From 479ec0d6014022b4b9595115eab61e6d9e5b217b Mon Sep 17 00:00:00 2001 From: Ezequiel Raynaudo Date: Thu, 3 Oct 2024 08:10:04 -0300 Subject: [PATCH 1/2] Add missing readme file --- crypto/README.md | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 crypto/README.md diff --git a/crypto/README.md b/crypto/README.md new file mode 100644 index 000000000000..c077d4772e81 --- /dev/null +++ b/crypto/README.md @@ -0,0 +1,53 @@ +# Crypto + +The `crypto` directory contains the components responsible for handling cryptographic operations, key management, and secure interactions with hardware wallets. + +## Components + +### Keyring + +Keyring is the primary interface for managing cryptographic keys. It provides a unified API to create, store, retrieve, and manage keys securely across different storage backends. + +#### Supported Backends + +- **OS**: Uses the operating system's default credential store. +- **File**: Stores encrypted keyring in the application's configuration directory. +- **KWallet**: Integrates with KDE Wallet Manager. +- **Pass**: Leverages the `pass` command-line utility. +- **Keyctl**: Uses Linux's kernel security key management system. +- **Test**: Stores (insecurely) keys to disk for testing purposes. +- **Memory**: Provides transient storage where keys are discarded when the process terminates. + +### Codec + +The Codec component handles serialization and deserialization of cryptographic structures in the crypto package. It ensures proper encoding of keys, signatures, and other artifacts for storage and transmission. The Codec also manages conversion between CometBFT and SDK key formats. + +### Ledger Integration + +Support for Ledger hardware wallets is integrated to provide enhanced security for key management and signing operations. The Ledger integration supports SECP256K1 keys and offers various features: + +#### Key Features + +- **Public Key Retrieval**: Supports both safe (with user verification) and unsafe (without user verification) methods to retrieve public keys from the Ledger device. +- **Address Generation**: Can generate and display Bech32 addresses on the Ledger device for user verification. +- **Transaction Signing**: Allows signing of transactions with user confirmation on the Ledger device. +- **Multiple HD Path Support**: Supports various BIP44 derivation paths for key generation and management. +- **Customizable Options**: Provides options to customize Ledger usage, including app name, public key creation, and DER to BER signature conversion. + +#### Implementation Details + +- The integration is built to work with or without CGO. +- It includes a mock implementation for testing purposes, which can be enabled with the `test_ledger_mock` build tag. +- The real Ledger device interaction is implemented when the `ledger` build tag is used. +- The integration supports both SIGN_MODE_LEGACY_AMINO_JSON and SIGN_MODE_TEXTUAL signing modes. + +#### Usage Considerations + +- Ledger support requires the appropriate Cosmos app to be installed and opened on the Ledger device. +- The integration includes safeguards to prevent key overwriting and ensures that the correct device and app are being used. + +#### Security Notes + +- The integration includes methods to validate keys and addresses with user confirmation on the Ledger device. +- It's recommended to use the safe methods that require user verification for critical operations like key generation and address display. +- The mock implementation should only be used for testing and development purposes, not in production environments. \ No newline at end of file From cc9b62617745cf5d405d7974fb9cb4dc0823754d Mon Sep 17 00:00:00 2001 From: Ezequiel Raynaudo Date: Thu, 3 Oct 2024 12:02:27 -0300 Subject: [PATCH 2/2] lint --- crypto/README.md | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/crypto/README.md b/crypto/README.md index c077d4772e81..269d840c6e80 100644 --- a/crypto/README.md +++ b/crypto/README.md @@ -10,13 +10,13 @@ Keyring is the primary interface for managing cryptographic keys. It provides a #### Supported Backends -- **OS**: Uses the operating system's default credential store. -- **File**: Stores encrypted keyring in the application's configuration directory. -- **KWallet**: Integrates with KDE Wallet Manager. -- **Pass**: Leverages the `pass` command-line utility. -- **Keyctl**: Uses Linux's kernel security key management system. -- **Test**: Stores (insecurely) keys to disk for testing purposes. -- **Memory**: Provides transient storage where keys are discarded when the process terminates. +* **OS**: Uses the operating system's default credential store. +* **File**: Stores encrypted keyring in the application's configuration directory. +* **KWallet**: Integrates with KDE Wallet Manager. +* **Pass**: Leverages the `pass` command-line utility. +* **Keyctl**: Uses Linux's kernel security key management system. +* **Test**: Stores (insecurely) keys to disk for testing purposes. +* **Memory**: Provides transient storage where keys are discarded when the process terminates. ### Codec @@ -28,26 +28,26 @@ Support for Ledger hardware wallets is integrated to provide enhanced security f #### Key Features -- **Public Key Retrieval**: Supports both safe (with user verification) and unsafe (without user verification) methods to retrieve public keys from the Ledger device. -- **Address Generation**: Can generate and display Bech32 addresses on the Ledger device for user verification. -- **Transaction Signing**: Allows signing of transactions with user confirmation on the Ledger device. -- **Multiple HD Path Support**: Supports various BIP44 derivation paths for key generation and management. -- **Customizable Options**: Provides options to customize Ledger usage, including app name, public key creation, and DER to BER signature conversion. +* **Public Key Retrieval**: Supports both safe (with user verification) and unsafe (without user verification) methods to retrieve public keys from the Ledger device. +* **Address Generation**: Can generate and display Bech32 addresses on the Ledger device for user verification. +* **Transaction Signing**: Allows signing of transactions with user confirmation on the Ledger device. +* **Multiple HD Path Support**: Supports various BIP44 derivation paths for key generation and management. +* **Customizable Options**: Provides options to customize Ledger usage, including app name, public key creation, and DER to BER signature conversion. #### Implementation Details -- The integration is built to work with or without CGO. -- It includes a mock implementation for testing purposes, which can be enabled with the `test_ledger_mock` build tag. -- The real Ledger device interaction is implemented when the `ledger` build tag is used. -- The integration supports both SIGN_MODE_LEGACY_AMINO_JSON and SIGN_MODE_TEXTUAL signing modes. +* The integration is built to work with or without CGO. +* It includes a mock implementation for testing purposes, which can be enabled with the `test_ledger_mock` build tag. +* The real Ledger device interaction is implemented when the `ledger` build tag is used. +* The integration supports both SIGN_MODE_LEGACY_AMINO_JSON and SIGN_MODE_TEXTUAL signing modes. #### Usage Considerations -- Ledger support requires the appropriate Cosmos app to be installed and opened on the Ledger device. -- The integration includes safeguards to prevent key overwriting and ensures that the correct device and app are being used. +* Ledger support requires the appropriate Cosmos app to be installed and opened on the Ledger device. +* The integration includes safeguards to prevent key overwriting and ensures that the correct device and app are being used. #### Security Notes -- The integration includes methods to validate keys and addresses with user confirmation on the Ledger device. -- It's recommended to use the safe methods that require user verification for critical operations like key generation and address display. -- The mock implementation should only be used for testing and development purposes, not in production environments. \ No newline at end of file +* The integration includes methods to validate keys and addresses with user confirmation on the Ledger device. +* It's recommended to use the safe methods that require user verification for critical operations like key generation and address display. +* The mock implementation should only be used for testing and development purposes, not in production environments. \ No newline at end of file