Creation of new keyserver for transaction signing

[boojamya]

Current sign flow:

• Sign call in lens for all transactions
• Calls the SDK txFactory.Sign method
• Leading to the current Keybase implementation

Desired direction:

• Replace the Cosmos keyring with a gRPC/protobuf interface such that all keyring backends are gRPC client/server interactions. This allows for a much more extensible key signing interface and will allow us to integrate crypto libraries from other languages and architectures much more easily.
• Keyring server should support client implementations via plugins that are installed in the ~/.lens directory, or some other method of management. Need to ensure easy configuration for client developers as we build this integration.
• Plugin implementation for file backend allowing for full CRUD w/ unencrypted on disk keys
• Plugin implementation for HSM keys (TBD which keys)
• Plugin implementation for Cosmos groups multisig
• Keyring interface should be designed so that the Sign API doesn't depend on having the key bytes available on the client side. This is a better fit with ledgers and HSMs. We can create a seperate interface that includes the CRUD commands for adding and generating new keys that has NoOps for backends that don't support these operations.

[frumioj]

1. Signing

lens/client/tx.go -> cosmos-sdk/client/tx/tx.go

https://github.com/cosmos/cosmos-sdk/blob/450cd7fc8708ccb0fa21f05e251d9804a2063b79/client/tx/tx.go#L308

-> cosmos-sdk/crypto/keyring

https://github.com/cosmos/cosmos-sdk/blob/450cd7fc8708ccb0fa21f05e251d9804a2063b79/crypto/keyring/keyring.go#L328

2. Adding a key

lens/cmd/keys.go -> lens/client/keys.go -> cosmos-sdk/crypto/keyring

https://github.com/cosmos/cosmos-sdk/blob/450cd7fc8708ccb0fa21f05e251d9804a2063b79/crypto/keyring/keyring.go#L558

Looks to me like keystone client should replace the code that is in cosmos-sdk/crypto/keyring, adding any necessary functions not in keystone already (related to bc-specific addresses).

Note: AFAICT, there appear to be explicit dependencies in lens and cosmos for "local" (file-based) keys, despite the possibility of non-file backends being otherwise in use - am I misunderstanding these things?

For example, what does NewLocalRecord/writeLocalKey do if there is not a file-based keyring in use?:

https://github.com/cosmos/cosmos-sdk/blob/450cd7fc8708ccb0fa21f05e251d9804a2063b79/crypto/keyring/keyring.go#L759

And why is there a local directory assumed in the lens/client/chain_client.go?

ccc.KeyDirectory = keysDir(homepath, ccc.ChainID)

lens/client/chain_client.go

Line 48 in ce29236

ccc.KeyDirectory = keysDir(homepath, ccc.ChainID)

Neither of these assumptions should be made for a keystone key, since the private key bytes are not going to be in a file accessible in this way to the client code.

[frumioj]

Under heavy development (this week, lol)...

https://github.com/cosmos/keystone