key assignment feature

[agouin]

Splits up keys to require separate key file for each chain ID

Changes --keyfile flag to --key-dir, as there can be multiple keys. Keys must be named {chain_id}_share.json for threshold signer mode, or {chain_id}_priv_validator_key.json for single signer mode.

Breaks up cosigner RSA keys into separate rsa_keys.json key file. RSA config is one private key per cosigner, but ed25519 config is potentially many key private key shards per cosigner.

• Sharding a priv-validator key is now done with horcrux create-ed25519-shares
• RSA keys must be created for the cluster separately with horcrux create-rsa-shares

Adds horcrux config migrate command to migrate cosigner share files and config file from v2 to v3:

• Splits up share.json into {chain_id}_share.json (using chain ID from v2 config) and rsa_keys.json.
• Removes chain-id from config and writes new config.
• Removes old share.json file.

Resolves #135

[mark-rushakoff]

This was a fairly large PR, so I didn't read it as closely as I would for a smaller PR. Noticed a few small style things, but nothing seems wrong as far as I can see.

[DavidNix]

I'm taking a look. I'll have some comments. Give me a little bit because this is a large PR.

[DavidNix]

I ❤️ the design here as well as giving users a migrate command.

I forgot where this was suggested (or maybe I dreamed it): In the future, splitting a PR like this into two, key dir refactor and migrate command, would probably help with code review.

I missed this, but we save keys into 1 dir and name files with a chain-id suffix? Or are there subdirs also named after the chain-id?

[mark-rushakoff]

I’m switching to slog for all my new work, since it is on track to be part of the standard library.

…

On Tue, May 2, 2023 at 6:14 PM Andrew Gouin ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In cmd/horcrux/cmd/cosigner.go <#144 (comment)> : > @@ -117,21 +117,26 @@ func startCosignerCmd() *cobra.Command { return err } - var ( - // services to stop on shutdown - services []cometservice.Service - logger = cometlog.NewTMLogger(cometlog.NewSyncWriter(os.Stdout)).With("module", "validator") + logger := cometlog.NewTMLogger(cometlog.NewSyncWriter(os.Stdout)).With("module", "validator") It would be great to swap out logging to slog or zap in horcrux. I created #146 <#146> as follow up — Reply to this email directly, view it on GitHub <#144 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AACG6V6SXHECQIOPD4OVNLTXEGBLLANCNFSM6AAAAAAXSNT6ZA> . You are receiving this because your review was requested.Message ID: ***@***.***>

[agouin]

I missed this, but we save keys into 1 dir and name files with a chain-id suffix?

Sharding will create a dir for each cosigner. The files can be copied directly to the relative cosigners without renaming any files now.

$ ls
priv_validator_key.json

$ horcrux create-ed25519-shares --chain-id cosmoshub-4 --key-file priv_validator_key.json --threshold 2 --shares 3
Created Ed25519 Share cosigner_1/cosmoshub-4_share.json
Created Ed25519 Share cosigner_2/cosmoshub-4_share.json
Created Ed25519 Share cosigner_3/cosmoshub-4_share.json

$ horcrux create-rsa-shares --shares 3
Created RSA Share cosigner_1/rsa_keys.json
Created RSA Share cosigner_2/rsa_keys.json
Created RSA Share cosigner_3/rsa_keys.json

$ ls -R
.:
cosigner_1  cosigner_2  cosigner_3 priv_validator_key.json

./cosigner_1:
cosmoshub-4_share.json  rsa_keys.json

./cosigner_2:
cosmoshub-4_share.json  rsa_keys.json

./cosigner_3:
cosmoshub-4_share.json  rsa_keys.json