-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to sign arbitrary text with cli #4581
Comments
There should be a default option to add some predermined text to a sig text to reduce the attack surface. It should be at gaiacli and other key managing software layer so that different ui levels would know to trust key management to add a prefix right from the start. |
Related eip: ethereum/EIPs#191 |
Can do 👍 |
This needs to follow the ICS 15 spec, which is incomplete atm. |
Hey guys,was just scrolling through this.I worked on something like this already. Should this be an on-chain thing,if it is so shouldn't it be more like |
Would something like this work?
|
that'd be fine so long as we can use |
I would also suggest upgrading the Ideally we could output a one-liner for the user that would generate a signature without them having to save files (maybe we could save to a temp file as part of the command, but still feels off). |
This requires a larger discussion around standards and integration with Ledger. See ICS 15. |
Unassagning as per #5066 (comment) |
@cwgoes @alexanderbez can one of you help clarify where we are with this? Do we have pending discussions on the IBC spec side to work out first, or we can take @alessio changes as-is? The conclusion on the surface from ics#33 seems to suggest it’s a sdk only issue |
This is unrelated to IBC (applications on top of IBC might also use it, but the standards are independent). I moved it out of the ICS repository since that ended up being solely for IBC-related specifications, which this is not. That said, I think the ICS 15 spec @alexanderbez started is a good start. We should have a document somewhere (probably this repo) that defines how things are signed, at least. |
Tbh I wouldn't consider this as a priority. At least for the core SDK team. There needs to be more discussion around this feature + an ADR. |
Sure, happy to move forward when you are ready @alessio Let's discuss it this week |
@jleni and I had a quick catch up re: this matter. You'll hear from us soon 😎 👍 |
Limitations
Cryptography
QuestionsIs there a well defined schema for this kind of messages?AFAIK no, there isn't (@alessio) Will this ever be used to transfer funds?If this is the case, users will not be able to see what is actually being signed. The purpose of a well structured data format is to allow users to review what they are signing. RisksLedger review may not like the idea. This increases the risk of the app staying in developer mode. |
I didn't read the whole thread, just responding to what I see above from @alessio ... |
Hello everyone. I was talking to @alessio and in fact, this feature is something we really need right now. To give some background... We spent sometime here at Bluzelle trying to work the Peggy project, so that we could move tokens back and forth between Ethereum and COSMOS. But as you probably know, it is far from ready for production and we hit many blockers. We have since decided and built a much simpler (and quite centralized) bridge to move tokens between the two networks. If popular and warranted, we could make this available to the community. I think it is highly valuable to bridge the networks. One of the key things we need to be able to do is map which "sending" ETH address maps to which "beneficiary" COSMOS address. This is so that when ERC20 is received in our "inbox" address on Ethereum, we can map that sender to a corresponding COSMOS address on our chain, and send the corresponding # of tokens to them in COSMOS. We allow users to provide a pre-set mapping so they can indicate which COSMOS address should receive these tokens, based on the Ethereum wallet they own. But to minimize attack vectors, we require that the mapping from A => B (A is Ethereum address and B is COSMOS address) also comes with a signature, signed by A's private key. With this signature, we can verify that A indeed is mapped to B and that some imposter B' has not tampered with and changed the mapping to be A => B'. More specifically, we can ask the Ethereum API's to confirm that the signature indeed belongs to A. In the same way, we need to do the opposite direction... B => A. We need to store with this mapping a signature, signed by B, using B's private key. So we absolutely need a way to sign an arbitrary string in COSMOS and then later on, verify who it was signed by. I was going to draw a diagram but I figured it was pretty straightforward to describe it here. Please advise how we can fast track this? I can foresee lots of uses for a COSMOS public/private keypair beyond just signing transactions... the ability to sign arbitrary messages opens up alot of scope. I can see for example the possibly to have a chat program where each message can be signed by the COSMOS owner of the address of the message sender. This is another program we are building that this could be useful for. Thanks. |
Hi Guys, |
@alessio any help :) ? |
This is planned as part of the next release, however, we are working with Ledger on some additional features that require some bigger changes, so it will take a bit of time. |
Great! One question, are we going to have signed message spec like Ethereum where we can verify the signed message against the address and not the full pubkey? That would be great :) |
talking with zondax we decided to move the adr to the cip repo and then work on this story on the client side |
@tac0turtle thanks for the update. Is there a link to track the progress? |
Glad to see this come through!!! |
Thanks for this folks! |
Summary
Users sometimes want to use their keys to sign arbitrary text that is not transactions. They would also like to be able to prove a signature is associated with a pubkey if there is signed arbitrary text. I propose two new cli functions:
gaiacli keys sign [file] --from [key_name] > signed_file.json
gaiacli keys verify [file]
The first call would output a json blob something like:
and the
verify
call would take that json and verify the signature.For Admin Use
The text was updated successfully, but these errors were encountered: