Git Product home page Git Product logo

secret-vault's Introduction

Secret Vault

A PoC showing how even a more complex use-case can be implemented relatively easily - this contract generates and stores private keys, exposing an interface for a user to sign data (e.g. ethereum transactions) while keeping the private key safe. Inspired in part by the suggestion by Gridlock Network.

What is there to see here?

  • A basic, non-auditing, probably insecure PRNG mechanism for generating keys. We use randomness generated by the client to ensure that an observer cannot predict keys generated by the contract.

  • An access-control system to manage access to private keys - Creating a "server-side" API key, and storing a user-generated password. In order to sign data you must provide both the password and the API key.

  • Usage of libsecp256k1 to create valid secp256k1 signatures on-chain

What isn't there to see here?

  • Properly audited cryptographic anything (no constant time functions, no cryptanalysis, etc.)

  • No deletion of keys or changing of passwords (though this would be pretty easy)

  • Using the private keys for anything other than signing with secp256k1 (encryption, ed25519, nist etc.)

Example usage

Initialize the contract

./secretcli tx compute instantiate "<code_id>" "{\"Init\": {\"seed_phrase\": \"hello\"}}" --label <label_name>

Choose a random phrase, or a long string of random data. Either way, the PRNG depends on this so make it good

Generate a new key

./secretcli tx compute execute <contract_address> "{\"NewKey\": {\"key_seed\": \"XxT/TGEb1U+bMKM7/9qz87JKpd6xj+0URYVySL9vEHs=\", \"passphrase\": \"yo\"}}"

key_seed should be a base64 encoded string of random bytes - this will be used in generating your private key

Check the return value of this transaction to get your api_key and the key_id (key identifier) for the newly created key. You will need the key_id, api_key and your passphrase to be able to sign data in the next step

Sign some data

./secretcli tx compute execute secret1l425neayde0fzfcv3apkyk4zqagvflm6u6e56s "{\"Sign\": {\"passphrase\": \"<your_passphrase>\", \"key_id\":\"<your_key_id>\", \"data\": \"XxT/TGEb1U+bMKM7/9qz87JKpd6xj+0URYVySL9vEHs=\", \"api_key\": \"<your_api_key>\"}}"

data is a base64 encoded string of data exactly 32 bytes long. So make sure you hash your data before sending it. This is done to avoid having to guess how you want your data processed before signing and keeping gas costs down

secret-vault's People

Contributors

cashmaney avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.