techworldtrendz.com

Your Gateway to Technology

Subscribe

Technology Solutions for Crypto Custody | Ripple | Ripple

15 mins read

Wallet¶

A wallet contains a set of user identities. An application run by a user selects one of these identities when it connects to a channel. Access rights to channel resources, such as the ledger, are determined using this identity in combination with an MSP.

In this topic, we”re going to cover:

  • Why wallets are important
  • How wallets are organized
  • Different types of wallet
  • Wallet operations

Scenario¶

When an application connects to a network channel such as PaperNet, it selects a user identity to do so, for example ID1 . The channel MSPs associate ID1 with a role within a particular organization, and this role will ultimately determine the application”s rights over channel resources. For example, ID1 might identify a user as a member of the MagnetoCorp organization who can read and write to the ledger, whereas ID2 might identify an administrator in MagnetoCorp who can add a new organization to a consortium.

wallet.scenario

Two users, Isabella and Balaji have wallets containing different identities they can use to connect to different network channels, PaperNet and BondNet.

Consider the example of two users; Isabella from MagnetoCorp and Balaji from DigiBank. Isabella is going to use App 1 to invoke a smart contract in PaperNet and a different smart contract in BondNet. Similarly, Balaji is going to use App 2 to invoke smart contracts, but only in PaperNet. (It”s very easy for applications to access multiple networks and multiple smart contracts within them.)

  • MagnetoCorp uses CA1 to issue identities and DigiBank uses CA2 to issue identities. These identities are stored in user wallets.
  • Balaji”s wallet holds a single identity, ID4 issued by CA2. Isabella”s wallet has many identities, ID1 , ID2 and ID3 , issued by CA1. Wallets can hold multiple identities for a single user, and each identity can be issued by a different CA.
  • Both Isabella and Balaji connect to PaperNet, and its MSPs determine that Isabella is a member of the MagnetoCorp organization, and Balaji is a member of the DigiBank organization, because of the respective CAs that issued their identities. (It is possible for an organization to use multiple CAs, and for a single CA to support multiple organizations.)
  • Isabella can use ID1 to connect to both PaperNet and BondNet. In both cases, when Isabella uses this identity, she is recognized as a member of MangetoCorp.
  • Isabella can use ID2 to connect to BondNet, in which case she is identified as an administrator of MagnetoCorp. This gives Isabella two very different privileges: ID1 identifies her as a simple member of MagnetoCorp who can read and write to the BondNet ledger, whereas ID2 identities her as a MagnetoCorp administrator who can add a new organization to BondNet.
  • Balaji cannot connect to BondNet with ID4 . If he tried to connect, ID4 would not be recognized as belonging to DigiBank because CA2 is not known to BondNet”s MSP.

Types¶

There are different types of wallets according to where they store their identities:

wallet.types

The three different types of wallet storage: File system, In-memory and CouchDB.

  • File system: This is the most common place to store wallets; file systems are pervasive, easy to understand, and can be network mounted. They are a good default choice for wallets.
  • In-memory: A wallet in application storage. Use this type of wallet when your application is running in a constrained environment without access to a file system; typically a web browser. It”s worth remembering that this type of wallet is volatile; identities will be lost after the application ends normally or crashes.
  • CouchDB: A wallet stored in CouchDB. This is the rarest form of wallet storage, but for those users who want to use the database back-up and restore mechanisms, CouchDB wallets can provide a useful option to simplify disaster recovery.

Use factory functions provided by the Wallets class to create wallets.

Hardware Security Module¶

A Hardware Security Module (HSM) is an ultra-secure, tamper-proof device that stores digital identity information, particularly private keys. HSMs can be locally attached to your computer or network accessible. Most HSMs provide the ability to perform on-board encryption with private keys, such that the private keys never leave the HSM.

An HSM can be used with any of the wallet types. In this case the certificate for an identity will be stored in the wallet and the private key will be stored in the HSM.

To enable the use of HSM-managed identities, an IdentityProvider must be configured with the HSM connection information and registered with the wallet. For further details, refer to the Using wallets to manage identities tutorial.

