-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support signing via a third party signer #48
Comments
@manthanhd This sounds like a reasonable addition to the tool. As a next step, let's further define what the changes would be here? To clarify, I think Does that sound about right? |
Hey @sappenin, yes this is correct. I can help validate this flow by implementing |
* Include unit tests for external signing support functions * Because this is a significant change, and this project is not updated often, increment the version number * Resolves ripple#48
* Include unit tests for external signing support functions * Because this is a significant change, and this project is not updated often, increment the version number * Resolves ripple#48
* Also add a "sign_hex" command to sign non-printable data. * Include unit tests for external signing support functions. * Because this is a significant change, and this project is not updated often, increment the version number. * Resolves ripple#48
* Also add a "sign_hex" command to sign non-printable data. * Include unit tests for external signing support functions. * Because this is a significant change, and this project is not updated often, increment the version number. * Resolves ripple#48
* Also add a "sign_hex" command to sign non-printable data. * Include unit tests for external signing support functions. * Because this is a significant change, and this project is not updated often, increment the version number. * Resolves ripple#48
Validator keys tool currently supports generating of the validator token using a private key that lives on the disk. For security, we're storing keys over HSM and MPC, that is exposed via an API. The API accepts payload to sign and eventually returns a signature.
The private key is never exposed outside of the system so it is not possible to import the private key on the disk for signing purposes. The signing process has to happen remotely, via an API call.
There are different ways of implementing this but one that comes to mind is:
Thoughts?
The text was updated successfully, but these errors were encountered: