feat: Implementation of the ipfs.key API (#1133)

Author: richardschneider

README.md

@@ -195,6 +195,8 @@ const node = new IPFS({
   // },
   start: true, // default
   // start: false,
+  pass: undefined // default
+  // pass: 'pass phrase for key access',
   EXPERIMENTAL: { // enable experimental features
     pubsub: true,
     sharding: true, // enable dir sharding
@@ -281,6 +283,17 @@ A complete API definition is in the works. Meanwhile, you can learn how to you u
   - [`ipfs.object.patch.setData(multihash, data, [options, callback])`](https://github.com/ipfs/interface-ipfs-core/tree/master/SPEC/OBJECT.md#objectpatchsetdata)
 - [pin (not implemented, yet!)](https://github.com/ipfs/interface-ipfs-core/tree/master/SPEC/)
 
+#### `Crypto and Key Management`
+
+- [key](https://github.com/ipfs/interface-ipfs-core/tree/master/SPEC/KEY.md)
+  - `ipfs.key.export(name, password, [callback])`
+  - `ipfs.key.gen(name, options, [callback])`
+  - `ipfs.key.import(name, pem, password, [callback])`
+  - `ipfs.key.list([callback])`
+  - `ipfs.key.rename(oldName, newName, [callback])`
+  - `ipfs.key.rm(name, [callback])`
+- [crypto (not yet implemented)](https://github.com/ipfs/interface-ipfs-core/tree/master/SPEC)
+
 #### `Network`
 
