An application able to sign Eth2 artefacts (attestations and blocks) using BLS12-381 private key.
Web3Signer issues are tracked in GitHub.
See our contribution guidelines for more detail on searching and creating issues.
Web3Signer is an open-source signing service capable of signing on multiple platforms (Ethereum1 and 2, Filecoin) using private keys stored in an external vault, or encrypted on a disk.
Home Page: https://docs.web3signer.consensys.net/
License: Apache License 2.0
An application able to sign Eth2 artefacts (attestations and blocks) using BLS12-381 private key.
Web3Signer issues are tracked in GitHub.
See our contribution guidelines for more detail on searching and creating issues.
v0.11.1 of the beacon chain spec introduces SignedAggregateAndProof which is another type of thing to sign.
Copy multikey toml loading capability from EthSIgner
Initialise it with a commandline arg defining the path to the toml parent directory.
Remove Azure signing (only hashicorp and file-based).
SO need to pull in the hashicorp loading from EthSigner (bring the TLS too)
Cache validator keys so that the keys do not need to be fetched and decrypted each time a key is used to sign a block or attestation.
Acceptance Criteria
Some benchmarking of what performance is like when reading from yaml files. Need to consider what the limits are (~10s, ~100s, ~1000s)
Can run this locally first and see if performance is sufficient, can then check on cloud providers.
Support the CLI options through a config file
To support YAML
CLI overrides config file
Setup application repo and builds.
Allow bls keys and secp config key files to use either YAML or TOML. BLS key files currently use YAML and secp256k1 key config files use TOML and have different file contents.
At the moment parsing metadata files and creating files is lumped together, and thus their errors get conflated - it would produce better output if we separate these 2 concepts and handle errors separately.
Add openAPI support to Eth2Signer so that users can discover what APIs are available, provide documentation and allow for experimentation with the APIs.
This should include
Add metrics/ensure that the key signing metrics work for signing when using the secp keys
Note: This depends on the Bls12 Keystore library being ready for use.
Eth2Signer responds with a 400 bad request but expected a expecting a 404 not found http://localhost:9000/signer/attestation/!@$%^&*(
This similar request results in a 404 not found error
http://localhost:9000/signer/attestation/!@#$%^&*(
Add an endpoint that will accept a voluntary exit message and return a signature.
Eth2Signer will set the http status correctly if an error occurs e.g. 404, 400 etc. but doesn't include the error details in the response. We want to include the error details in the response so that user can fix the request without going to the eth2signer logs.
Update signing API to only provider R/S not V - the V is to be recovered in "in app" e.g. EthSigner
Create signing endpoint/s using a key file from a known location.
Update endpoints to remove the domain and use use BLS 0.10 now that Teku has been updated.
Acceptance Criteria
Additional Information
Pegasys has several versions of Hashicorp vault wrappers spread across our products - it would be useful to modify one of these code bases into a standalone library such that it can be reused (rather than copied) into dependent applications.
Add TLS support to Eth2Signer. This will likely follow the approach taken by EthSigner and so we can copy the implementation from there.
This is required to sign blocks and attestations when using Teku in an Ethereum 2 environment.
Add a new endpoint that will allow importing of private keys for BLS and secp256k1 curves into the existing backing services.
Create an Ethereum specific endpoint so that the client doesn't need to deal with determining the recovery ID or dealing with the chain ID.
Logging level command parameter has no affect on the logging level used in Eth2Signer. It looks like the --logging option wasn't implemented
Eth2Signer needs to use a metrics framework similar/identical to Besu.
This will require some additions to the commandline, and maybe a few basic metrics (eg how many upchecks).
This will then set the scene for future metrics work.
Consolidate ArtifactSigner with Transaction signer to allow reuse of data structures and signing and storage engines.
Create a basic app which responds to Upcheck
Change key loading so that private keys are stored as 32 byte values externally. Internally they need to become 48 byte keys with zeros appended for mikuli to work with them.
Can be copied from EthSigner
Add a endpoint to create BLS and secp256k1 in the supported backing services including filesystem.
For load balancing it is much easier if the public key is part of the path rather than as part of the body.
This will update the API to be:
/signer/block/<publickey>
/signer/attestation/<publickey>
/signer/randao_reveal/<publickey>
{
“signingRoot”: <hex encoded string>
}
Eth2Signer currently uses a toml based format for key loading with unencrypted key. Update this to use a yaml based format.
Ideally this will be a common yaml format will be common between Eth2Signer and Teku.
Determine how to provide high availability for Eth2Signer and what if any changes are needed for achieve this.
Create metrics endpoint to provide metrics on block and attestations signings.
Leverage the metrics/prometheus framework to characterise the performance of Eth2Signer when performing signing operations, eg:
Endpoint that will take a deposit message and return a signature.
The raw bytes of the key are to be stored in the vault (i.e. the vault will not hold password-encrypted BLS12 keystore formatted json).
Enable the use of environment variables for all the CLI options used
High-level objective: A "rules engine" that determines if a signing request from a validator meets all the specified rule conditions, if yes, pass the request to the signer, if not, reject the request and do not pass on.
Refer to the original betting table pitch for high-level details: https://docs.google.com/document/d/1J0gXmt-7c9hA_M9ZOHN5lxqnmB2svJZNvzKGYhS82_Q/edit#heading=h.f2e2nkfwrhi3
Eth2Signer design if useful: https://docs.google.com/document/d/1slz9GnccCdQ9kQ70AoT4h6vNspT62_96KImvjm8e4GQ/edit#heading=h.6fee3oevsdz
Add secp256k1 signing to Eth2Signer as new signing endpoint.
Allow the key config files to have a name other than the public key or address. This will allow key config files to be consistent for secp256k1 keys which use the address and bls12-381 keys which are named using the public keys.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.