Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feat] Encrypt sensitive keys on disk #646

Open
JonasKruckenberg opened this issue Sep 6, 2022 · 6 comments
Open

[feat] Encrypt sensitive keys on disk #646

JonasKruckenberg opened this issue Sep 6, 2022 · 6 comments
Assignees
@burdiyan @juligasa
Labels
priority: low Nice to have scope: daemon Daemon and p2p networking type: enhancement New feature or request

Comments

@JonasKruckenberg
Copy link
Contributor

As far as I can see currently all allocated private key buffers are not zeroized after being freed by the go GC, this is obviously a big problem especially for lighting private keys where actual money is attached to them.

It seems like go doesn't have support for this yet, but we should implement an interim solution anyway.
@JonasKruckenberg JonasKruckenberg added type: enhancement New feature or request scope: daemon Daemon and p2p networking priority: high Critical to have labels Sep 6, 2022
@juligasa
Copy link
Collaborator

juligasa commented Sep 6, 2022

We do even worse. Not only we don't clear memory but also we store the lndhub credentials in the db unencrypted, I guess that should be our first concern. Related pitch can be found here

@JonasKruckenberg
Copy link
Contributor Author

Oi, that's not great you're right. Maybe we can have a quick chat about how to encrypt those. There's a very high quality secret management engine written in Rust (created by many of the Tauri team before Tauri) that we could use to store secrets and sleep at night 😄
I don't know how we would set up the communication with go though 🤔

@burdiyan
Copy link
Collaborator

burdiyan commented Sep 6, 2022

Let's have a separate issue for encrypting secrets. Or do we have one? There're packages to interface with OS-level key managers, like MacOS keychain, and something-something for Windows :) I don't know much about Linux.

Regarding the original topic, zeroing-out the memory from the private key after usage, I guess we could do that manually, we only really ever interact with two private keys. The one of Account, and the one of Device. The thing is that, we have to keep the device key in memory anyway, and it doesn't really get copied much, it's a pointer to the same buffer under the hood.

I don't want to dismiss the idea (and I'm not), but at the current moment we're in, that would be the least of my concern, until we have many users, or until Go implements zeroing out the memory after GC.

@burdiyan burdiyan mentioned this issue Sep 6, 2022
Open
@juligasa
Copy link
Collaborator

juligasa commented Sep 7, 2022

For the record, the key manager in linux is called pass

@burdiyan
Copy link
Collaborator

I'm lowering the priority of this, unless we decide otherwise.

@burdiyan burdiyan added priority: low Nice to have and removed priority: high Critical to have labels Sep 19, 2022
@GaboHBeaumont GaboHBeaumont changed the title Zeroize sensitive allocations [faet] Zeroize sensitive allocations Oct 3, 2022
@GaboHBeaumont GaboHBeaumont changed the title [faet] Zeroize sensitive allocations [feat] Zeroize sensitive allocations Oct 3, 2022
@ericvicenti ericvicenti changed the title [feat] Zeroize sensitive allocations [feat] Encrypt sensitive keys on disk Sep 26, 2023
@ericvicenti
Copy link
Collaborator

I have renamed this issue to reflect the disk encryption feature for device keys and other sensitive keys that we keep

Remember we do not store the most sensitive key, the account ID. Although there is still a risk about it staying in memory longer than needed, so #643 is still relevant

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@burdiyan burdiyan

@juligasa juligasa

Labels
priority: low Nice to have scope: daemon Daemon and p2p networking type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ericvicenti @burdiyan @juligasa @JonasKruckenberg