Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

identityd: make backup copies of Node keypair or store it in an hardware vault #438

Open
delandtj opened this issue Dec 6, 2019 · 3 comments
Open

identityd: make backup copies of Node keypair or store it in an hardware vault #438

delandtj opened this issue Dec 6, 2019 · 3 comments
Labels
type_feature New feature or request
Milestone
later

Comments

@delandtj
Copy link
Contributor

delandtj commented Dec 6, 2019

in case a node loses the disk where the Node Keypair is stored, there would be no other way than to re-register the node as a new one.

We should have a backup somewhere and verify at boot, that if we need to format the system disk, there are no backup copies of the keypair.

Questions:

  • where do we put backups?
  • to encrypt or not encrypt, that's the question
@zaibon zaibon added the type_feature New feature or request label Dec 9, 2019
@zaibon zaibon added this to the 0.2.0 milestone Dec 9, 2019
@zaibon zaibon mentioned this issue Dec 13, 2019
Closed
@zaibon zaibon modified the milestones: 0.2.0, 0.2.1 Jan 30, 2020
@zaibon zaibon changed the title identityd: make backup copies of Node keypair identityd: make backup copies of Node keypair or store it in an hardware vault Feb 27, 2020
@zaibon zaibon modified the milestones: 0.2.1, 0.2.2 Mar 6, 2020
@zaibon zaibon mentioned this issue May 12, 2020
Closed
@zaibon zaibon modified the milestones: now, next Jun 26, 2020
@DylanVerstraete
Copy link
Contributor

DylanVerstraete commented Oct 22, 2020
edited
Loading

What if we used vault? We can make it possible that the farmer can run his own instance of Vault on the threebot! It would make recovering his own keys even possible.

Let's say a farmer has the capability to initiate a backup for a specific node. in the farmer threebot he can authorize this request to store the node's keys in the vault.

If a node's keypair is wiped from a disk and reboots it will generate a new keypair. What if the farmer could select this specific node and execute a restore from a specific key in the vault, this node would then receive a signed request to access this specific key in the vault and restore it's keypair and nodeID!

@DylanVerstraete
Copy link
Contributor

Maybe we can integrate this in a secure way for 3.0

@xmonader xmonader removed this from the next milestone Jul 4, 2022
@xmonader xmonader added this to 3.10.x Nov 14, 2022
@xmonader xmonader added this to the 3.5.x milestone Nov 14, 2022
@xmonader
Copy link
Collaborator

tpm related?

@rkhamis rkhamis removed this from 3.10.x Mar 14, 2023
@rkhamis rkhamis modified the milestones: 3.6.x, later Mar 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type_feature New feature or request
Projects
None yet
Milestone
later
Development

No branches or pull requests
7 participants
@xmonader @zaibon @maxux @delandtj @rkhamis @DylanVerstraete @sasha-astiadi