-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key Management Meta-issue #7074
Comments
do-not-edit-start-codetree-epic-issuesIssues in this epic:
do-not-edit-end-codetree-epic-issues |
I strongly believe we should investigate WebAuthn (or to be more precise, FIDO2 CTAP) as an easy way for users to authenticate themselves. Relevant part of the implementation for EOS: https://github.com/EOSIO/eosio-webauthn-example-app/blob/master/src/client/wasig.ts |
@fadeev would WebAuthn be something we'd need to support on the blockchain side or just in client SDKs like cosmjs? |
@aaronc most likely there will have to be changes made to the blockchain. Primarily, due to the fact that WebAuthnas far as I know uses different signing algorithms and the one we need is in a Aug 2020 RFC. @jordansexton can you comment on that based on your investigation into WebAuthn? |
Which signing algorithm? Is it just a different pubkey type? |
WebAuthn doesn't yet support secp256k1 and it isn't supported in practice in my testing using Mac Touch ID or Google Titan keys. There is a recent RFC proposing support for it. There are some other challenges here as well. As EOSIO/eos#7421 demonstrates, more than just public key bytes would be required because of WebAuthn's attestation/assertion protocol. This implies to me that changes would be necessary to Tendermint's crypto module, the SDK, and various clients to support this. |
The
|
For (1) why do we need to add it to Tendermint Core? We should add it to Cosmos SDK crypto (I think they are no longer the same?) |
@ethanfrey you may be right about that. I wasn't aware of that change. Briefly glancing at the SDK code, there are still a lot of imports from |
Also, since webauthn keys are tied to one https domain, we will likely need to allow multiple keys to control one account on chain. This will require some sort of group management (in cosmwasm, I think these are in 0.41 or 0.42 milestones for the SDK |
Basically, when I create such a key (and have one on 3 different devices), how do I tie them into one usable account? |
Have a module that maps several addresses/accounts to a single user. |
In CosmWasm-land: In SDK land, the group accounts and fee delegations will enable that (with better/tighter integration, especially for fees) The issue then becomes adding the new device to an account. You will need to have access to one existing device on the account to add the new device when it creates a new key. You could say. 1st device:
2nd, 3rd... device:
Removing:
Challenges:
I think "Communicating between newly registered device and previously registered device" is a huge blind spot in Cosmos, and the extreme difficulty of using the current multisigs that require off-chain aggregation show this. I would love to hear any ideas on how to make that easier. Since those ideas do not touch the Cosmos-SDK and can be used for many workflows, that is a quick place to experiment and iterate. |
WalletConnect is poised to begin work on multi-chain support. This may be an opportunity to leverage that protocol. I'm not sure what would be required for it to interface with WebAuthn though. Maybe @pedrouid already has some ideas? |
A lot of these pieces are orthogonal. Passing messages and partially signed tx between devices easily will be a huge ux bonus, then we can start building clients that use that. Webauthn can be added on top, but web wallet, with 2fa on mobile wallet is a huge help, even if the web wallet isn't using webauthn |
Checking on the status here. |
All of the pieces have been merged and are in QA in preparation for the 0.43 release. |
Summary
The 3 key management modules that Regen Network worked on (fee grants, msg authorization and groups), oftentimes referred to as "subkeys" support, were postponed from the Stargate release due to time constraints. Some of this work has already been migrated to protobuf and is near completion. This meta-issue tracks their progress towards completion for the next release.
Details
The design of these modules was initially described publicly in the following gist: https://gist.github.com/aaronc/b60628017352df5983791cad30babe56. Issue #4480 describes "subkeys" functionality and influenced the design of the modules proposed below.
Fee Grants
Existing/Historical PRs:
Needed for completion:
Msg Authorization
Existing/Historical PRs:
Needed for completion:
Groups
See #7633
secp256r1/NIST P-256 Signing
See #7718
The text was updated successfully, but these errors were encountered: