Added option to read hashed private key as input in softsign feature #742
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@greg-szabo I've since upgraded I also introduced an |
|
Closing as stale. Please reopen with an implementation based on |
tarcieri
pushed a commit
that referenced
this pull request
Aug 19, 2025
We've had many requests to leverage `ed25519-dalek`'s `ExpandedSecretKey` functionality in order to support keys exported from YubiHSMs. See #978, #891, and #742. I have been a bit wary of the implementation though, because it has always involved having both `ed25519-consensus` and `ed25519-dalek`, often with enums over multiple key types, which seems incredibly overcomplicated just to implement this feature. We originally switched to `ed25519-consensus` because `tendermint-rs` did, and it makes sense there where ZIP-215 provides consensus-critical signature verification rules that don't diverge between implementations. However that's a bit irrelevant for our purposes as this is a signing service, and ZIP-215 allows us to use whatever signing implementation we want. Now that we've vendored `tendermint-p2p` as `tmkms-p2p` we can unilaterally switch the Ed25519 implementation (back) to `ed25519-dalek`, which should make adding `ExpandedSecretKey` support much easier and avoid having to worry about two implementations. This additionally switches (back) to upstream `curve25519-dalek` so as to support X25519 as part of the SecretConnection protocol.
tarcieri
pushed a commit
that referenced
this pull request
Aug 19, 2025
We've had many requests to leverage `ed25519-dalek`'s `ExpandedSecretKey` functionality in order to support keys exported from YubiHSMs. See #978, #891, and #742. I have been a bit wary of the implementation though, because it has always involved having both `ed25519-consensus` and `ed25519-dalek`, often with enums over multiple key types, which seems incredibly overcomplicated just to implement this feature. We originally switched to `ed25519-consensus` because `tendermint-rs` did, and it makes sense there where ZIP-215 provides consensus-critical signature verification rules that don't diverge between implementations. However that's a bit irrelevant for our purposes as this is a signing service, and ZIP-215 allows us to use whatever signing implementation we want. Now that we've vendored `tendermint-p2p` as `tmkms-p2p` we can unilaterally switch the Ed25519 implementation (back) to `ed25519-dalek`, which should make adding `ExpandedSecretKey` support much easier and avoid having to worry about two implementations. This additionally switches (back) to upstream `curve25519-dalek` so as to support X25519 as part of the SecretConnection protocol.
tony-iqlusion
added a commit
that referenced
this pull request
Aug 19, 2025
We've had many requests to leverage `ed25519-dalek`'s `ExpandedSecretKey` functionality in order to support keys exported from YubiHSMs. See #978, #891, and #742. I have been a bit wary of the implementation though, because it has always involved having both `ed25519-consensus` and `ed25519-dalek`, often with enums over multiple key types, which seems incredibly overcomplicated just to implement this feature. We originally switched to `ed25519-consensus` because `tendermint-rs` did, and it makes sense there where ZIP-215 provides consensus-critical signature verification rules that don't diverge between implementations. However that's a bit irrelevant for our purposes as this is a signing service, and ZIP-215 allows us to use whatever signing implementation we want. Now that we've vendored `tendermint-p2p` as `tmkms-p2p` we can unilaterally switch the Ed25519 implementation (back) to `ed25519-dalek`, which should make adding `ExpandedSecretKey` support much easier and avoid having to worry about two implementations. This additionally switches (back) to upstream `curve25519-dalek` so as to support X25519 as part of the SecretConnection protocol.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
As a temporary solution for networks like Injective that require faster signing turnaround than what the YubiHSM key can provide, the softsign feature was extended with the option to read the "expanded secret key" from the file system instead of the regular seed key (or private key as people call it).
The
yubihsm-unwrapcommand's output file can be directly fed into the definedpathfield in the configuration and the key-loading mechanism will automatically see which type of key was presented.It also verifies the private key for good measure in cases where this is possible and prints an entry into the log for the end-user.
yubihsm-unwrapcommand PR: Yubico/yubihsm-shell#323 .How it is done
I've replaced the private key loading mechanism's return type from
ed25519::KeyPairto a custom-madeKeyPairthat can hold either the regular seed key or the expanded secret key with the corresponding private key. The custom struct has enough conversion traits that throughout the codebase only minimal modifications were needed to integrate it.Why not just use the expanded key and completely get rid of the seed key?
This is a valid question since the seed key is not necessary for signing. (RFC8032 defines the first 32 bytes of the hash of the seed key as the private key.)
In the codebase, the Ed25519 seed key loading mechanism is used elsewhere too. For example, while opening the TCP connection, the code uses an Ed25519 seed key as the hub secret connection key. There was no point in upsetting parts of the code that work well and it was easier to implement enough
Fromtraits to overcome the different use.