Description
Context and scope
This started from a discussion centred around hardening the security of ICM signatures here (the discussion digresses a bit).
What we want is to enable the use of an external signer. The first step is to completely abstract BLS signing such that a signing service can be injected.
Discussion and alternatives
I think this should probably happen inside the bls util package in a way that encapsulates the private/secret-key with a "signing service". All current instances of use of secret keys should be replaced with a LocalBLSSigningService.
After combing through the code, it looks like the following files use a bls.SecretKey
- chains/manager.go
- vms/platformvm/warp/signer.go
- node/config.go
- vms/platformvm/signer/proof_of_possession.go
- network/peer/ip.go
- network/peer/ip_signer.go
- network/config.go
- config/config.go
- node/node.go
(it looks like this last file just copies from one config to the other)
Each config should be replaced with a SignerService interface.
Open questions
Am I missing any usage of BLS keys?
Activity