mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2024-12-25 12:57:18 +00:00
2c9474ab7f
* begin on the proto definitions * define remote signer service protos * basic implementation * remote keymanager docs * finalize remote client doc * amend response * fix proto defs * test new and begin test sign * test sign done * Merge branch 'master' into remote-keymanager-v2 * remote oneof * rename * Merge branch 'remote-keymanager-v2' of github.com:prysmaticlabs/prysm into remote-keymanager-v2 * fix build * Merge refs/heads/master into remote-keymanager-v2 * viz * Merge branch 'remote-keymanager-v2' of github.com:prysmaticlabs/prysm into remote-keymanager-v2 * Merge refs/heads/master into remote-keymanager-v2 * Merge refs/heads/master into remote-keymanager-v2 * Update validator/keymanager/v2/remote/remote_test.go Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com> * Update validator/accounts/v2/wallet.go Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com> * fmt
60 lines
2.3 KiB
Go
60 lines
2.3 KiB
Go
/*
|
|
Package remote defines an implementation of an on-disk, EIP-2335 keystore.json
|
|
approach towards defining validator accounts in Prysm. A validating private key is
|
|
encrypted using a passphrase and its resulting encrypted file is stored as a
|
|
keystore.json file under a unique, human-readable, account namespace. This direct keymanager approach
|
|
relies on storing account information on-disk, making it trivial to import, export and
|
|
list all associated accounts for a user.
|
|
|
|
Package remote defines a keymanager implementation which connects to a remote signer
|
|
server via gRPC. The connection is established via TLS using supplied paths to
|
|
certificates and key files and allows for submitting remote signing requests for
|
|
eth2 data structures as well as retrieving the available signing public keys from
|
|
the remote server.
|
|
|
|
Remote sign requests are defined by the following protobuf schema:
|
|
|
|
// SignRequest is a message type used by a keymanager
|
|
// as part of Prysm's accounts implementation.
|
|
message SignRequest {
|
|
// 48 byte public key corresponding to an associated private key
|
|
// being requested to sign data.
|
|
bytes public_key = 1;
|
|
|
|
// Raw bytes signing root the client is requesting to sign. The client is
|
|
// expected to determine these raw bytes from the appropriate BLS
|
|
// signing domain as well as the signing root of the data structure
|
|
// the bytes represent.
|
|
bytes signing_root = 2;
|
|
}
|
|
|
|
Remote signing responses will contain a BLS12-381 signature along with the
|
|
status of the signing response from the remote server, signifying the
|
|
request either failed, was denied, or completed successfully.
|
|
|
|
message SignResponse {
|
|
enum Status {
|
|
UNKNOWN = 0;
|
|
SUCCEEDED = 1;
|
|
DENIED = 2;
|
|
FAILED = 3;
|
|
}
|
|
|
|
// BLS12-381 signature for the data specified in the request.
|
|
bytes signature = 1;
|
|
}
|
|
|
|
The remote keymanager can be customized via a keymanageropts.json file
|
|
which requires the following schema:
|
|
|
|
{
|
|
"remote_address": "remoteserver.com:4000", // Remote gRPC server address.
|
|
"remote_cert": {
|
|
"crt_path": "/home/eth2/certs/client.crt", // Client certificate path.
|
|
"ca_crt_path": "/home/eth2/certs/ca.crt", // Certificate authority cert path.
|
|
"key_path": "/home/eth2/certs/client.key", // Client key path.
|
|
}
|
|
}
|
|
*/
|
|
package remote
|