Witness Chain
  • Introduction to Witness Chain
  • Infinity Watch
    • Proof of Location (Mainnet)
      • Introduction
      • Process flow
      • Architecture
      • Run a watchtower!
        • For Partner node runners
          • Running on Akash Cloud
          • Running on SuperNoderz
        • EigenLayer operators
          • Running a PoL Watchtower
          • Witness Chain AVS opt-in guide
        • At-home watchtowers
        • For DePIN/Validator Node provider
      • Demos
      • PoL Research
    • APIs
      • Campaign APIs
        • Key Terminologies
        • Authentication
        • Create Campaign
        • Edit campaign
        • Get Photo feed from campaign
        • Get Campaigns
      • Challenge APIs
        • Overview
        • Getting Started
  • Resources
    • Blogs
      • How Proof of Location Works
      • Redefining Geolocation Compliance: Witness Chain & Predicate
    • 🗞️Research
    • 🎙️Talks and Podcasts
    • 🤝Community
    • ⚖️Smart Contracts
    • File a bug
  • Archive
    • Introduction
    • Proof of Diligence Watchtower Protocol
      • How it works
      • Diligence Watchtower Roadmap
      • Watchtower Architecture
      • Chains watched
      • Smart Contracts
      • Quick Links
      • FAQs
    • For the node operators
      • Node requirements
      • Watchtower setup
        • [ARCHIVE] Mainnet Setup
          • L2 Archive Node Setup guide
        • Holesky Setup
          • L2 Archive Node Setup guide
        • Migration from archive to full node
      • Monitoring
    • Research
    • Keys Management
    • Proof of Bandwidth
      • Introduction
      • Architecture
      • For the node operators
        • Running a PoB Challenger Client
        • Running a PoB Prover Client
      • Demos
      • Research
    • 🤝Watchtower Protocol (Architecture v1)
      • 🗼How it works
      • 📅Watchtower Roadmap
      • 🏦Watchtower Architecture
      • 🔗Chains supported
Powered by GitBook
On this page
  1. Archive

Keys Management

How Witness Chain's Operator CLI manages Secret Keys

PreviousResearchNextProof of Bandwidth

Last updated 11 months ago

In the world of blockchain and decentralized applications, securing secret keys is paramount. Witness Chain’s Operator Command-Line Interface (CLI) supports several modes for handling secret keys, each catering to different security needs and use cases. This blog explores the available options and their current statuses, including plain text storage, gocryptfs encryption, web3signer utility, and Web3 Secret Storage Format.

We support only ECDSA Keys right now. BN254 keys are not supported yet.

1. No Encryption (Storing in Plain Text)

The simplest method of handling secret keys is storing them in plain text. While this approach is straightforward, it carries significant risks. Plain text storage means that anyone with access to the file can read the keys, posing a substantial security threat, especially in a production environment.

Pros:

  • Simple and easy to implement.

  • No additional dependencies or setup required.

Cons:

  • Highly insecure as keys are exposed to anyone with access.

2. Using gocryptfs

Available in the branch. Details of How-to are available in the of the development branch

is a user-space encrypted file system, which provides a secure layer for encrypting files. By using gocryptfs, secret keys are stored in an encrypted format, protecting them from unauthorized access. This method is currently being tested on the testnet.

Pros:

  • Adds a layer of encryption, enhancing security.

  • Transparent encryption and decryption process for the user.

Cons:

  • Requires additional setup and configuration.

  • Slight performance overhead due to encryption and decryption processes.

3. Using web3signer Utility (Remote Signer)

Undergoing active testing

The web3signer utility allows for the use of a remote signer, offloading the signing operations to a secure remote service. This approach keeps the secret keys off the local system, reducing the risk of local key compromise. It is currently being tested on the testnet.

Pros:

  • Keeps secret keys off the local system, enhancing security.

  • Centralized management of keys, making it easier to enforce security policies.

Cons:

  • Requires network connectivity to the remote signer.

  • Potential latency due to network communication.

4. Using Web3 Secret Storage Format (Keystore)

Planned for July 2024

Pros:

  • Standardized and widely adopted format for key storage.

  • Provides strong encryption for securing private keys.

Cons:

  • Requires users to manage and remember their passphrase.

Conclusion

Witness Chain’s Operator CLI offers multiple modes for handling secret keys, each with its own advantages and trade-offs. From the simplicity of plain text storage to the advanced security of gocryptfs, web3signer, and Keystore, users can choose the method that best suits their needs. While plain text storage may be adequate for non-critical applications, leveraging encryption and remote signing solutions can significantly enhance security for production environments.

As the development of the Web3 Secret Storage Format integration progresses, Witness Chain continues to prioritize the security and integrity of secret keys, ensuring robust protection for its users’ assets and operations.

The Format, is a standardized way to encrypt and store Ethereum private keys. This method ensures that keys are encrypted with a passphrase, providing a secure means of key storage. This feature is currently in development.

development
README
gocryptfs
Web3 Secret Storage