 - [bootstrap](https://github.com/ipfs/interface-ipfs-core/tree/master/SPEC/)
@@ -529,6 +542,10 @@ If you find any other issue, please check the [`Electron Support` issue](https:/
 | [`is-ipfs`](https://github.com/ipfs/is-ipfs) | [![npm](https://img.shields.io/npm/v/is-ipfs.svg?maxAge=86400&style=flat-square)](//github.com/ipfs/is-ipfs/releases) | [![Dep](https://david-dm.org/ipfs/is-ipfs.svg?style=flat-square)](https://david-dm.org/ipfs/is-ipfs) | [![devDep](https://david-dm.org/ipfs/is-ipfs/dev-status.svg?style=flat-square)](https://david-dm.org/ipfs/is-ipfs?type=dev) | [![Travis](https://travis-ci.org/ipfs/is-ipfs.svg?branch=master)](https://travis-ci.org/ipfs/is-ipfs) | | ![Appveyor CI](https://ci.appveyor.com/api/projects/status/github/ipfs/is-ipfs?svg=true) | [![Coverage Status](https://coveralls.io/repos/github/ipfs/is-ipfs/badge.svg?branch=master)](https://coveralls.io/github/ipfs/is-ipfs?branch=master) |
 | [`multihashing`](//github.com/multiformats/js-multihashing) | [![npm](https://img.shields.io/npm/v/multihashing.svg?maxAge=86400&style=flat-square)](//github.com/multiformats/js-multihashing/releases) | [![Dep](https://david-dm.org/multiformats/js-multihashing.svg?style=flat-square)](https://david-dm.org/multiformats/js-multihashing) | [![devDep](https://david-dm.org/multiformats/js-multihashing/dev-status.svg?style=flat-square)](https://david-dm.org/multiformats/js-multihashing?type=dev) | [![Travis](https://travis-ci.org/multiformats/js-multihashing.svg?branch=master)](https://travis-ci.org/multiformats/js-multihashing) | [![Circle CI](https://circleci.com/gh/multiformats/js-multihashing.svg?style=svg)](https://circleci.com/gh/jbenet/js-multihashing) | ![Appveyor CI](https://ci.appveyor.com/api/projects/status/github/multiformats/js-multihashing?svg=true) | [![Coverage Status](https://coveralls.io/repos/github/jbenet/js-multihashing/badge.svg?branch=master)](https://coveralls.io/github/jbenet/js-multihashing?branch=master) |
 | [`mafmt`](//github.com/whyrusleeping/js-mafmt) | [![npm](https://img.shields.io/npm/v/mafmt.svg?maxAge=86400&style=flat-square)](//github.com/whyrusleeping/js-mafmt/releases) | [![Dep](https://david-dm.org/whyrusleeping/js-mafmt.svg?style=flat-square)](https://david-dm.org/whyrusleeping/js-mafmt) | [![devDep](https://david-dm.org/whyrusleeping/js-mafmt/dev-status.svg?style=flat-square)](https://david-dm.org/whyrusleeping/js-mafmt?type=dev) | [![Travis](https://travis-ci.org/whyrusleeping/js-mafmt.svg?branch=master)](https://travis-ci.org/whyrusleeping/js-mafmt) | [![Circle CI](https://circleci.com/gh/whyrusleeping/js-mafmt.svg?style=svg)](https://circleci.com/gh/whyrusleeping/js-mafmt) | ![Appveyor CI](https://ci.appveyor.com/api/projects/status/github/whyrusleeping/js-mafmt?svg=true) | [![Coverage Status](https://coveralls.io/repos/github/whyrusleeping/js-mafmt/badge.svg?branch=master)](https://coveralls.io/github/whyrusleeping/js-mafmt?branch=master) |
+| **Crypto**
+| [`libp2p-crypto`](https://github.com/libp2p/js-libp2p-crypto) | [![npm](https://img.shields.io/npm/v/libp2p-crypto.svg?maxAge=86400&style=flat-square)](//github.com/libp2p/js-libp2p-crypto/releases) | [![Dep](https://david-dm.org/libp2p/js-libp2p-crypto.svg?style=flat-square)](https://david-dm.org/libp2p/js-libp2p-crypto) | [![devDep](https://david-dm.org/libp2p/js-libp2p-crypto/dev-status.svg?style=flat-square)](https://david-dm.org/libp2p/js-libp2p-crypto?type=dev) | [![Travis](https://travis-ci.org/libp2p/js-libp2p-crypto.svg?branch=master)](https://travis-ci.org/libp2p/js-libp2p-crypto) | [![Circle CI](https://circleci.com/gh/libp2p/js-libp2p-crypto.svg?style=svg)](https://circleci.com/gh/libp2p/js-libp2p-crypto) | ![Appveyor CI](https://ci.appveyor.com/api/projects/status/github/libp2p/js-libp2p-crypto?svg=true) | [![Coverage Status](https://coveralls.io/repos/github/libp2p/js-libp2p-crypto/badge.svg?branch=master)](https://coveralls.io/github/libp2p/js-libp2p-crypto?branch=master) |
+| [`libp2p-keychain`](https://github.com/libp2p/js-libp2p-keychain) | [![npm](https://img.shields.io/npm/v/libp2p-keychain.svg?maxAge=86400&style=flat-square)](//github.com/libp2p/js-libp2p-keychain/releases) | [![Dep](https://david-dm.org/libp2p/js-libp2p-keychain.svg?style=flat-square)](https://david-dm.org/libp2p/js-libp2p-keychain) | [![devDep](https://david-dm.org/libp2p/js-libp2p-keychain/dev-status.svg?style=flat-square)](https://david-dm.org/libp2p/js-libp2p-keychain?type=dev) | [![Travis](https://travis-ci.org/libp2p/js-libp2p-keychain.svg?branch=master)](https://travis-ci.org/libp2p/js-libp2p-keychain) | [![Circle CI](https://circleci.com/gh/libp2p/js-libp2p-keychain.svg?style=svg)](https://circleci.com/gh/libp2p/js-libp2p-keychain) | ![Appveyor CI](https://ci.appveyor.com/api/projects/status/github/libp2p/js-libp2p-keychain?svg=true) | [![Coverage Status](https://coveralls.io/repos/github/libp2p/js-libp2p-keychain/badge.svg?branch=master)](https://coveralls.io/github/libp2p/js-libp2p-keychain?branch=master) |
+
 
 ## Development
 

package.json

@@ -74,7 +74,7 @@
     "go-ipfs-dep": "^0.4.13",
     "hat": "0.0.3",
     "interface-ipfs-core": "~0.42.1",
-    "ipfsd-ctl": "^0.27.0",
+    "ipfsd-ctl": "~0.27.2",
     "left-pad": "^1.2.0",
     "lodash": "^4.17.4",
     "mocha": "^4.1.0",
@@ -122,6 +122,7 @@
     "libp2p-crypto": "^0.10.4",
     "libp2p-floodsub": "~0.13.1",
     "libp2p-kad-dht": "~0.6.0",
+    "libp2p-keychain": "~0.3.0",
     "libp2p-mdns": "~0.9.1",
     "libp2p-multiplex": "~0.5.1",
     "libp2p-railing": "~0.7.1",

