Skip to content
This repository has been archived by the owner on Nov 6, 2020. It is now read-only.

SecretStore: secretstore_generateDocumentKey RPC #7864

Merged
merged 2 commits into from
Mar 1, 2018
Merged

SecretStore: secretstore_generateDocumentKey RPC #7864

merged 2 commits into from
Mar 1, 2018

Conversation

svyatonik
Copy link
Collaborator

Brief overview:

  1. this is needed to support encryption/decryption in service contract
  2. this is required to actually use Document key storing session by only calling Parity RPCs and SS API
  3. using Document key storing session via HTTP API is not safe now (it is vulnerable to MITM attack and HTTP API will be changed later). It should be OK to use it via service contract, though

Usage example (in this example document key is both generated and restored at the Parity node, which executes RPC requests - it is not known to any SS node):

  1. generate signature for key id:
curl --data-binary '{"jsonrpc": "2.0", "method": "secretstore_signRawHash", "params": ["0x00a329c0648769A73afAc7F9381E08FB43dBEA72", "", "0x0000000000000000000000000000000000000000000000000000000000000009"], "id":1 }' -H 'content-type: application/json' http://127.0.0.1:8545/

{"jsonrpc":"2.0","result":"0xae42e6f9efdba7e3e33b8aa7edf46da4a36094725d6d86e8905515d5b713b81b6958e09ba5c8dfe5fe4f6d705d8968bed73f27a638edfff75b6d76a48a98514901","id":1}
  1. generate server key:
curl -X POST http://localhost:8082/shadow/0000000000000000000000000000000000000000000000000000000000000009/ae42e6f9efdba7e3e33b8aa7edf46da4a36094725d6d86e8905515d5b713b81b6958e09ba5c8dfe5fe4f6d705d8968bed73f27a638edfff75b6d76a48a98514901/${1:-1}

"0x2eabc29df5b62c75011bf1016237212b6305f8bae0f979b7b92250cfea06c20fe1689fc6d98964be64532598e3db7fc5712ad24b95e161f95bcfe1c6f859da3a"
  1. generate document key (this PR):
curl --data-binary '{"jsonrpc": "2.0", "method": "secretstore_generateDocumentKey", "params": ["0x00a329c0648769A73afAc7F9381E08FB43dBEA72", "","0x2eabc29df5b62c75011bf1016237212b6305f8bae0f979b7b92250cfea06c20fe1689fc6d98964be64532598e3db7fc5712ad24b95e161f95bcfe1c6f859da3a"], "id":1 }' -H 'content-type: application/json' http://127.0.0.1:8545/

{"jsonrpc":"2.0","result":{"common_point":"0x18b8eb0ce96d3bb53141be03b7c411b6a5c506329bae2b10f5844134ca14207e0bb835155b38d649aab87f85e0e155e154f7c1e20143467d4a2890f8d9c08dc0","encrypted_key":"0x04300287a477e08dfe6e8202f56671ce9398063aee90ba54bdf6c03da924544637b260b9aae0bef9b779890e1885a2e67de636ee0fc6e2bcfb46aeda12c9e684979dd16d0d496b932f169e5a859516f9ac46a2575583162c357357f29aa525641ab6a5ddb898ff6b89b899a67c37833ccd7574fea76717005655ea7d6543e5ae4c56d6d088036a7e84b46dd18d2f8867bd351a8e2eddf24790544347c80727541b822dd351ed99d53b9a4fc88944908236","encrypted_point":"0x35457eeb38f9f3c2538492a5740f96cc70ea343210675d9821935dfa9e32a678ae260a2ae45df48c9fadb2abcc1be88dc2fcb15b3ddfa9db51d9a0e298a0cefd"},"id":1}
  1. encrypt document using encrypted_key field from secretstore_generateDocumentKey call:
curl --data-binary '{"jsonrpc": "2.0", "method": "secretstore_encrypt", "params": ["0x00a329c0648769A73afAc7F9381E08FB43dBEA72", "", "0x04300287a477e08dfe6e8202f56671ce9398063aee90ba54bdf6c03da924544637b260b9aae0bef9b779890e1885a2e67de636ee0fc6e2bcfb46aeda12c9e684979dd16d0d496b932f169e5a859516f9ac46a2575583162c357357f29aa525641ab6a5ddb898ff6b89b899a67c37833ccd7574fea76717005655ea7d6543e5ae4c56d6d088036a7e84b46dd18d2f8867bd351a8e2eddf24790544347c80727541b822dd351ed99d53b9a4fc88944908236", "0xdeadbeef"], "id":1 }' -H 'content-type: application/json' http://127.0.0.1:8545/

