Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exp/services/recoverysigner: add use of unique signing keys per registered account #2343

Closed
leighmcculloch opened this issue Feb 28, 2020 · 6 comments
Closed

exp/services/recoverysigner: add use of unique signing keys per registered account #2343

leighmcculloch opened this issue Feb 28, 2020 · 6 comments

Comments

@leighmcculloch
Copy link
Member

What

Add use of unique signing keys that are randomly generated for each account at registration, storing the signing secret key in Postgres, and using AWS KMS to encrypt the signing secret key.

Why

The application uses a single signing key for all accounts that are registered. The issue with this is that anyone who knows that single signer can determine what accounts are registered with a recoversigner server. This public association may be undesirable for a user using a recoverysigner.
@leighmcculloch

This comment has been minimized.

Sign in to view
@leighmcculloch leighmcculloch mentioned this issue May 22, 2020
Closed
@leighmcculloch leighmcculloch mentioned this issue May 27, 2020
Merged
7 tasks
@leighmcculloch
Copy link
Member Author

#2627 is going to create code conflicts I'm sure for this, so it'd be good for it to be merged when this work is started.

leighmcculloch added a commit that referenced this issue May 28, 2020
@leighmcculloch
exp/services/recoverysigner: add support for configuring and using mu…
000a7c5 
…ltiple signing keys (#2627)

### What
Add support for configuring and using multiple signing keys where the
first signing key in the list is the default used for signing and the
others can be selected according to SEP-30 v0.3.0.

### Why
The reference implementation adheres to the API changes defined in
SEP-30 v0.3.0 that supported multiple signing keys per registered
account for the purpose of rotating signing keys, however the reference
implementation does not actually support multiple signing keys being
configured at one time.

### Note
Much of this code is possibly going to be rewritten for #2343 where
global keys will be supplemented with unique keys for each account that
get stored in the database.

### Known limitations
There is some code duplicity in this PR that I don't think is worth
optimizing on until unique keys are implemented as trying to abstract
commonalities may make @howardtw's job harder if the abstraction
doesn't quite align with the logic he inserts. I think we should revisit any
duplicate code once the unique key logic is added.
@leighmcculloch leighmcculloch mentioned this issue May 29, 2020
Closed
@howardtw howardtw mentioned this issue Jun 8, 2020
Closed
7 tasks
@howardtw
Copy link
Contributor

I believe this one is specifically about updating the endpoints to be using the encrypter and decrypter?

@howardtw howardtw assigned leighmcculloch and unassigned howardtw Jun 26, 2020
@leighmcculloch
Copy link
Member Author

This is the parent issue for the entire unique signing keys work.

@shanzzam shanzzam added vibrant and removed vibrant labels Oct 6, 2020
@leighmcculloch leighmcculloch removed their assignment Oct 27, 2020
@leighmcculloch
Copy link
Member Author

@shanzzam We need to discuss the priorities around this change.

@mollykarcher
Copy link
Contributor

Closing all recoverysigner issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

exp/services/recoverysigner: use unique signing keys per registered account stellar/go
5 participants
@leighmcculloch @mollykarcher @accordeiro @shanzzam @howardtw