forest
forest copied to clipboard
ChainSafe
Remove Keystore
A blockchain client should not handle account management.
Enter the keystore passphrase:
Confirm passphrase:
2022-03-30T13:02:11.317Z WARN key_management::keystore > Encrypted keystore does not exist, initializing new keystore
I would propose to remove it or split it out to a different, unrelated binary, e.g., forest-key.
Step one would be to figure out where Forest uses the keys right now. Second step would be to propose a plan for separating Forest into a key-agnostic server and a key-aware client.
It appears we're using the keystore for two things: Storing the RPC access key, storing private keys in the wallet. We should move the handling of wallet keys outside of the forest daemon. Wallet handling is a separate concern from interfacing with the Filecoin network. Once wallet handling is removed from the RPC, we might not need a secured RPC token. We could optionally make RPC access password protected instead.
I propose we move the wallet handling from the daemon into the frontend. It should handle the encryption and never send the private keys to the daemon.
@q9f its for unlocking the keystore (RPC JWT token and wallet keys). I don't really like the idea of enabling it by default and I think we initially implemented it because it was recommended in the security audit. I'm not 100% convinced it was the right move though. I would agree with moving wallets out of the client.
The thing to consider with moving the wallet out of the daemon is that it makes integrating with lotus-miner a little more difficult, because mining requires access to the wallet/keystore API, so that is something that should be considered.
@lemmih you might still want to have the RPC secured by a JWT token for sake of compatibility with lotus software.
