GPG-split like application
31 views
Skip to first unread message
Martin Holst Swende
Mar 9, 2018, 3:10:15 AM3/9/18
to qubes-devel
Hi,
I would like to create an application that behaves very similar to how
the GPG split works. I am developing a 'signer' for Ethereum
(https://github.com/holiman/go-ethereum/tree/signer_mhs/cmd/signer),
which is basically a wallet.
The signer exposes an external API, which can be either RPC-based or
HTTP-based. The external API is considered untrusted, and all requests
to that API are handled via sign-what-you-see on the 'internal' side via
a UI of the users choice. The user can either start the signer with a
native CLI ui, or use a GUI to start the signer (in the trusted
environment), e.g the proof-of-concept QT-based poc implementation at
https://github.com/holiman/qtsigner.
Now, I would like to use a similar mechanism as gpg-split uses, in order
to have the signer running in a separate 'vault' which does not have
external networking, but does expose either RPC or HTTP to other VM:s.
So I'm curious about the different options that exist for implementing
this, and if anyone can point me towards what resources I should read up
on to understand what I need to do to accomplish this. Do I need to
build a modified Qubes in order to put this together, or is it enough to
allow RPC interaction via rules?
Cheers,
Martin Holst Swende
I would like to create an application that behaves very similar to how
the GPG split works. I am developing a 'signer' for Ethereum
(https://github.com/holiman/go-ethereum/tree/signer_mhs/cmd/signer),
which is basically a wallet.
The signer exposes an external API, which can be either RPC-based or
HTTP-based. The external API is considered untrusted, and all requests
to that API are handled via sign-what-you-see on the 'internal' side via
a UI of the users choice. The user can either start the signer with a
native CLI ui, or use a GUI to start the signer (in the trusted
environment), e.g the proof-of-concept QT-based poc implementation at
https://github.com/holiman/qtsigner.
Now, I would like to use a similar mechanism as gpg-split uses, in order
to have the signer running in a separate 'vault' which does not have
external networking, but does expose either RPC or HTTP to other VM:s.
So I'm curious about the different options that exist for implementing
this, and if anyone can point me towards what resources I should read up
on to understand what I need to do to accomplish this. Do I need to
build a modified Qubes in order to put this together, or is it enough to
allow RPC interaction via rules?
Cheers,
Martin Holst Swende
Raffaele Florio
Mar 9, 2018, 5:02:52 AM3/9/18
to Martin Holst Swende, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> So I'm curious about the different options that exist for implementing this, and if anyone can point me towards what resources I should read up on to understand what I need to do to accomplish this. Do I need to build a modified Qubes in order to put this together, or is it enough to allow RPC interaction via rules?
The best way is to use [0]. It's here for this purpose. So you need to write a server side software, a client side software and the policies. Essentially the server side software acts like an adapter for the wallet (you don't need either to modify the wallet's code).
HTTP isn't a good idea for various reasons:
- - *more* complexity
- - 'signer' VM exposed to other VMs
- - absence of Qubes OS RPC policy
- - absence of OS's integration and so on...
[0] = https://www.qubes-os.org/doc/qrexec3/
Best Regards,
Raffaele.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE9bU8N8AgwMcjiC1xjTxG+6f1ce4FAlqiW54ACgkQjTxG+6f1
ce4kOA//eMHrd6OnY/4ANuwlIgjVubjKirPrB0RPFIWnm6Vw9j7NH/LBBhfND6fy
zU3ChuxXZlRrkxdDxzeHhpj+i1oVqL94JVd1c/RzH+hzo5zbvlAotppi2VeUrpmE
KwxB6WKevtIp7lsP2GjeXbNWSBZNw8f9FRo+VxDijlJIG2tRmO18qLny4fQZCVik
ln2CEKZB1f/Z1SyAeH/mSA20DL7KeBoYCAJLn2mPSsPQiD9QUVykzp1Op3yk5u14
WkNxl1CHIEFhAHxZC6HyetkpDa5QOAaTUzG30/AfSlZegWgjveFOGc0/N7ilJ/6V
81MqcOCYQm1IZogVbNU57EqKnaLy2WLiQZZrNLFcL7kOoCfXlrzwqn6z39XjkaGJ
Y5lUaqZn80shbm5TTA0Y7o2hjRxzmSjN0c1+8fN097v71rCYX75+21T4pUw21Lpp
askmXG3LQ7T1wjBjCpbHjSIPBUNslMJ994QOdIvSQS0Y7eCpkB4+k+wZkiuLRcUV
Qk97RnfHCnkBybtxK9/1u0GWxVkz/Lqa/VvWTEarPAV1wwKSMbXqNP8wSR+fC+Vg
zZPT//9/eZ1HK+Rx8TIWaYrY6q2z1CNvH2O5hmrTCpoVwEsgV5gah8hxnoUOltPW
vQY/Lk+QNh/2kMqka/cnECrnlde7y/0+JNHlXArqLNr4MuKs3I4=
=JHiG
-----END PGP SIGNATURE-----
Hash: SHA256
> So I'm curious about the different options that exist for implementing this, and if anyone can point me towards what resources I should read up on to understand what I need to do to accomplish this. Do I need to build a modified Qubes in order to put this together, or is it enough to allow RPC interaction via rules?
HTTP isn't a good idea for various reasons:
- - *more* complexity
- - 'signer' VM exposed to other VMs
- - absence of Qubes OS RPC policy
- - absence of OS's integration and so on...
[0] = https://www.qubes-os.org/doc/qrexec3/
Best Regards,
Raffaele.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE9bU8N8AgwMcjiC1xjTxG+6f1ce4FAlqiW54ACgkQjTxG+6f1
ce4kOA//eMHrd6OnY/4ANuwlIgjVubjKirPrB0RPFIWnm6Vw9j7NH/LBBhfND6fy
zU3ChuxXZlRrkxdDxzeHhpj+i1oVqL94JVd1c/RzH+hzo5zbvlAotppi2VeUrpmE
KwxB6WKevtIp7lsP2GjeXbNWSBZNw8f9FRo+VxDijlJIG2tRmO18qLny4fQZCVik
ln2CEKZB1f/Z1SyAeH/mSA20DL7KeBoYCAJLn2mPSsPQiD9QUVykzp1Op3yk5u14
WkNxl1CHIEFhAHxZC6HyetkpDa5QOAaTUzG30/AfSlZegWgjveFOGc0/N7ilJ/6V
81MqcOCYQm1IZogVbNU57EqKnaLy2WLiQZZrNLFcL7kOoCfXlrzwqn6z39XjkaGJ
Y5lUaqZn80shbm5TTA0Y7o2hjRxzmSjN0c1+8fN097v71rCYX75+21T4pUw21Lpp
askmXG3LQ7T1wjBjCpbHjSIPBUNslMJ994QOdIvSQS0Y7eCpkB4+k+wZkiuLRcUV
Qk97RnfHCnkBybtxK9/1u0GWxVkz/Lqa/VvWTEarPAV1wwKSMbXqNP8wSR+fC+Vg
zZPT//9/eZ1HK+Rx8TIWaYrY6q2z1CNvH2O5hmrTCpoVwEsgV5gah8hxnoUOltPW
vQY/Lk+QNh/2kMqka/cnECrnlde7y/0+JNHlXArqLNr4MuKs3I4=
=JHiG
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages