dat
dat copied to clipboard
Key Management - Multiwriter
How do we want to manage keys for multiwriter?
Recently, we added the dat keys
command for import & export (#828), multiwriter key management can build on that.
Old Issue
We need some basic key management in the CLI. Right now its very hard to transfer ownership of a dat.
Add a dat keys
command with some subcommands for importing/exporting keys:
- Export secret key
- Import secret key to another dat and make it writable
After multiwriter lands:
- We should try to ensure that a private key is never being used in two places at once
- We should encourage provisioning of new keys when transferring devices (to avoid o/)
- We need a basic key management API for this, e.g.:
-
dat keys generate
- adds a new keypair to the global key store, prints out the public key -
dat owners add <key> [path-to-dat(default-cwd)]
- adds a public key as an authorized writer to the current dat -
dat keys ls
- print out list of keypairs stored in global key store -
dat keys rm <key>
- delete a key from the global keystore -
dat keys get <key>
- print the keypair -
dat keys add <pubkey> <privatekey>
- add a keypair manually
-
So the workflow to transfer a dat between two machines (A to B) would be:
- On B, do
dat keys generate
. This places a private key in the global store. You copy paste the public key - On A, do
dat owners add <B's Pubkey>
in the dat dir - On B, clone the dat. You notice you own the private key for one of the owner pubkeys, so you flip the .ogd to true
- On A, run
dat keys rm <key>
to revoke your own ability to write (optional)
You can also transfer the original key (not recommended) by doing dat keys get <key>
on A and then dat keys add
on B
What's the difference between dat owners add
and dat keys add
?
Has any progress been made on this issue?
I tried finding issues or PRs related to this in the lower-level projects (e.g. hyperdrive), but couldn't find anything, so I assume this is still the place to track it.
@mafintosh is the one to ping on this
@brechtpm See https://github.com/mafintosh/hyperdb/pull/39
Hi @millette, the mafintosh/hyperdb#39 branch is merged, what is missing?
We'll be integrating hyperdb into hyperdrive (see https://github.com/mafintosh/hyperdrive/tree/hyperdb-backend). Once that is integrated , then we can start to work on what that'll look like in the Dat CLI. We'll be prototyping some of that here: https://github.com/joehand/dat-next.
There is some work to be done around how we do backwards compatibility and manage merge conflicts. So still lots to think about on top of key management!
How hard would it be to utilize ecdsa key generation schemes to deterministically generate dat or hyperdrive or hyperdb containers?
Answered my own question. Yes I can. I did it! I can predict every future Dat address of mine now. Think.... zipFs :)