPROVEMENT Mark a PR as an improvement, for auto-generated CHANGELOG labels Jul 9, 2022
@mgajda
Copy link
Author

mgajda commented Jul 9, 2022

@maerwald @migamake

@mgajda mgajda changed the title Keep wallet key in Hardware Security Module... Keep wallet key in Hardware Security Module or cloud Key Management System... Jul 9, 2022
@mgajda mgajda changed the title Keep wallet key in Hardware Security Module or cloud Key Management System... Keep wallet key in Hardware Security Module or Key Management System... Jul 9, 2022
@mgajda mgajda changed the title Keep wallet key in Hardware Security Module or Key Management System... Keep wallet key in Hardware Security Module or Key Management Service... Jul 9, 2022
@mgajda
Copy link
Author

mgajda commented Jul 9, 2022

@jonathanknowles This feature would increase security of the wallet private key, by making it very hard to steal it. (For stealing, one would have to also breach HSM.)
The attacker who hypothetically breaks the wallet could sign a transaction, but it would have to be real time attack.

Could this feature be supported in the next version?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ADDING FEATURE Mark a PR as adding a new feature, for auto-generated CHANGELOG Deposit IMPROVEMENT Mark a PR as an improvement, for auto-generated CHANGELOG
Projects
None yet
Development

No branches or pull requests

2 participants