nim-blscurve icon indicating copy to clipboard operation
nim-blscurve copied to clipboard

Published 20 hours ago verified publisher icon status-im

Tag SecretKey export as distinct type

Open mratsim opened this issue 4 years ago • 0 comments

This follows a discussion with an auditor on ED25519 in libp2p.

We need to use all measures possible to prevent leaking private keys, hence I recommend that all private keys use distinct byte. We should also prevent toHex, == on them or for toHex output a SecretHex / SecretString.

In nim-beacon-chain this should prevent introducing private key logging by mistake: https://github.com/status-im/nim-beacon-chain/blob/40c2714ff30c811978fcc234f438ddd473851009/beacon_chain/spec/crypto.nim#L312-L314

Even though some thoughts was given to prevent that: https://github.com/status-im/nim-beacon-chain/blob/40c2714ff30c811978fcc234f438ddd473851009/beacon_chain/spec/crypto.nim#L186-L187

mratsim avatar Jul 24 '20 16:07 mratsim