{"jsonrpc":"2.0","result":"0xd2e72c288778658a73cee7d7eb6d2b2bcb5fcc3d","id":1}
  1. store document key in SS:
curl -X POST http://localhost:8082/shadow/0000000000000000000000000000000000000000000000000000000000000009/ae42e6f9efdba7e3e33b8aa7edf46da4a36094725d6d86e8905515d5b713b81b6958e09ba5c8dfe5fe4f6d705d8968bed73f27a638edfff75b6d76a48a98514901/18b8eb0ce96d3bb53141be03b7c411b6a5c506329bae2b10f5844134ca14207e0bb835155b38d649aab87f85e0e155e154f7c1e20143467d4a2890f8d9c08dc0/35457eeb38f9f3c2538492a5740f96cc70ea343210675d9821935dfa9e32a678ae260a2ae45df48c9fadb2abcc1be88dc2fcb15b3ddfa9db51d9a0e298a0cefd
  1. query document key shadow:
curl http://localhost:8082/shadow/0000000000000000000000000000000000000000000000000000000000000009/ae42e6f9efdba7e3e33b8aa7edf46da4a36094725d6d86e8905515d5b713b81b6958e09ba5c8dfe5fe4f6d705d8968bed73f27a638edfff75b6d76a48a98514901

{"decrypted_secret":"0x02f3b9ebfef040947e556b2751e44e8ea7a116f0cb63bd5b65fd010f42e5f593ab11cbddd329dca762bfd2c799315232308a7ec5d1e488e3015d46d2af7ef14f","common_point":"0x18b8eb0ce96d3bb53141be03b7c411b6a5c506329bae2b10f5844134ca14207ef447caeaa4c729b65547807a1f1eaa1eab083e1dfebcb982b5d76f06263f6e6f","decrypt_shadows":["0x04bd1ad33241a2647629003b8093d08ee60f1c2042e5e923572485bc6e0cde1c2ecbe5a5b6fc7ce5732958ae4d2e824b2017cb4f69ff622237c72b62d3b05fa78e26e025507c383d2a9affc502ce86284caed3ed310d232dcd9794b97145ffc58bdc8c96b44a578b4d0ba2fc48610982bc6c3e214c338e27170e628f27670cc4d234bffbfe5388054cd3c710c30b89cc99","0x04add58de09275090905507af45d3367c25ac225769cc669a7e1b8e39368f61574067846148ffd7066339d367a87170609720bf57b1d61f61d19260e18a4ab0da0a1eb5e7f2790d34ac591bafb8f02409038d1ab2ad4233aae6132d64409f5898d8194e453f2d965f044740238d4911618bf2879492b84fbf0635d235cc4211f10e2ea71412cb0c5fe37de42d8e7fefd1b"]}
  1. decrypt document using document key shadow:
curl --data-binary '{"jsonrpc": "2.0", "method": "secretstore_shadowDecrypt", "params": ["0x00a329c0648769A73afAc7F9381E08FB43dBEA72", "", "0x02f3b9ebfef040947e556b2751e44e8ea7a116f0cb63bd5b65fd010f42e5f593ab11cbddd329dca762bfd2c799315232308a7ec5d1e488e3015d46d2af7ef14f", "0x18b8eb0ce96d3bb53141be03b7c411b6a5c506329bae2b10f5844134ca14207ef447caeaa4c729b65547807a1f1eaa1eab083e1dfebcb982b5d76f06263f6e6f", ["0x04bd1ad33241a2647629003b8093d08ee60f1c2042e5e923572485bc6e0cde1c2ecbe5a5b6fc7ce5732958ae4d2e824b2017cb4f69ff622237c72b62d3b05fa78e26e025507c383d2a9affc502ce86284caed3ed310d232dcd9794b97145ffc58bdc8c96b44a578b4d0ba2fc48610982bc6c3e214c338e27170e628f27670cc4d234bffbfe5388054cd3c710c30b89cc99","0x04add58de09275090905507af45d3367c25ac225769cc669a7e1b8e39368f61574067846148ffd7066339d367a87170609720bf57b1d61f61d19260e18a4ab0da0a1eb5e7f2790d34ac591bafb8f02409038d1ab2ad4233aae6132d64409f5898d8194e453f2d965f044740238d4911618bf2879492b84fbf0635d235cc4211f10e2ea71412cb0c5fe37de42d8e7fefd1b"], "0xd2e72c288778658a73cee7d7eb6d2b2bcb5fcc3d"], "id":1 }' -H 'content-type: application/json' http://127.0.0.1:8545/

{"jsonrpc":"2.0","result":"0xdeadbeef","id":1}

I'll make a PR in wiki repo after/if this PR will be accepted.

@svyatonik svyatonik added A0-pleasereview 🤓 Pull request needs code review. M6-rpcapi 📣 RPC API. labels Feb 12, 2018
@5chdn 5chdn added this to the 1.10 milestone Feb 12, 2018
@debris debris added A8-looksgood 🦄 Pull request is reviewed well. and removed A0-pleasereview 🤓 Pull request needs code review. labels Mar 1, 2018
@debris debris merged commit 6d5b13c into master Mar 1, 2018
@debris debris deleted the secretstore_generateDocumentKeyRPC branch March 1, 2018 09:00
@svyatonik svyatonik mentioned this pull request Mar 6, 2018
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@debris debris debris approved these changes

Assignees
No one assigned
Labels
A8-looksgood 🦄 Pull request is reviewed well. M6-rpcapi 📣 RPC API.
Projects
None yet
Milestone
1.10
Development

Successfully merging this pull request may close these issues.
3 participants
@svyatonik @debris @5chdn