feat(pubkey): Pubkey module #342
Conversation
hacheigriega
force-pushed
the
feat/pkr
branch
from
bafa188 to
e3f9d5e
Compare
|
I guess it's not entirely clear for me how this module interfaces with modules that need access to the private keys, or how the dependencies are managed. Maybe it helps to illustrate the following scenarios:
It would be nice if we could leave all the details of how the keys are managed/stored/etc in the PKR module. I don't think it's possible to express this purely in terms of method/function calls and we'll have to keep a manual file somewhere that links a consumer module identifier to the kind of key it needs.
Pretty sure I'm simplifying things too much, but I feel like this should be possible. |
|
hacheigriega
force-pushed
the
feat/pkr
branch
from
572492a to
e2be9f2
Compare
|
I will remove unused code like VRF key or CLI endpoint for creating validator with VRF in a separate PR tomorrow |
Lets discuss this tomorrow, maybe we can do some pseudocode to see pros and cons to both approaches. |
|
The key interface and the linting error are addressed in PR #365. |
| func LoadOrGenVRFKey(config *cfg.Config, loadPath string) (vrfPubKey sdkcrypto.PubKey, err error) { | ||
| var vrfKey *VRFKey | ||
| if loadPath != "" { | ||
| vrfKey, err = LoadVRFKey(loadPath) |
There was a problem hiding this comment.
Is this standard for cosmos? I'd say it's a risk to store a private key as plain text in a file. So we should additionally have the option to do it as an ENV var.
There was a problem hiding this comment.
created an issue based on what we discussed: #368
|
|
||
| // saveSEDAKeys saves a given list of IndexedPrivKey in the directory | ||
| // at dirPath. | ||
| func saveSEDAKeys(keys []IndexedPrivKey, dirPath string) error { |
There was a problem hiding this comment.
These are private keys right? This is fine for devnet. Cosmos offers the file backend for a similar case, but they do specify you should NOT use file storage for an official deployment.
This security stuff could also done in another pr. Also maybe we could leverage the existing system cosmos has to use a different storage backed.
There was a problem hiding this comment.
created an issue #368
| type CLITestSuite struct { | ||
| suite.Suite | ||
|
|
||
| kr keyring.Keyring |
There was a problem hiding this comment.
Oh, I do see this here, can we just use the keyring to store these private keys? In a dev environment that works cause they allow you to use the file backend.
There was a problem hiding this comment.
Keyring is unsuitable for this purpose because we need repeated access to the key without the key owner's approval every time.
refactor: added integration tests add query command feat: pkr module implementation with add-key tx and query endpoints feat: pkr module implemented with tests fix: fix e2e tests and proto query api
chore: CHANGELOG update
chore: proto lint and error msg typo fix chore: fix test name
chore: add missing proto files and lint test: improve add key msg validation and unit tests fix: use comet private key type to save to file style: lint refactor: replace some user defined errors with sdk ones
chore: regenerate proto and lint proto chore: lint
Explanation of Changes
This PR adds a new module
x/pubkey, which will serve as the public key registry for various signing keys used in the SEDA Protocol. The module store follows the following scheme:There is no application logic that prevents a validator operator from adding any public keys at any index. However, they should use the official, up-to-date CLI to generate the correct set of SEDA keys and send a transaction that would register their public keys at correct indices. In the initial implementation, the CLI generates a single secp256k1 key, whose public key is to be registered at index 0. The SEDA key file is saved in the same directory as the validator key file. By default, the location is
$CHAIN_DIR/config/seda_keys.json.To generate and register the SEDA keys:
To use an existing SEDA key file:
To query a given validator's SEDA public keys: