hypertele icon indicating copy to clipboard operation
hypertele copied to clipboard

Published 20 hours ago verified publisher icon bitfinexcom

Add --key-file opt

Open HDegroote opened this issue 11 months ago • 1 comments

Adds a --key-file option to the hypertele server and client, so it can use keys generated by secure-key. Also includes a --key-file-password option to pass in the password through the CLI rather than through stdin

The key-pair and private options interact as follows:

  • key-file + private: both client and server need to load the same key-file content, since they need to share the same private and public key (which without key-file happens by using the same seed)
  • key-file server (non-private): client can choose whether to use a key-file or not—it joins the server based on the passed-in public key (-s option)
  • no key-file server (non-private): same as above, client can be whatever

The keys are copied to normal memory, to make the code more straightforward (in contrast to hypercore-sign, where they never leave protected memory). I’m fine with keeping the keys in protected memory if that’s a requirement, but it could be quite complex to make sure they never leak to normal memory in the hyperdht code.

Note: I moved everything into an async main because loading the keys from file happens async, so it could not cleanly use the existing structure. Except for that I tried to make the fewest changes possible.

HDegroote avatar Feb 26 '24 15:02 HDegroote

Converted to draft while we're doing an iteration on secure-key

HDegroote avatar Feb 26 '24 23:02 HDegroote