src/cli/bin.js

@@ -21,6 +21,11 @@ const cli = yargs
     default: false,
     coerce: ('silent', silent => silent ? utils.disablePrinting() : silent)
   })
+  .option('pass', {
+    desc: 'Pass phrase for the keys',
+    type: 'string',
+    default: ''
+  })
   .commandDir('commands')
   .demandCommand(1)
   .fail((msg, err, yargs) => {
@@ -59,7 +64,7 @@ if (args[0] === 'daemon' || args[0] === 'init') {
     if (err) {
       throw err
     }
-    utils.getIPFS(argv.api, (err, ipfs, cleanup) => {
+    utils.getIPFS(argv, (err, ipfs, cleanup) => {
       if (err) { throw err }
 
       cli

src/cli/commands/init.js

@@ -38,6 +38,7 @@ module.exports = {
     node.init({
       bits: argv.bits,
       emptyRepo: argv.emptyRepo,
+      pass: argv.pass,
       log: print
     }, (err) => {
       if (err) {

src/cli/commands/key.js

@@ -0,0 +1,14 @@
+'use strict'
+
+module.exports = {
+  command: 'key',
+
+  description: 'Manage your keys',
+
+  builder (yargs) {
+    return yargs
+      .commandDir('key')
+  },
+
+  handler (argv) {}
+}

src/cli/commands/key/export.js

@@ -0,0 +1,37 @@
+'use strict'
+
+const fs = require('fs')
+
+module.exports = {
+  command: 'export <name>',
+
+  describe: 'Export the key as a password protected PKCS #8 PEM file',
+
+  builder: {
+    passout: {
+      alias: 'p',
+      describe: 'Password for the PEM',
+      type: 'string',
+      demandOption: true
+    },
+    output: {
+      alias: 'o',
+      describe: 'Output file',
+      type: 'string',
+      default: 'stdout'
+    }
+  },
+
+  handler (argv) {
+    argv.ipfs.key.export(argv.name, argv.passout, (err, pem) => {
+      if (err) {
+        throw err
+      }
+      if (argv.output === 'stdout') {
+        process.stdout.write(pem)
+      } else {
+        fs.writeFileSync(argv.output, pem)
+      }
+    })
+  }
+}

src/cli/commands/key/gen.js

@@ -0,0 +1,35 @@
+'use strict'
+
+const print = require('../../utils').print
+
+module.exports = {
+  command: 'gen <name>',
+
+  describe: 'Create a new key',
+
+  builder: {
+    type: {
+      alias: 't',
+      describe: 'type of the key to create [rsa, ed25519].',
+      default: 'rsa'
+    },
+    size: {
+      alias: 's',
+      describe: 'size of the key to generate.',
+      default: '2048'
+    }
+  },
+
+  handler (argv) {
+    const opts = {
+      type: argv.type,
+      size: argv.size
+    }
+    argv.ipfs.key.gen(argv.name, opts, (err, key) => {
+      if (err) {
+        throw err
+      }
+      print(`generated ${key.id} ${key.name}`)
+    })
+  }
+}

src/cli/commands/key/import.js

@@ -0,0 +1,34 @@
+'use strict'
+
+const fs = require('fs')
+const print = require('../../utils').print
+
+module.exports = {
+  command: 'import <name>',
+
+  describe: 'Import the key from a PKCS #8 PEM file',
+
+  builder: {
+    passin: {
+      alias: 'p',
+      describe: 'Password for the PEM',
+      type: 'string'
+    },
+    input: {
+      alias: 'i',
+      describe: 'Input PEM file',
+      type: 'string',
+      demandOption: true,
+      coerce: ('input', input => fs.readFileSync(input, 'utf8'))
+    }
+  },
+
+  handler (argv) {
+    argv.ipfs.key.import(argv.name, argv.input, argv.passin, (err, key) => {
+      if (err) {
+        throw err
+      }
+      print(`imported ${key.id} ${key.name}`)
+    })
+  }
+}

src/cli/commands/key/list.js

@@ -0,0 +1,20 @@
+'use strict'
+
+const print = require('../../utils').print
+
+module.exports = {
+  command: 'list',
+
+  describe: 'List all local keys',
+
+  builder: {},
+
+  handler (argv) {
+    argv.ipfs.key.list((err, keys) => {
+      if (err) {
+        throw err
+      }
+      keys.forEach((ki) => print(`${ki.id} ${ki.name}`))
+    })
+  }
+}

src/cli/commands/key/rename.js

@@ -0,0 +1,20 @@
+'use strict'
+
+const print = require('../../utils').print
+
+module.exports = {
+  command: 'rename <name> <newName>',
+
+  describe: 'Rename a key',
+
+  builder: {},
+
+  handler (argv) {
+    argv.ipfs.key.rename(argv.name, argv.newName, (err, res) => {
+      if (err) {
+        throw err
+      }
+      print(`renamed to ${res.id} ${res.now}`)
+    })
+  }
+}

