baseline icon indicating copy to clipboard operation
baseline copied to clipboard

Published 20 hours ago verified publisher icon ethereum-oasis-op

SRI - Research options for clients to generate, store and utilize EDDSA key pairs

Open ognjenkurtic opened this issue 1 year ago • 5 comments

Overview

We need to understand what options are there for the future users of the BPI to manage EDDSA keys for two use-cases:

  1. Login to the BPI (Auth)
  2. Signing the tx payload

It might be that we need to build a simple UI where we provide option to sign a custom JSON with the user inputed private key.

Reference

  • Any simple option where the client uses a tool available through the OS?
  • Use Metamask as a base (Your ECDSA private key + the hash of the ECDSA public key) to generate EDDSA key pair which is stored in local storage?
  • Build our own solution based on Ethers.js?
  • ...

Acceptance

  • research documented with a clear set of action items\implementation issues

Tasks

  • [ ] Do it

ognjenkurtic avatar Nov 16 '23 15:11 ognjenkurtic

@ognjenkurtic the steps with Metamask are:

  1. get pubkey_owner from accounts in MM through API
  2. `message = keccack256(pubKey_owner)'
  3. call the MM signing function API with the message as payload and the target account to use
  4. API returns signature
  5. Convert hex signature into Bigint number
  6. That is the EdDSA privkey
  7. Then generate the EdDSA pubkey from privkey using circom crypto library
  8. Then use circom crypto library to create EdDSA signatures with privkey

@biscuitdey Did I forget anything?

Therecanbeonlyone1969 avatar Nov 16 '23 18:11 Therecanbeonlyone1969

@ognjenkurtic the steps with Metamask are:

  1. get pubkey_owner from accounts in MM through API
  2. `message = keccack256(pubKey_owner)'
  3. call the MM signing function API with the message as payload and the target account to use
  4. API returns signature
  5. Convert hex signature into Bigint number
  6. That is the EdDSA privkey
  7. Then generate the EdDSA pubkey from privkey using circom crypto library
  8. Then use circom crypto library to create EdDSA signatures with privkey

@biscuitdey Did I forget anything?

@Therecanbeonlyone1969

Looks good! Takes care of the problem of storing private keys.

biscuitdey avatar Nov 23 '23 11:11 biscuitdey

Some pointers on how BRI-1 does this with Vault

Key creation: https://docs.provide.technology/api/rest-api-v1/vault/keys/creating-a-key

Signing verification: https://docs.provide.technology/api/rest-api-v1/vault/keys/signing-and-verifying

Keys are held in encrypted storage at the behalf of the organization - though the individual given enterprise/DID user is permitted access to use them

Implementation is catered moreso to enterprise backend services than crypto wallets like Metamask

Early january I can provide a demo

fleischr avatar Dec 21 '23 21:12 fleischr

Similar API to BRI-1's Vault

https://docs.turnkey.com/api

fleischr avatar Dec 22 '23 15:12 fleischr

Some pointers on how BRI-1 does this with Vault

Key creation: https://docs.provide.technology/api/rest-api-v1/vault/keys/creating-a-key

Signing verification: https://docs.provide.technology/api/rest-api-v1/vault/keys/signing-and-verifying

Keys are held in encrypted storage at the behalf of the organization - though the individual given enterprise/DID user is permitted access to use them

Implementation is catered moreso to enterprise backend services than crypto wallets like Metamask

Early january I can provide a demo

@fleischr Thank you for the resources. I am aware that BRI-1 uses Vault for key management. I did look into implementing Hashicorp's Vault but we wanted something simple to implement in this iteration. We are already using Metamask for login and needed some easy way to convert the Metamask ECDSA key into EDDSA key (within circuits). Metamask wallet is handling the key management.

biscuitdey avatar Dec 22 '23 16:12 biscuitdey

Completed.

biscuitdey avatar Jun 20 '24 14:06 biscuitdey