Cosmos-sdk: Clients’ keys are world-readable

Created on 22 Feb 2019  Â·  10Comments  Â·  Source: cosmos/cosmos-sdk

Client keys are stored on the filesystem via LevelDB for multiple operations. These include use by validators, client wallets, and other functions. The keys themselves are stored within the .gaiacli​ directory of the user’s home directory by default.

However, the permissions on this directory and subdirectories is ​0755​ (RWX for user and RX for group/world), with file permissions of ​0644​ (RW for user and R for group/world).

While the contents of the LevelDB files are in plain text, they are protected via Bcrypt.

Proposal

Short Term (prior to or at launch):

At the very least, the file and directory permissions should be updated to 0700 (RWX for user only).

Long Term: (post launch):

Use an audited key/secret local vault.

/cc @cwgoes @zmanian

For Admin Use

  • [ ] Not duplicate issue
  • [ ] Appropriate labels applied
  • [ ] Appropriate contributors tagged
  • [ ] Contributor assigned/self-assigned
keys proposal
Source
picture alexanderbez
👍1

All 10 comments

I'm a fan of https://github.com/99designs/keyring for key storage.

zmanian picture zmanian on 22 Feb 2019

I'm a fan of https://github.com/99designs/keyring for key storage.

That looks compelling. Do you know if it's been subjected to third-party review (or has some major users)?

cwgoes picture cwgoes on 22 Feb 2019

I'm a fan of https://github.com/99designs/keyring for key storage.

Would we use the Filesystem backend? I doubt we want to leverage a local client/server model here, right?

alexanderbez picture alexanderbez on 24 Feb 2019

I'd suggest using the OSX keyring and Windows credential store and then falling back to encrypted file if neither are available

zmanian picture zmanian on 24 Feb 2019
👍1

Started playing with keyring in the SDK -- seems very straightforward. One thing that came to my attention is we'll now probably need some sort of gaiacli keys init command functionality which sets up a keyring with a passphrase. Subsequent usage will now prompt users for both a keyring passphrase (unless saved) and their key passphrase (bcrypt encrypted) -- not sure this is the best UX.

Or were we thinking of another flow?

alexanderbez picture alexanderbez on 26 Feb 2019

I think we can ditch bcrypt if we're using a keyring which is already encrypted.

This seems like a large-magnitude change for prelaunch though, for now I suggest just the permissions fix.

cwgoes picture cwgoes on 26 Feb 2019
👍1

FYI Iqlusion/ @poldsam is working on adding keyring support for the client key storage

zmanian picture zmanian on 3 May 2019

Cool! You mean to Keybase @zmanian? Is there any code you can share? Will a PR be made?

alexanderbez picture alexanderbez on 3 May 2019

https://github.com/iqlusioninc/cosmos-sdk/tree/kristi/keyringKeybase

Here is the WIP branch. Yep there will be a PR

zmanian picture zmanian on 3 May 2019
1

Awesome. Look forward to reviewing the contribution.

alexanderbez picture alexanderbez on 3 May 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

adrianbrink picture adrianbrink  Â·  3Comments
cwgoes picture cwgoes  Â·  3Comments
fedekunze picture fedekunze  Â·  3Comments
rigelrozanski picture rigelrozanski  Â·  3Comments
cwgoes picture cwgoes  Â·  3Comments