Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keypair verifies #62

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Keypair verifies #62

wants to merge 3 commits into from

Conversation

michaeldjeffrey
Copy link
Contributor

@michaeldjeffrey michaeldjeffrey commented Dec 18, 2023
edited
Loading

Adds a section to helium-config-service-cli env info
If a keypair is provided, it will sign and verify a message.

With an untouched keypair.

❯ helium-config-service-cli env info --keypair good.key
{
  "arguments": {
    // ...
    "key_type_from_keypair": "ed25519",
    "keypair": "good.key",
    "keypair_verifies_own_sig": "verified",
    "public_key_from_keypair": "13AixikqhmTeknAJYmi27iBs14gqS4kiCnZXge47jMCkSMeMKrs"
  },
  //...
}

With a keypair made, then opened in vscode and saved with no cursor movement.

❯ helium-config-service-cli env info --keypair bad.key 
{
  "arguments": {
    // ...
    "key_type_from_keypair": "ed25519",
    "keypair": "bad.key",
    "keypair_verifies_own_sig": "failed to verify: keypair corrupted: ed25519 error\n\nCaused by:\n    Invalid public key",
    "public_key_from_keypair": "14mLF4c2dZ3rxNeTMPm3Q4DYuZRJJcEC9vREHi7kWG4wiiQs6tj"
  },
  // ...
}

@michaeldjeffrey
formatting
1b5c297
@michaeldjeffrey
remove defaults for creating routes
d3a942b 
Default NetID has led to quite a bit of confusion.
Default multi-buy could lead to same confusion if someone doesn't know
where the value is coming from. Better to be explicit.
@michaeldjeffrey
add section to env info
99ca268 
Make a fake request, sign it, then try and verify the request.
If you open a key in some editors, there's a chance the key becomes
corrupted. The public key can still be read out many times, but it
cannot sign a valid message.
jeffgrunewald
jeffgrunewald reviewed Dec 18, 2023
View reviewed changes
Copy link
Contributor

@jeffgrunewald jeffgrunewald left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'm not sure what this is verifying. just that the keypair signing a message can verify the signature on the message? since all the code doing the signing and verifying is self-contained in this repo it seems a little circular to me that this performs a validation that provides any level of independent verification unless we're somehow seeing scenarios where folks are signing with invalid keys but then unable to verify with the same keypair. something with ecc_compact keys?

@michaeldjeffrey
Copy link
Contributor Author

There's always a chance if you open a key file in a text editor that it's not left entirely alone.
The pubkey will be pulled out the same, but it can never sign anything.
This has happened to me a few times with test keys and vscode.
The config service doesn't give out much information about Auth errors, as it shouldn't, and a good first step is being able to verify the key can sign anything at all before starting a debug session through all the layers that can be causing problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeffgrunewald jeffgrunewald jeffgrunewald approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@michaeldjeffrey @jeffgrunewald