Structure¶

A single wallet can hold multiple identities, each issued by a particular Certificate Authority. Each identity has a standard structure comprising a descriptive label, an X.509 certificate containing a public key, a private key, and some Fabric-specific metadata. Different wallet types map this structure appropriately to their storage mechanism.

wallet.structure

A Fabric wallet can hold multiple identities with certificates issued by a different Certificate Authority. Identities comprise certificate, private key and Fabric metadata.

There”s a couple of key class methods that make it easy to manage wallets and identities:

const identity: X509Identity =  credentials:  certificate: certificatePEM, privateKey: privateKeyPEM, >, mspId: 'Org1MSP', type: 'X.509', >; await wallet.put(identityLabel, identity);

See how an identity is created that has metadata Org1MSP , a certificate and a privateKey . See how wallet.put() adds this identity to the wallet with a particular identityLabel .

The Gateway class only requires the mspId and type metadata to be set for an identity – Org1MSP and X.509 in the above example. It currently uses the MSP ID value to identify particular peers from a connection profile, for example when a specific notification strategy is requested. In the DigiBank gateway file networkConnection.yaml , see how Org1MSP notifications will be associated with peer0.org1.example.com :

organizations: Org1: mspid: Org1MSP peers: - peer0.org1.example.com

You really don”t need to worry about the internal structure of the different wallet types, but if you”re interested, navigate to a user identity folder in the commercial paper sample:

magnetocorp/identity/user/isabella/ wallet/ User1@org1.example.com.id

You can examine these files, but as discussed, it”s easier to use the SDK to manipulate these data.

Operations¶

The different wallet types all implement a common Wallet interface which provides a standard set of APIs to manage identities. It means that applications can be made independent of the underlying wallet storage mechanism; for example, File system and HSM wallets are handled in a very similar way.

wallet.operations

Wallets follow a lifecycle: they can be created or opened, and identities can be read, added and deleted.

An application can use a wallet according to a simple lifecycle. Wallets can be opened or created, and subsequently identities can be added, updated, read and deleted. Spend a little time on the different Wallet methods in the JSDoc to see how they work; the commercial paper tutorial provides a nice example in addToWallet.js :

const wallet = await Wallets.newFileSystemWallet('../identity/user/isabella/wallet'); const cert = fs.readFileSync(path.join(credPath, '. /User1@org1.example.com-cert.pem')).toString(); const key = fs.readFileSync(path.join(credPath, '. /_sk')).toString(); const identityLabel = 'User1@org1.example.com'; const identity =  credentials:  certificate: cert, privateKey: key, >, mspId: 'Org1MSP', type: 'X.509', >; await wallet.put(identityLabel, identity);
  • When the program is first run, a wallet is created on the local file system at . /isabella/wallet .
  • a certificate cert and private key are loaded from the file system.
  • a new X.509 identity is created with cert , key and Org1MSP .
  • the new identity is added to the wallet with wallet.put() with a label User1@org1.example.com .

That”s everything you need to know about wallets. You”ve seen how they hold identities that are used by applications on behalf of users to access Fabric network resources. There are different types of wallets available depending on your application and security needs, and a simple set of APIs to help applications manage wallets and the identities within them.

© Copyright Hyperledger 2020.

This work is licensed under a Creative Commons Attribution 4.0 International License

MPC and HSM for Key Management Part 1: Demystifying Technology Options for Digital Asset Custody

private-key-management

The rapidly growing universe of digital asset types, tokenization and use cases is driving an urgent demand for more secure institutional digit asset custody solutions. Providers are rushing to fulfill this need by providing high net worth individuals, family offices, enterprises and others with a wider array of custodian options.

Banks and financial services institutions have a unique opportunity to leverage their long history as custodians of traditional assets to diversify their portfolios and offer trusted digital asset custody solutions for clients. But how to make sense of the different key management technology and protection options available?

In this first post in a two-part series, we’ll look at three technology decisions providers must make as part of rolling out a crypto custody solution.

Hot Wallets, Cold Wallets and Everything in Between

At the core of any custodian strategy lies the ability to securely hold and access a range of digital assets. This access is granted through cryptographic private keys, which enable the transfer or control of the asset. Securing these keys is paramount, and that begins with a choice of wallet.

