Comments (14)
brioux
commented on June 20, 2024
Restricting all token creations operation to auditors makes sense. Even if it is to just initialize a request. See comment in issue637 for handling new carbon tracker requests from an oil & gas operator.
from blockchain-carbon-accounting.
brioux
commented on June 20, 2024
Not sure we need to limit transactions to accounts that have opted to store their keys on the server side when signing up.
It is better practice for accounts to hold keys directly, in line with the principles of web3.0 transaction. But an auditor may prefer to use a key management service.
Server side key management was introduced to the user sign-up function to help with onboarding of consumers that don't have the experience operating a server side wallet.
Should NET provide its own internal cloud key management for signing transactions? It already does in the referenced video, but with limited security.
from blockchain-carbon-accounting.
sichen1234
commented on June 20, 2024
What do you think of signing the transaction on the server, instead of transferring the private key to the client and signing it there?
from blockchain-carbon-accounting.
brioux
commented on June 20, 2024
@sichen1234 I was just writing this up...
Here are some ideas for improving security.
Private keys never leave the server side to sign transactions, only when exporting keys and permanently deleting it from the server. This is structurally different from what was shown in the referenced video. Transaction messages could be sent encrypted to the server (using the public key) where the message is decrypted and signed. However, this requires creating a secure communication line between the client and server for a given signing session ....
from blockchain-carbon-accounting.
brioux
commented on June 20, 2024
Use the window.Crypto object (a secure way to use javascript to access the DOM) to store privateKeys in the client browser when receiving them from the server during sign in.
from blockchain-carbon-accounting.
brioux
commented on June 20, 2024
The Wallet interface with private key is loaded around here from the server on the sign in page
The private key should be sent by the server to the client's Wallet interface encrypted by a public key address generated by the clients window.Crypto object.
from blockchain-carbon-accounting.
brioux
commented on June 20, 2024
As discussed at the end of this older post a variety of modern browser features can be used to securely store the keys with the client -- this is basically what browser extensions like Metamask achieve
from blockchain-carbon-accounting.
sichen1234
commented on June 20, 2024
This makes the dApp implement a metamask-like wallet. What is the
advantage of doing this, versus just signing the transaction on the
server? I feel more comfortable if the private key does not leave the
server.
-----
Si Chen
Open Source Strategies, Inc.
*Why open source and blockchain for carbon accounting? Video
<https://www.youtube.com/watch?v=eNM7V8vQCg4> and Blog Post
<https://www.opensourcestrategies.com/2022/06/01/why-open-source-carbon-accounting/>*
…On Tue, Oct 25, 2022 at 10:58 AM Bertrand Rioux ***@***.***> wrote:
At discussed at the end of this older post
<https://crypto.stackexchange.com/questions/35530/where-and-how-to-store-private-keys-in-web-applications-for-private-messaging-wi>
a variety of modern browser features can be used to securely store the keys
with the client -- this is basically what browser extensions like Metamask
achieve - with the keys stored in the browser
—
Reply to this email directly, view it on GitHub
<#638 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AANAS4KEF2TTXBJBUAKYUVDWFANTVANCNFSM6AAAAAARNKUKTM>
.
You are receiving this because you were mentioned.Message ID:
<hyperledger-labs/blockchain-carbon-accounting/issues/638/1290944149@
github.com>
from blockchain-carbon-accounting.
brioux
commented on June 20, 2024
both require similar security development.
Keeping keys on the server limits attack vectors to server breaches. The benefit of moving the signing to the client is probably the legal context in how the server uses the private keys.
If the server is setup to sign transactions on behalf of the client, but used in a malicious transaction, the company operating the server could be held accountable.
The user agrees to the terms associated with the key management service provided by the client interface. Assuming the server provider makes all precautions to deliver the key securely, the clients are accountable for signing transactions.
from blockchain-carbon-accounting.
brioux
commented on June 20, 2024
A secure and legally sound client application should have baked in client key gen and storage (e.g., electron or mobile app).
Both of the above are patchy solutions at best.
from blockchain-carbon-accounting.
sichen1234
commented on June 20, 2024
OK, I see your point and it makes sense.
Something like this would take more time to develop.
Meanwhile for security purposes we'll remove the passing of private keys to
the client side for signing transactions.
