Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support signing via a third party signer #48

Open
manthanhd opened this issue Mar 4, 2024 · 2 comments · May be fixed by #53
Open

Support signing via a third party signer #48

manthanhd opened this issue Mar 4, 2024 · 2 comments · May be fixed by #53

Comments

@manthanhd
Copy link

manthanhd commented Mar 4, 2024
edited

Validator keys tool currently supports generating of the validator token using a private key that lives on the disk. For security, we're storing keys over HSM and MPC, that is exposed via an API. The API accepts payload to sign and eventually returns a signature.

The private key is never exposed outside of the system so it is not possible to import the private key on the disk for signing purposes. The signing process has to happen remotely, via an API call.

There are different ways of implementing this but one that comes to mind is:

  1. The validator keys tool supports some CLI option that produces the payload / digest to sign
  2. We take this payload / digest and make the API call to sign via a curl command
  3. Once we have the signature, we pass that into the validator tool, into something that finalizes it into the validator token

Thoughts?
@sappenin
Copy link

sappenin commented Mar 11, 2024
edited

@manthanhd This sounds like a reasonable addition to the tool. As a next step, let's further define what the changes would be here?

To clarify, I think #1 would need to be added to the tool; #2 would be a manual step that you will make (i.e., the tool will not make API calls) and #3 would need to be added to the tool.

Does that sound about right?

@manthanhd
Copy link
Author

Hey @sappenin, yes this is correct. I can help validate this flow by implementing #2 on our side.

ximinez added a commit to ximinez/validator-keys-tool that referenced this issue Mar 19, 2024
@ximinez
Add support for external signing
572bd9a 
* Include unit tests for external signing support functions
* Because this is a significant change, and this project is not updated
  often, increment the version number
* Resolves ripple#48
ximinez added a commit to ximinez/validator-keys-tool that referenced this issue Apr 8, 2024
@ximinez
Add support for external signing
3c5f60d 
* Include unit tests for external signing support functions
* Because this is a significant change, and this project is not updated
  often, increment the version number
* Resolves ripple#48
ximinez added a commit to ximinez/validator-keys-tool that referenced this issue Apr 8, 2024
@ximinez
Add support for external signing
bbc7700 
* Also add a "sign_hex" command to sign non-printable data.
* Include unit tests for external signing support functions.
* Because this is a significant change, and this project is not updated
  often, increment the version number.
* Resolves ripple#48
@ximinez ximinez linked a pull request Apr 9, 2024 that will close this issue
Open
ximinez added a commit to ximinez/validator-keys-tool that referenced this issue Apr 9, 2024
@ximinez
Add support for external signing
8291db3 
* Also add a "sign_hex" command to sign non-printable data.
* Include unit tests for external signing support functions.
* Because this is a significant change, and this project is not updated
  often, increment the version number.
* Resolves ripple#48
@sappenin sappenin mentioned this issue May 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for external signing ximinez/validator-keys-tool
2 participants
@sappenin @manthanhd