Hot wallets are those connected to the web. Designed for real-time transactions, they are ideal for high-frequency, low-risk activities. They are ideal for permissioned use cases requiring fast, automated access to liquidity and web transactions, for example conveniently accessing funds on the go. However, their constant connection to the internet—while convenient for accessing funds—makes them more vulnerable to attacks and often requires the use of additional advanced protection technologies.

On the other hand, cold wallets feature offline storage of private keys within a physical hardware wallet, which means the process of accessing funds within a cold wallet can be extremely manual. While this can pose challenges for many institutional needs, it also helps to de-risk the storage of digital assets. Given their nature and enhanced security to mitigate the risk of cyber-attacks, they are best used for crypto custody or low-frequency, high-risk transactions.

Another more recent form of cold wallet technology to come on the scene is air-gapped cold wallets, which are hardware wallets completely disconnected from any wireless network, including WiFi and bluetooth. “Air-gap” is a computer security term referring to the complete isolation of a device or a network from other networks or devices.

Last but not least, account abstraction—which leverages smart contracts to manage funds—allows users to retain full control over their wallet and funds. They are protected by a multi signature wallet from either cold wallets or hot wallets.

To Shard or Not to Shard: HSM and MPC Wallet Explained

Within institutional wallets, there are two primary options today for managing private keys. The most straightforward and simplest to understand are Hardware Security Modules (HSMs). These are physical hardware devices or cloud-based storage options that have been specifically developed to protect crypto keys using a combination of physical security, cryptographic isolation, secure communications and detailed audits and logs. They are ideal for use cases like air-gapped wallets that are disconnected from the internet, high-level security standards or assets held in long-term storage.

While secure options for owners, HSMs are useless if the wrong person acquires control of the device. Multiparty Computation (MPC) technique was developed to avoid this single point of failure. This cryptographic technique involves “sharding” private keys into multiple distinct shares (often 2-3 shards) that are geographically distributed across multiple databases, cloud services or other storage options. This means that even if one part of a private key is compromised, the overall key remains unusable.

To add these extra layers of security and peace of mind, an MPC wallet requires additional computational resources. This performance tax is why most MPC solutions are limited to 3-4 different shards and better suited for permissioned use cases, fast or automated access to liquidity, and scenarios where cost, compliance or technical limitations make HSMs unfeasible.

Some MPC solutions have adopted versions of this approach where the service provider holds at least one of the key shards. However, this model means that the bank doesn’t have complete control of their own crypto assets and those of their clients. Mature regulated entities are ultimately responsible for the safekeeping of those assets, but are relinquishing part of that control with these types of solutions. To ensure the utmost safety and security, the physical storage of key share material should be managed by a single entity—the institution itself.

SaaS vs On-Prem Deployments

Beyond wallet types and key protection strategies, custodians must decide whether to host their custody solution with a provider or on their own servers.

A Software as a Service (SaaS) implementation is fairly straightforward. Managed by a third-party provider such as Metaco, they run in the cloud, allowing for fast deployment and near instant scaling. Like with other SaaS solutions, they require less up-front cost or ongoing resources. Everything is stored in the cloud and managed by the third-party, making them deploy-and-forget solutions that allow providers to focus on their core business requirements.

Conversely, on-premise (on-prem) custody solutions offer complete control of all data and processes and are ideal for banks and financial institutions that have strict risk, compliance or regulatory requirements. In these setups, the institution designs and provisions the hardware, manages and maintains all security considerations, and services process and software upgrades for the life of the system. The trade off for this control is the high up-front cost to deploy a solution and the ongoing resource requirements to manage it.

While these choices can seem overwhelming, the digital asset use cases for each provider and their clients will help dictate which combination of wallet, key security and solution type is best.

Contact us to learn more about the technical considerations and solutions criteria that will inform crypto custody provider technology choices.

https://hyperledger-fabric.readthedocs.io/es/latest/developapps/wallet.html

https://ripple.com/insights/mpc-and-hsm-for-key-management-part-1-demystifying-technology-options-for-digital-asset-custody/