Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/scrtlabs/secret-vault

A contract that allows you to create private keys on-chain and sign data with secp256k1 signatures
https://github.com/scrtlabs/secret-vault

Last synced: 3 months ago
JSON representation

A contract that allows you to create private keys on-chain and sign data with secp256k1 signatures

Host: GitHub
URL: https://github.com/scrtlabs/secret-vault
Owner: scrtlabs
License: apache-2.0
Created: 2020-07-08T13:13:56.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-11-22T15:39:39.000Z (almost 4 years ago)
Last Synced: 2024-07-26T23:51:07.027Z (3 months ago)
Language: Rust
Homepage:
Size: 107 KB
Stars: 25
Watchers: 4
Forks: 7
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-ccamel - scrtlabs/secret-vault - A contract that allows you to create private keys on-chain and sign data with secp256k1 signatures (Rust)

README

        # Secret Vault

A PoC showing how even a more complex use-case can be implemented relatively easily - this contract generates and stores private keys, exposing an interface for a user to sign data (e.g. ethereum transactions) while keeping the private key safe. Inspired in part by the suggestion by [Gridlock Network](https://github.com/GridlockNetwork/Whitepaper).

What is there to see here?

* A basic, non-auditing, probably insecure PRNG mechanism for generating keys. We use randomness generated by the client to ensure that an observer cannot predict keys generated by the contract.

* An access-control system to manage access to private keys - Creating a "server-side" API key, and storing a user-generated password. In order to sign data you must provide both the password and the API key. 

* Usage of libsecp256k1 to create valid secp256k1 signatures on-chain

What isn't there to see here?

* Properly audited cryptographic anything (no constant time functions, no cryptanalysis, etc.)

* No deletion of keys or changing of passwords (though this would be pretty easy)

* Using the private keys for anything other than signing with secp256k1 (encryption, ed25519, nist etc.)

# Example usage

### Initialize the contract

```./secretcli tx compute instantiate "" "{\"Init\": {\"seed_phrase\": \"hello\"}}" --label ```

Choose a random phrase, or a long string of random data. Either way, the PRNG depends on this so make it good

### Generate a new key

```./secretcli tx compute execute  "{\"NewKey\": {\"key_seed\": \"XxT/TGEb1U+bMKM7/9qz87JKpd6xj+0URYVySL9vEHs=\", \"passphrase\": \"yo\"}}"```

`key_seed` should be a base64 encoded string of random bytes - this will be used in generating your private key

Check the return value of this transaction to get your api_key and the key_id (key identifier) for the newly created key. You will need the key_id, api_key and your passphrase to be able to sign data in the next step

### Sign some data

```./secretcli tx compute execute secret1l425neayde0fzfcv3apkyk4zqagvflm6u6e56s "{\"Sign\": {\"passphrase\": \"\", \"key_id\":\"\", \"data\": \"XxT/TGEb1U+bMKM7/9qz87JKpd6xj+0URYVySL9vEHs=\", \"api_key\": \"\"}}"```

`data` is a base64 encoded string of data exactly 32 bytes long. So make sure you hash your data before sending it. This is done to avoid having to guess how you want your data processed before signing and keeping gas costs down