Critical Security Guidelines for Developers

When handling keys for nodes within an DVS, it’s crucial to focus on securing key access and decryption to enhance overall system integrity.

Note: "Keys" refer to any kind of secret, whether in plain text or encrypted.

Key Security Best Practices

Encrypting Keys

  • Encryption: Always encrypt keys using a password or passphrase to mitigate security risks.

  • Understanding Access Layers: Recognize the unique security challenges posed by different access methods to address them effectively.

Passphrase Handling

  • Prompt and Store in Memory:

    • Prompt users for a passphrase and store it temporarily in memory, ensuring it’s hidden to avoid storing the secret in the terminal session or buffer.

    • Do not store the key locally or remotely unless encrypted through DVS's proprietary methods.

  • File-Based Passphrase:

    • Request the path to a file containing the passphrase. This method avoids buffer vulnerabilities but may expose the secret if an attacker gains access to the machine.

Remote Key Retrieval

  • Improved Security: Encrypting the validator key and storing the decryption passphrase remotely increases security. This method prevents attackers from obtaining unencrypted keys from on-disk data, requiring more advanced attacks to extract keys from memory or impersonate the validator client process.

  • Sophisticated Threats: Despite increased difficulty, sophisticated attacks could still compromise the validator key or lead to unintentional signing of malicious messages.

Remote Signers

  • Use of Remote Signers: Delegating the signing process to an external service or device adds security layers. However, users must ensure the availability and security of remote signers, establish secure communication channels, and verify the trustworthiness of the signer to prevent unauthorized access.

  • Best Practice: Supporting both local and remote signer methods is recommended.

Web3Signer as a Remote Signer

Web3Signer is an open-source signing service developed by Consensys under the Apache 2.0 license, written in Java. It can sign on multiple platforms using private keys stored externally or encrypted on disk. Web3Signer supports signing payloads using secp256k1 and BLS12-381 signing keys, and it’s compatible with all major Ethereum Consensus clients.

Key Management Recommendations

  • Loading Keys: DVS should implement a method for loading keys by requesting a path to a keystore folder with a known structure. This keystore path can be provided via an environment variable or argument.

  • Keystore Support: Currently, pell-cli supports creating encrypted ECDSA and BN254 keys in the web3 secret storage format.

PreviousEssential Security Practices for DVS DevelopersNextIntroduction

Last updated