Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better defaults for ipfs key export (PEM, PKCS) #8594

Closed
lidel opened this issue Dec 8, 2021 · 4 comments
Closed

Better defaults for ipfs key export (PEM, PKCS) #8594

lidel opened this issue Dec 8, 2021 · 4 comments
Assignees
@schomatis
Labels
effort/days Estimated to take multiple days, but less than a week exp/intermediate Prior experience is likely helpful help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature topic/security Topic security
Milestone
Best Effort Track

Comments

@lidel
Copy link
Member

lidel commented Dec 8, 2021
edited
Loading

Current implementation

Right now, the ipfs key export -o foo.key just spits out the key in proprietary Protobuf, without any protection:

This is not only a dangerous default, but makes it difficult to interop with the outside world.
People building on IPFS asked for the ability to generate keys outside go-ipfs and/or export them in a form that is useful out of the box, or a safer way to export a key to move it to a different box.

Ref. https://discuss.ipfs.io/t/importing-pem-encoded-private-key/12770/9

Proposed fix

We should fix the default behavior and do what js-ipfs does:

ipfs.key.export(name, password, [options]):
Export a key in a PEM encoded password protected PKCS 8

Namely:

  • never export unencrypted keys by default
  • leverage well-established open standards to maximize interoperability and improve devexp

Some implementation suggestions:

  • change the default to produce something like well-established PEM 8 (https://en.wikipedia.org/wiki/PKCS)
  • make --format=pem-pkcs8-encrypted the implicit default
    • this ensures the default is sane: requires password and produces encrypted key
    • it is ok to allow unencrypted export via explicit opt-in --format=pem-pkcs8-cleartext
  • handle legacy format: allow users to export to the old format via something like --format=libp2p-protobuf-cleartext
  • import should be smart enough to detect the key format based on a few first bytes, but it should also take explicit --format and return error if input does not match expected format

Update: turns out js-ipfs uses PEM only for RSA keys, Ed25519 (current default) use custom format encrypted with aes-gcm (details in #8616 (review)) – I suggested focussing on cleartext (unencrypted) PEM for now, as it the most interoperable with external software.
@lidel lidel added kind/enhancement A net-new feature or improvement to an existing feature help wanted Seeking public contribution on this issue topic/security Topic security exp/intermediate Prior experience is likely helpful effort/days Estimated to take multiple days, but less than a week labels Dec 8, 2021
@lidel lidel changed the title Better default for ipfs key export Better defaults for ipfs key export (PEM, PKCS, encrypt with passphrase) Dec 8, 2021
@lidel lidel moved this to Todo in @lidel's IPFS wishlist Dec 8, 2021
@schomatis

This comment has been minimized.

Sign in to view
@schomatis schomatis self-assigned this Dec 13, 2021
@schomatis schomatis mentioned this issue Dec 16, 2021
Merged
@lidel

This comment has been minimized.

Sign in to view
@lidel lidel moved this from Todo to In Progress in @lidel's IPFS wishlist Dec 17, 2021
@lidel
Copy link
Member Author

lidel commented Jan 19, 2022
edited
Loading

Turns out js-ipfs uses PEM only for RSA keys, Ed25519 keys (current default) use custom format encrypted with aes-gcm (details in #8616 (review))
Due to this, we are focussing on cleartext (unencrypted) PEM for now, as it the most interoperable with external software, and we will not be changing any defaults at this time. Such decision requires cleaning up interop with js-ipfs first.

👉 Opt-in support for keys in cleartext PEM files is being implemented in #8616, this should be enough to allow cool interop with other software: using IPFS keys in other apps, or generating (deriving) a key by a third party app and then importing and using it for IPNS.

@BigLep BigLep added this to the Best Effort Track milestone Mar 10, 2022
@BigLep BigLep moved this to 🥞 Todo in IPFS Shipyard Team Mar 10, 2022
@schomatis
Copy link
Contributor

Done in #8616.

Repository owner moved this from 🥞 Todo to ✅ Done in IPFS Shipyard Team Mar 17, 2022
Repository owner moved this from In Progress to Done in @lidel's IPFS wishlist Mar 17, 2022
@lidel lidel changed the title Better defaults for ipfs key export (PEM, PKCS, encrypt with passphrase) Better defaults for ipfs key export (PEM, PKCS) Mar 17, 2022
@BigLep BigLep moved this from 🎉 Done to ☑️ Done (Archive) in IPFS Shipyard Team Mar 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schomatis schomatis

Labels
effort/days Estimated to take multiple days, but less than a week exp/intermediate Prior experience is likely helpful help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature topic/security Topic security
Projects
No open projects
IPFS Shipyard Team
Archived in project
Milestone
Best Effort Track
Development

No branches or pull requests
3 participants
@BigLep @lidel @schomatis