Softsign cannot import keys
1ultimat3 opened this issue · 10 comments
It is not possible to test tmkms using softsign based on an existing priv_validator.json.
I don't know how this line got there, but it should be rather SecretKeyEncoding::default() instead of IDENTITY:
https://github.com/tendermint/kms/blob/20172d91e270a39907d2e96fde1b94bf9958c961/src/keyring/ed25519/softsign.rs#L21
It seems that #135 already stated this issue. Is softsign eol?
This is how I tried to "import" the key:
https://gist.github.com/mateuszk87/628283e1581d8e247807e819c2913cab
As you noted this is a dupe of #135, however #135 was closed by its original reporter without ever receiving a proper fix so the issue got lost in the shuffle. Thanks for reopening it.
Is softsign eol?
It's not recommended for production usage (we could perhaps have some clearer documentation and messaging around that) and therefore receives less attention and automated testing than the HSM backends, but it is not "EOL" and will continue to be supported as a signing method at least for the immediate future.
There are different use cases for soft sign. E.g.: first step of transition to HSM, testnets or a disaster recovery option. We are trying to use this feature for some security checks (non-production) and we need to import a test key (without forking and modifying the kms source code).
Hi Folks, is there a branch with these changes someplace?
Fixed in #304, which provides a wide range of options for key format support, both for the softsign provider itself, and as a CLI subcommand (tmkms softsign import
) for converting key formats.