tessera icon indicating copy to clipboard operation
tessera copied to clipboard

Published 20 hours ago verified publisher icon Consensys

use QKM as enclave

Open taccatisid opened this issue 3 years ago • 0 comments

Instead of retrieving secret key material from QKM, generate the key pairs on QKM itself and do all public key cryptography in QKM so that the private key never leaves QKM.

  • implement the Enclave interface as a proxy for QKM stored keys
  • add a class QKMEncryptor similar to Encryptor but without relying on exposing shared keys to tessera. QKMEncryptor should use the QKM public key interface (see https://consensys.github.io/quorum-key-manager/#tag/Keys)
  • QKM itself has to be extended to support the NaCL crypto_box primitives (for shared key generation/encrypting messages to remote public key)

taccatisid avatar Nov 25 '21 02:11 taccatisid