dat icon indicating copy to clipboard operation
dat copied to clipboard

Published 20 hours ago verified publisher icon dat-ecosystem

Key Management - Multiwriter

Open joehand opened this issue 6 years ago • 9 comments

How do we want to manage keys for multiwriter?

Recently, we added the dat keys command for import & export (#828), multiwriter key management can build on that.

Old Issue

We need some basic key management in the CLI. Right now its very hard to transfer ownership of a dat.

Add a dat keys command with some subcommands for importing/exporting keys:

  • Export secret key
  • Import secret key to another dat and make it writable

joehand avatar Jul 20 '17 19:07 joehand

After multiwriter lands:

  • We should try to ensure that a private key is never being used in two places at once
  • We should encourage provisioning of new keys when transferring devices (to avoid o/)
  • We need a basic key management API for this, e.g.:
    • dat keys generate - adds a new keypair to the global key store, prints out the public key
    • dat owners add <key> [path-to-dat(default-cwd)] - adds a public key as an authorized writer to the current dat
    • dat keys ls - print out list of keypairs stored in global key store
    • dat keys rm <key> - delete a key from the global keystore
    • dat keys get <key> - print the keypair
    • dat keys add <pubkey> <privatekey> - add a keypair manually

So the workflow to transfer a dat between two machines (A to B) would be:

  • On B, do dat keys generate. This places a private key in the global store. You copy paste the public key
  • On A, do dat owners add <B's Pubkey> in the dat dir
  • On B, clone the dat. You notice you own the private key for one of the owner pubkeys, so you flip the .ogd to true
  • On A, run dat keys rm <key> to revoke your own ability to write (optional)

You can also transfer the original key (not recommended) by doing dat keys get <key> on A and then dat keys add on B

max-mapper avatar Jul 27 '17 01:07 max-mapper

What's the difference between dat owners add and dat keys add?

ralphtheninja avatar Jul 27 '17 02:07 ralphtheninja

Has any progress been made on this issue?

I tried finding issues or PRs related to this in the lower-level projects (e.g. hyperdrive), but couldn't find anything, so I assume this is still the place to track it.

brechtcs avatar Feb 08 '18 16:02 brechtcs

@mafintosh is the one to ping on this

max-mapper avatar Feb 12 '18 20:02 max-mapper

@brechtpm See https://github.com/mafintosh/hyperdb/pull/39

millette avatar Feb 12 '18 21:02 millette

Hi @millette, the mafintosh/hyperdb#39 branch is merged, what is missing?

carloslfu avatar Apr 22 '18 12:04 carloslfu

We'll be integrating hyperdb into hyperdrive (see https://github.com/mafintosh/hyperdrive/tree/hyperdb-backend). Once that is integrated , then we can start to work on what that'll look like in the Dat CLI. We'll be prototyping some of that here: https://github.com/joehand/dat-next.

There is some work to be done around how we do backwards compatibility and manage merge conflicts. So still lots to think about on top of key management!

joehand avatar Apr 24 '18 16:04 joehand

How hard would it be to utilize ecdsa key generation schemes to deterministically generate dat or hyperdrive or hyperdb containers?

genecyber avatar Dec 29 '18 06:12 genecyber

Answered my own question. Yes I can. I did it! I can predict every future Dat address of mine now. Think.... zipFs :)

genecyber avatar Dec 31 '18 23:12 genecyber