prysm-pulse/validator/keymanager/v2/remote/doc.go

/*
Package remote defines an implementation of an on-disk, EIP-2335 keystore.json
approach towards defining validator accounts in Prysm. A validating private key is
encrypted using a passphrase and its resulting encrypted file is stored as a
keystore.json file under a unique, human-readable, account namespace. This direct keymanager approach
relies on storing account information on-disk, making it trivial to import, export and
list all associated accounts for a user.

Package remote defines a keymanager implementation which connects to a remote signer
server via gRPC. The connection is established via TLS using supplied paths to
certificates and key files and allows for submitting remote signing requests for
eth2 data structures as well as retrieving the available signing public keys from
the remote server.

Remote sign requests are defined by the following protobuf schema:

 // SignRequest is a message type used by a keymanager
 // as part of Prysm's accounts implementation.
 message SignRequest {
     // 48 byte public key corresponding to an associated private key
     // being requested to sign data.
     bytes public_key = 1;

     // Raw bytes signing root the client is requesting to sign. The client is
	 // expected to determine these raw bytes from the appropriate BLS
     // signing domain as well as the signing root of the data structure
	 // the bytes represent.
     bytes signing_root = 2;
 }

Remote signing responses will contain a BLS12-381 signature along with the
status of the signing response from the remote server, signifying the
request either failed, was denied, or completed successfully.

 message SignResponse {
     enum Status {
         UNKNOWN = 0;
         SUCCEEDED = 1;
         DENIED = 2;
         FAILED = 3;
     }

     // BLS12-381 signature for the data specified in the request.
     bytes signature = 1;
 }

The remote keymanager can be customized via a keymanageropts.json file
which requires the following schema:

 {
   "remote_address": "remoteserver.com:4000", // Remote gRPC server address.
   "remote_cert": {
     "crt_path": "/home/eth2/certs/client.crt", // Client certificate path.
     "ca_crt_path": "/home/eth2/certs/ca.crt",  // Certificate authority cert path.
     "key_path": "/home/eth2/certs/client.key", // Client key path.
   }
 }
*/
package remote
Remote Keymanager: Proto Definitions and Basic Client Implementation (#6526) * begin on the proto definitions * define remote signer service protos * basic implementation * remote keymanager docs * finalize remote client doc * amend response * fix proto defs * test new and begin test sign * test sign done * Merge branch 'master' into remote-keymanager-v2 * remote oneof * rename * Merge branch 'remote-keymanager-v2' of github.com:prysmaticlabs/prysm into remote-keymanager-v2 * fix build * Merge refs/heads/master into remote-keymanager-v2 * viz * Merge branch 'remote-keymanager-v2' of github.com:prysmaticlabs/prysm into remote-keymanager-v2 * Merge refs/heads/master into remote-keymanager-v2 * Merge refs/heads/master into remote-keymanager-v2 * Update validator/keymanager/v2/remote/remote_test.go Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com> * Update validator/accounts/v2/wallet.go Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com> * fmt 2020-07-10 05:49:56 +00:00			`/*`
			`Package remote defines an implementation of an on-disk, EIP-2335 keystore.json`
			`approach towards defining validator accounts in Prysm. A validating private key is`
			`encrypted using a passphrase and its resulting encrypted file is stored as a`
			`keystore.json file under a unique, human-readable, account namespace. This direct keymanager approach`
			`relies on storing account information on-disk, making it trivial to import, export and`
			`list all associated accounts for a user.`

			`Package remote defines a keymanager implementation which connects to a remote signer`
			`server via gRPC. The connection is established via TLS using supplied paths to`
			`certificates and key files and allows for submitting remote signing requests for`
			`eth2 data structures as well as retrieving the available signing public keys from`
			`the remote server.`

			`Remote sign requests are defined by the following protobuf schema:`

			`// SignRequest is a message type used by a keymanager`
			`// as part of Prysm's accounts implementation.`
			`message SignRequest {`
			`// 48 byte public key corresponding to an associated private key`
			`// being requested to sign data.`
			`bytes public_key = 1;`

			`// Raw bytes signing root the client is requesting to sign. The client is`
			`// expected to determine these raw bytes from the appropriate BLS`
			`// signing domain as well as the signing root of the data structure`
			`// the bytes represent.`
			`bytes signing_root = 2;`
			`}`

			`Remote signing responses will contain a BLS12-381 signature along with the`
			`status of the signing response from the remote server, signifying the`
			`request either failed, was denied, or completed successfully.`

			`message SignResponse {`
			`enum Status {`
			`UNKNOWN = 0;`
			`SUCCEEDED = 1;`
			`DENIED = 2;`
			`FAILED = 3;`
			`}`

			`// BLS12-381 signature for the data specified in the request.`
			`bytes signature = 1;`
			`}`

			`The remote keymanager can be customized via a keymanageropts.json file`
			`which requires the following schema:`

			`{`
			`"remote_address": "remoteserver.com:4000", // Remote gRPC server address.`
			`"remote_cert": {`
			`"crt_path": "/home/eth2/certs/client.crt", // Client certificate path.`
			`"ca_crt_path": "/home/eth2/certs/ca.crt", // Certificate authority cert path.`
			`"key_path": "/home/eth2/certs/client.key", // Client key path.`
			`}`
			`}`
			`*/`
			`package remote`