AleoNet
[Proposal] entering private key in plaintext raise concerns
💥 Proposal
Entering private key in plaintext in terminal and yields potential threats, instead a signature derived from private key file would be much more secure I suppose.
Seems like a duplicate of https://github.com/AleoHQ/snarkOS/issues/1583? In any case, I agree :+1:.
Edit: ah no, that one was the RPC password; in any case, it's a related matter.
I also agree with the concerns about security of the private keys thus far.
I noticed the Signature struct is indeed a challenge/response and compute key. It is not a signature in terms of private key signing, and this may require additional work to designate a signature which is derived from the private key and can be confirmed with the public key (Address).
Also the private key should never be exposed to a computer with an internet connection. At the moment the library relies on the std library quite heavily, and a lot of embedded devices require being able to compile with the #![no_std] macro.
Ideally an embedded system without ethernet hardware should store the key and there should be a mechanism for encrypting values provided over the device's serial connection and supplying a signature, at least with a derived compute key or by encrypting those values to a delegated prover in the prover pool's public address. It seems that perfect key management requires the use of a hardware device with the ability to partially kick off the zkSNARK inputs and have the remaining computation performed on an internet connected device, then relayed to the verifier network.
Hey arosboro, fully agree to what I can grasp. Best practive would be hardware encryption (PSP or external HW token for signing), since this is not the default the next best step would be encryption on kernel level. Instead of clipboard pasting there are better methods such as protected RSA/DSA reading from file or ECDSA signature/fingerprint as you mentioned.
Closing as this issue has been resolved.
Private keys can now be provided via a file.
