-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
40 implement a secure key storage functionality for the pop server #176
base: main
Are you sure you want to change the base?
40 implement a secure key storage functionality for the pop server #176
Conversation
…emporary buffer used for reading the keystore file.
…, secure key storage, and robust file operations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not use the existing keystore error enum, and also we have to many errors now it will be better to place the errors in a different file
crates/keystore/src/lib.rs
Outdated
Ok(()) | ||
} | ||
|
||
fn decrypt(self, secret: KeyStore) -> Result<Vec<u8>, std::io::Error> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This functions you created are not used, where do you call them ?
|
||
Ok(decrypted_key) | ||
} | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also provide tests for your functions
use thiserror::Error; | ||
|
||
#[derive(Debug, Error)] | ||
pub enum KeystoreError { | ||
#[error("File error: {0}")] | ||
FileError(std::io::Error), | ||
#[error("JwkConversionError")] | ||
JwkConversionError, | ||
#[error("KeyPairGenerationError")] | ||
KeyPairGenerationError, | ||
#[error("non compliant")] | ||
NonCompliant, | ||
#[error("not found")] | ||
NotFound, | ||
#[error("parse error")] | ||
ParseError(serde_json::Error), | ||
#[error("serde error")] | ||
SerdeError(serde_json::Error), | ||
#[error("Encryption error: {0}")] | ||
EncryptionError(chacha20poly1305::Error), | ||
#[error("Decryption error: {0}")] | ||
DecryptionError(chacha20poly1305::Error), | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Your errors need to be more descriptive:
use thiserror::Error; | |
#[derive(Debug, Error)] | |
pub enum KeystoreError { | |
#[error("File error: {0}")] | |
FileError(std::io::Error), | |
#[error("JwkConversionError")] | |
JwkConversionError, | |
#[error("KeyPairGenerationError")] | |
KeyPairGenerationError, | |
#[error("non compliant")] | |
NonCompliant, | |
#[error("not found")] | |
NotFound, | |
#[error("parse error")] | |
ParseError(serde_json::Error), | |
#[error("serde error")] | |
SerdeError(serde_json::Error), | |
#[error("Encryption error: {0}")] | |
EncryptionError(chacha20poly1305::Error), | |
#[error("Decryption error: {0}")] | |
DecryptionError(chacha20poly1305::Error), | |
} | |
use thiserror::Error; | |
#[derive(Debug, Error)] | |
pub enum KeystoreError { | |
#[error("File operation failed: {0}")] | |
FileError(#[from] std::io::Error), | |
#[error("JWK conversion failed")] | |
JwkConversionError, | |
#[error("Key pair generation failed")] | |
KeyPairGenerationError, | |
#[error("Non-compliant data")] | |
NonCompliant, | |
#[error("Item not found")] | |
NotFound, | |
#[error("Failed to parse JSON data: {0}")] | |
ParseError(#[from] serde_json::Error), | |
#[error("Serialization error: {0}")] | |
SerializationError(#[from] serde_json::Error), | |
#[error("Deserialization error: {0}")] | |
DeserializationError(#[from] serde_json::Error), | |
#[error("Encryption failed: {0}")] | |
EncryptionError(#[from] chacha20poly1305::Error), | |
#[error("Decryption failed: {0}")] | |
DecryptionError(#[from] chacha20poly1305::Error), | |
} |
struct FileSystemKeystore { | ||
key: SecretString, // Store key securely using secrecy crate | ||
nonce: Vec<u8>, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the purpose of this struct? It is not constructed anywhere.
crates/keystore/src/lib.rs
Outdated
|
||
let encrypted_key = cipher | ||
.encrypt(GenericArray::from_slice(&self.nonce), buffer.as_slice()) | ||
.map_err(|err| err).unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do you map the error when not going to propagate it?
debug!("Encryption successful for keystore file: {}", path); | ||
|
||
Ok(()) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't really understand what you are trying to do here. Your encrypt function is not used anywhere, I suppose that you created it to encrypt the keys before storing them? If that's the purpose, then how are you going to decrypt them later?
No description provided.