Keep wallet key in Hardware Security Module or Key Management Service... #3381
Labels
ADDING FEATURE
Mark a PR as adding a new feature, for auto-generated CHANGELOG
IMPROVEMENT
Mark a PR as an improvement, for auto-generated CHANGELOG
Comments
mgajda
added
ADDING FEATURE
mgajda
changed the title
mgajda
changed the title
mgajda
changed the title
|
@jonathanknowles This feature would increase security of the wallet private key, by making it very hard to steal it. (For stealing, one would have to also breach HSM.) Could this feature be supported in the next version? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The problem that you wish to solve
Wallet private key should be impossible to steal even if attacker manages to hack the
cardano-wallet.The best way to assure that would be to hold private key in Hardware Security Module, like the ones provided by Thales, Yubi.
Note that these are specifically designed for use on the server, and indeed available on Azure and IBM clouds.
(I omit AWS solution, since it does not seem to support EdDSA Ed25519 yet. Google allows co-location of custom HSMs only, standard HSM does not support Ed25519. However, next NIST signing standard is expected to include EdDSA and Ed25519, so I expect it will become supported in few years.)
Future version of TPM may also support this feature.
Description
To support signing by Hardware Security Module, we need the abstract private key API that allows to offload signing and encryption to the HSM device.
Implementation suggestions
Abstract API that allows us to:
Later this API can be implemented to support all HSM and KMS solutions that support Ed25519 yet, or will support future FIPS signing standard. Possibly will include TPM 3.0, AWS/Google/Azure KMS solutions, and USB keys with signing capability.
The text was updated successfully, but these errors were encountered: