Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pass link secret as raw_value to anoncreds-rs #2371

Closed
dbluhm opened this issue Jul 31, 2023 · 3 comments
Closed

Pass link secret as raw_value to anoncreds-rs #2371

dbluhm opened this issue Jul 31, 2023 · 3 comments
Labels
AnonCreds Ledger Agnostic AnonCreds

Comments

@dbluhm
Copy link
Contributor

dbluhm commented Jul 31, 2023

Related issue on anoncreds-rs: hyperledger/anoncreds-rs#202

The link secret is a sensitive value that should be carefully handled to reduce the chances of compromising it. Commonly, sensitive values like private keys are zeroed in memory after use. Previously, when using Indy CredX, the the link secret was passed to and from the library using a raw buffer to prevent Python from copying the value all over the place. This enabled the caller to generate a link secret and insert it into the Askar store as a buffer and then to recall the value from the store later and pass it to Indy CredX using Askar's Entry.raw_value. The value can then be properly and effectively zeroized when appropriate.

At present, the anoncreds-rs library Python wrapper is not using the Buffer protocol to return and handle the link secret value. This requires the caller to handle the secret as a string, preventing clean up by the Rust layer (which isn't happening right now either, from what I understand).

@dbluhm dbluhm converted this from a draft issue Jul 31, 2023
@dbluhm dbluhm added the AnonCreds Ledger Agnostic AnonCreds label Jul 31, 2023
@swcurran
Copy link
Contributor

swcurran commented Aug 8, 2023

@andrewwhitehead — can you please weigh in on this issue, and the related Askar issue. What is the right thing to be done here, and could you please “make it so”? Thanks!

@andrewwhitehead
Copy link
Contributor

I think it depends how 'secret' we consider it to be. Personally, I don't think it's that critical and a string might be just fine. An attacker would have to obtain the raw credentials from the user's wallet, and if they can do that then they can likely obtain the link secret as well. That said it probably wouldn't be hard to switch back to the old implementation.

@swcurran
Copy link
Contributor

So we can close this and count it done?

If we switch back to the old implementation, what is the impact on the other wrappers, and uses of those wrappers? E.g. on the JS wrapper and on AFJ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
AnonCreds Ledger Agnostic AnonCreds
Projects
None yet
Development

No branches or pull requests

3 participants