src/cli/commands/key/rm.js

@@ -0,0 +1,20 @@
+'use strict'
+
+const print = require('../../utils').print
+
+module.exports = {
+  command: 'rm <name>',
+
+  describe: 'Remove a key',
+
+  builder: {},
+
+  handler (argv) {
+    argv.ipfs.key.rm(argv.name, (err, key) => {
+      if (err) {
+        throw err
+      }
+      print(`${key.id} ${key.name}`)
+    })
+  }
+}

src/cli/utils.js

@@ -38,15 +38,16 @@ function getAPICtl (apiAddr) {
   return APIctl(apiAddr)
 }
 
-exports.getIPFS = (apiAddr, callback) => {
-  if (apiAddr || isDaemonOn()) {
-    return callback(null, getAPICtl(apiAddr), (cb) => cb())
+exports.getIPFS = (argv, callback) => {
+  if (argv.api || isDaemonOn()) {
+    return callback(null, getAPICtl(argv.api), (cb) => cb())
   }
 
   const node = new IPFS({
     repo: exports.getRepoPath(),
     init: false,
     start: false,
+    pass: argv.pass,
     EXPERIMENTAL: {
       pubsub: true
     }

src/core/boot.js

@@ -15,7 +15,7 @@ module.exports = (self) => {
   const repoOpen = !self._repo.closed
 
   const customInitOptions = typeof options.init === 'object' ? options.init : {}
-  const initOptions = Object.assign({ bits: 2048 }, customInitOptions)
+  const initOptions = Object.assign({ bits: 2048, pass: self._options.pass }, customInitOptions)
 
   // Checks if a repo exists, and if so opens it
   // Will return callback with a bool indicating the existence
@@ -30,6 +30,7 @@ module.exports = (self) => {
       (cb) => self._repo.open(cb),
       (cb) => self.preStart(cb),
       (cb) => {
+        self.log('initialized')
         self.state.initialized()
         cb(null, true)
       }
@@ -56,8 +57,8 @@ module.exports = (self) => {
     if (err) {
       return self.emit('error', err)
     }
+    self.log('boot:done')
     self.emit('ready')
-    self.log('boot:done', err)
   }
 
   const tasks = []

src/core/components/index.js

@@ -21,3 +21,4 @@ exports.bitswap = require('./bitswap')
 exports.pubsub = require('./pubsub')
 exports.dht = require('./dht')
 exports.dns = require('./dns')
+exports.key = require('./key')

src/core/components/init.js

@@ -5,6 +5,7 @@ const waterfall = require('async/waterfall')
 const parallel = require('async/parallel')
 const promisify = require('promisify-es6')
 const config = require('../runtime/config-nodejs.json')
+const Keychain = require('libp2p-keychain')
 
 const addDefaultAssets = require('./init-assets')
 
@@ -36,7 +37,7 @@ module.exports = function init (self) {
     opts.emptyRepo = opts.emptyRepo || false
     opts.bits = Number(opts.bits) || 2048
     opts.log = opts.log || function () {}
-
+    let privateKey
     waterfall([
       // Verify repo does not yet exist.
       (cb) => self._repo.exists(cb),
@@ -57,6 +58,10 @@ module.exports = function init (self) {
           PeerID: keys.toB58String(),
           PrivKey: keys.privKey.bytes.toString('base64')
         }
+        if (opts.pass) {
+          privateKey = keys.privKey
+          config.Keychain = Keychain.generateOptions()
+        }
         opts.log('done')
         opts.log('peer identity: ' + config.Identity.PeerID)
 
@@ -65,10 +70,21 @@ module.exports = function init (self) {
       (_, cb) => self._repo.open(cb),
       (cb) => {
         self.log('repo opened')
+        if (opts.pass) {
+          self.log('creating keychain')
+          const keychainOptions = Object.assign({passPhrase: opts.pass}, config.Keychain)
+          self._keychain = new Keychain(self._repo.keys, keychainOptions)
+          self._keychain.importPeer('self', { privKey: privateKey }, cb)
+        } else {
+          cb(null, true)
+        }
+      },
+      (_, cb) => {
         if (opts.emptyRepo) {
           return cb(null, true)
         }
 
+        self.log('adding assets')
         const tasks = [
           // add empty unixfs dir object (go-ipfs assumes this exists)
           (cb) => self.object.new('unixfs-dir', cb)