-----
Si Chen
Open Source Strategies, Inc.
*Why open source and blockchain for carbon accounting? Video
<https://www.youtube.com/watch?v=eNM7V8vQCg4> and Blog Post
<https://www.opensourcestrategies.com/2022/06/01/why-open-source-carbon-accounting/>*
…On Tue, Oct 25, 2022 at 11:32 AM Bertrand Rioux ***@***.***> wrote:
A secure and legally sound application should have baked in client key gen
and storage (e.g., electron or mobile app).
Both are patchy solutions at best.
—
Reply to this email directly, view it on GitHub
<#638 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AANAS4IBHEFDSYTX56NY4N3WFARSPANCNFSM6AAAAAARNKUKTM>
.
You are receiving this because you were mentioned.Message ID:
<hyperledger-labs/blockchain-carbon-accounting/issues/638/1290979638@
github.com>
from blockchain-carbon-accounting.
brioux
commented on June 20, 2024
Agree.
As long as the signed in user is only received retired tokens, no need to access the privateKey.
Minimize key management to the bare minimum, and rely on third party wallet party providers and custom built client applications.
Suggest putting private keys into a separate write only schema, with read access limited to key export and deletion.
Once transferable tokens are issued to the user (e.g., offset credits or carbon trackers), the keys must be exported to access the tokens.
Another more secure option is to instruct the server to use the keys once to transfer the tokens to a new public address generated by the users external wallet. This eliminates security risk from potential breach of the original private keys - but would come with additional transaction costs.
from blockchain-carbon-accounting.
brioux
commented on June 20, 2024
Question, if a client has connected their external wallet to NET, is there a form they can use to register information about their public address with the Postgres server - e.g. organization, name, email... ?
I have started a separate discussion on handling user information using Distributed identity management tools. A topic of discussion for future development.
from blockchain-carbon-accounting.
sichen1234
commented on June 20, 2024
Right now not. We can add a form for the user to update that and sign it
to submit. That should be pretty simple.
The bigger question is how the whole process of user identity should be
handled. We can discuss that over time.
-----
Si Chen
Open Source Strategies, Inc.
*Why open source and blockchain for carbon accounting? Video
<https://www.youtube.com/watch?v=eNM7V8vQCg4> and Blog Post
<https://www.opensourcestrategies.com/2022/06/01/why-open-source-carbon-accounting/>*
…On Tue, Oct 25, 2022 at 3:35 PM Bertrand Rioux ***@***.***> wrote:
Question, if a client has connected their external wallet to NET, is there
a form they can use to register information about their public address with
the Postgres server - e.g. organization, name, email... ?
I have started a separate discussion on managing user information using
separate Distributed identity management tools. A topic of discussion as
feature for future development.
—
Reply to this email directly, view it on GitHub
<#638 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AANAS4PIXJQ4BFOUGH3GIPTWFBOBPANCNFSM6AAAAAARNKUKTM>
.
You are receiving this because you were mentioned.Message ID:
<hyperledger-labs/blockchain-carbon-accounting/issues/638/1291212255@
github.com>
from blockchain-carbon-accounting.
Related Issues (20)
- request emissions audit UI allow other request, supported by document HOT 1
- Add dataLoader scripts for product table HOT 1
- Calculation error for emission factor & unit consistency. HOT 2
- Dynamic loading of node-fetch
- separate deploy js for carbon tracker HOT 2
- remove open zeppelin contract upgradability HOT 1
- Create a MAINTAINERS.md file HOT 1
- Remove upgradability from CarbonTracker HOT 4
- loading of oil and gas data HOT 2
- Using Google travel impact model
- Adopt Typescript 3.0 references and composite tsconfig.json setting?
- Private Key exposure during Wallet signup HOT 4
- scripts and documentation for deploying Fabric chain code using Bevel
- scripts and documentation for deploying Solidity smart contracts to Besu using Bevel
- UI to select multiple data points for an audited emissions certificate HOT 4
- deploy solidity contracts locally with bevel scripts HOT 1
- Link to Voluntary Offsets Directory is broken HOT 5
- not able to issue carbon tracker tokens HOT 1
- problem loading oil and gas data HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blockchain-carbon-accounting.