Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store scanner viewing keys in a separate file, and give them more restrictive file permissions #8048

Closed
Tracked by #8141
, #7728
...
teor2345 opened this issue Dec 4, 2023 · 1 comment
Closed
Tracked by #8141
, #7728
...

Store scanner viewing keys in a separate file, and give them more restrictive file permissions #8048

teor2345 opened this issue Dec 4, 2023 · 1 comment
Labels
A-blockchain-scanner Area: Blockchain scanner of shielded transactions C-security Category: Security issues I-privacy Zebra discloses private information

Comments

@teor2345
Copy link
Contributor

teor2345 commented Dec 4, 2023
edited
Loading

Motivation

Storing secret keys in the same file as non-sensitive configs makes it harder to secure those keys.

Since we are scanning using viewing keys, this is a transaction privacy issue, not a funds loss issue.

Suggested Solution

Best practice is to store the key or keys in separate files, and put the file paths in the config. Then the key files can have restrictive filesystem permissions, or be excluded from backups.

We could support multiple keys per file if we want, one per line.
@teor2345 teor2345 mentioned this issue Dec 4, 2023
Closed
@mpguerra mpguerra added this to Zebra Dec 4, 2023
@github-project-automation github-project-automation bot moved this to 🆕 New in Zebra Dec 4, 2023
@teor2345 teor2345 changed the title Move secret keys to another config file, and give it more restrictive file permissions Move scanner viewing keys to another config file, and give it more restrictive file permissions to protect private keys Dec 4, 2023
@teor2345 teor2345 mentioned this issue Dec 4, 2023
Closed
@teor2345 teor2345 changed the title Move scanner viewing keys to another config file, and give it more restrictive file permissions to protect private keys Move scanner viewing keys to individual files, and give them more restrictive file permissions to protect private keys Dec 6, 2023
@teor2345 teor2345 changed the title Move scanner viewing keys to individual files, and give them more restrictive file permissions to protect private keys Move scanner viewing keys to a separate file (or files), and give them more restrictive file permissions to protect private keys Dec 6, 2023
@teor2345 teor2345 added P-Medium ⚡ C-security Category: Security issues I-privacy Zebra discloses private information A-blockchain-scanner Area: Blockchain scanner of shielded transactions labels Dec 6, 2023
@teor2345 teor2345 changed the title Move scanner viewing keys to a separate file (or files), and give them more restrictive file permissions to protect private keys Store scanner viewing keys in a separate file, and give them more restrictive file permissions Dec 6, 2023
@teor2345 teor2345 mentioned this issue Dec 6, 2023
Closed
@teor2345 teor2345 mentioned this issue Jan 8, 2024
Open
7 tasks
@mpguerra
Copy link
Contributor

We won't be doing any more work on the scanner

@mpguerra mpguerra closed this as not planned Won't fix, can't repro, duplicate, stale Oct 18, 2024
@github-project-automation github-project-automation bot moved this from New to Done in Zebra Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-blockchain-scanner Area: Blockchain scanner of shielded transactions C-security Category: Security issues I-privacy Zebra discloses private information
Projects
Zebra
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mpguerra @teor2345