Password protect the key using softsign
freak12techno opened this issue · 1 comments
For now, the priv validator key is stored unencrypted if using softsign, making it vulnerable.
Is it possible to implement a keyring that allows having 2 types of access, managing keys and signing something using the key inside, pretty much as in yubihsm integration? As I see, it can be done the following way:
- user imports a key
- 2 passwords are generated, admin password (allowing doing everything) and validator password (allowing to sign)
- validator password is stored in a config, while admin config isn't stored on the machine at all, so if someone can log into the server, they won't be able to decrypt the key without knowing the admin password
If this is manageable, it should increase the security level of softsign greatly. Do you think it's possible?
Thanks in advance!
Having two files, one containing an encrypted key and another containing the password, provides little more than security by obscurity: whatever attack can compromise one file can be used to compromise both files.
We are looking at updating the softsign backend to use a new version of Signatory, a general purpose digital signature library: https://github.com/iqlusioninc/crates/tree/main/signatory
After that's in place we may look at additional options for protecting software-based private keys, such as leveraging various kernel APIs for key storage.
Until then we recommend using a YubiHSM2 or Ledger to provide secure key storage.