[Question] Restore snapshot from bytes
Opened this issue · 0 comments
Description
We are investigating using Stronghold in combination with iroh peer-to-peer data sharing (Rust) library.
With a small amount of effort, we can load a Stronghold snapshot from an iroh
blob store, persist it, and see the blob/snapshot synchronised to an iroh peer node. Our preference, however, is to use iroh's API to retrieve and restore a snapshot as bytes.
Motivation
Our primary motivation is to make it straightforward (for users) to securely share sensitive data (private keys) between a native and web wallet without recourse to centralised storage or services.
Requirements
Our primary requirement is to serialise a Stronghold snapshot between peer iroh
nodes with (direct) recourse to the file system.
Future plans to use an in-memory iroh
node (no file system) rule out using export_to_serialized_state
/import_from_serialized_state
. Also, it requires Stronghold to be established on both peers before sharing snapshot state.
Open questions (optional)
On experimenting with a fork of the Stronghold dev
branch, we successfully restored a snapshot on one peer using a byte array synced from a second iroh peer. The only change we needed to make the Stronghold source was to change the Client::restore
method from pub(crate)
to pub
.
Very rough PoC code:
...
// load snapshot from bytes
let pt = snapshot::read(&mut snapshot_bytes, &key_bytes, &[])?;
let data = snapshot::decompress(&pt)?;
let state = bincode::deserialize(&data)?;
let snapshot = Snapshot::from_state(state, key_bytes, None)?;
// load client from snapshot
let mut client = Client::default();
let client_id = ClientId::load_from_path(CLIENT, CLIENT);
let client_state = snapshot.get_state(client_id)?;
client.restore(client_state, client_id)?; // <-
...
My question is: before requesting a change, does this in any way compromise Stronghold's integrity or security?
Are you planning to do it yourself in a pull request?
Yes.