Add ipfs cli 'rotate' command to rotate identity private keys

[petar]

No description provided.

[welcome]

Thank you for submitting this PR!
A maintainer will be here shortly to review it.
We are super grateful, but we are also overloaded! Help us by making sure that:

• The context for this PR is clear, with relevant discussion, decisions
  and stakeholders linked/mentioned.

• Your contribution itself is clear (code comments, self-review for the
  rest) and in its best form. Follow the code contribution
  guidelines
  if they apply.

Getting other community members to do a review would be great help too on complex PRs (you can ask in the chats/forums). If you are unsure about something, just leave us a comment.
Next steps:

• A maintainer will triage and assign priority to this PR, commenting on
  any missing things and potentially assigning a reviewer for high
  priority items.

• The PR gets reviews, discussed and approvals as needed.

• The PR is merged by maintainers when it has been approved and comments addressed.

We currently aim to provide initial feedback/triaging within two business days. Please keep an eye on any labelling actions, as these will indicate priorities and status of your contribution.
We are very grateful for your contribution!

[aschmahmann]

Added a few small suggestions. We should also add some tests for this. The general way we do this is by adding additional sharness tests (https://github.com/ipfs/go-ipfs/tree/master/test/sharness).

At least one test we should probably do is:

• Create repo + run daemon
• Kill daemon
• Rotate keys
• Rerun the daemon
• Check ipfs id output to verify the ID has changed
• Check ipfs key self output to make sure key has changed
• Check ipfs key list -l to check if the rotated key has the correct ID
• Do an ipfs name publish --key=rotatedKey, just to make sure it works

[aschmahmann]

LGTM. Although we probably want to block approval of this PR on #7251 for now. If that PR stalls then we can make this PR default to RSA and modify #7251 to compensate.

[aschmahmann]

This PR is good to go. If we switch the default rotation to RSA and maybe use functions in the test to test RSA + Ed25519 + defaults.

[aschmahmann]

Maybe we should put this in a function like you did in the init PR, so we can verify RSA, Ed25519 and the default all work.

[petar]

This PR is good to go. If we switch the default rotation to RSA and maybe use functions in the test to test RSA + Ed25519 + defaults.

Default RSA will work awkwardly with the new strict rule that requires not specifying bits when using ed25519: If you set the defaults to RSA+2048, then whenever you want to use --algorithm=ed25519 you don't have a way of unsetting the number of bits flag.

Maybe best is if rotation has NO default?

[aschmahmann]

Having a default is fine. Can't we just have the defaults to mimic what we have in init where we default to an algorithm but no bits, and only pass the bits into config.Identity when they're specified?

[petar]

Having a default is fine. Can't we just have the defaults to mimic what we have in init where we default to an algorithm but no bits, and only pass the bits into config.Identity when they're specified?

Sure. This works too.

[aschmahmann]

This is fine, although I think we can simplify it so that we:

1. first test basic rotation on default, RSA, Ed25519 using the test_rotate function which indicates that rotation basically works
2. test rotating Ed25519 -> RSA -> Ed25519 which indicates that we can rotate to/from each key type. We can even use test_expect_success for these steps to make them easier to debug/notice.