Ethereum signining of IPNS

paulgmiller · September 13, 2022, 4:50am

It seems like today ipns record creation is overly tied to running a node. If somebody else is running a node I’d like to be able to sign records to give to them. Ideally I’d like to use a ethereum wallet like meta mask which already has a public key (and uses elliptical curve?) so I could sign things in a web app with an extension I already have. Has anybody looked at this already?

There’s a bunch of services like infura and cloudfare offerening ipfs as a service which is great but there’s but nobody is really offering ipns as a service. Maybe this would help drive it?

Jorropo · September 13, 2022, 4:57am

IPNS isn’t tied to running a node, this is implementation details of Kubo.
There is web3.storage with GitHub - web3-storage/w3name: IPNS client and service for generating, updating, and tracking immutable names with signed updates which has an IPNS service (you give them some signed records and they republish them on the DHT for you).

Signing your IPNS records through your wallet would be doable (you just do an ethereum rpc sign call and pass the IPNS record as value).
Ethereum use Ed25519 which is one of the public key supported for IPNS, alternatives are RSA and secp256k1 (what bitcoin use). However our key encoding is different than ethereum and bitcoin so even tho they are identical their representation would be different.

(we recommend to use Ed25519 and is the default in Kubo)

I can point to the IPNS specs & code examples if you want to try implementing that.

paulgmiller · September 13, 2022, 5:08am

THanks looking at web3-storage/w3name.
Was looking at signing an ipns record in javascript
but js-ipns seemed to take a peerid

github.com

ipfs/js-ipns/blob/0f5340a5cf04154f9a7b7adc85012f6c8a504a50/src/index.ts#L89


      
          export const createWithExpiration = async (peerId: PeerId, value: Uint8Array, seq: number | bigint, expiration: string): Promise<IPNSEntry> => {
            const expirationDate = NanoDate.fromString(expiration)
            const validityType = IpnsEntry.ValidityType.EOL
          
          
  const ttlMs = expirationDate.toDate().getTime() - Date.now()
            const ttlNs = (BigInt(ttlMs) * BigInt(100000)) + BigInt(expirationDate.getNano())
          
          
  return await _create(peerId, value, seq, validityType, expirationDate, ttlNs)
          }
          
          
const _create = async (peerId: PeerId, value: Uint8Array, seq: number | bigint, validityType: IpnsEntry.ValidityType, expirationDate: NanoDate, ttl: bigint): Promise<IPNSEntry> => {
            seq = BigInt(seq)
            const isoValidity = uint8ArrayFromString(expirationDate.toString())
          
          
  if (peerId.privateKey == null) {
              throw errCode(new Error('Missing private key'), ERRORS.ERR_MISSING_PRIVATE_KEY)
            }
          
          
  const privateKey = await unmarshalPrivateKey(peerId.privateKey)
            const signatureV1 = await sign(privateKey, value, validityType, isoValidity)
            const data = createCborData(value, isoValidity, validityType, seq, ttl)

Was deciding if I could mock up a peerid with a web3.personal.sign as its private key.

Jorropo · September 13, 2022, 5:08am

FYI a peerid is just a fancy multiformats compatible wrapper arround a public key.
I would take a look at the underlying implementation of the signing code, you should be able to fork it and replace it by web3_provider based signing fairly easily.

SionoiS · September 13, 2022, 11:19am

I just refactored my code for manually creating IPNS record.

NO you can’t use crypto wallet to sign records.

Kubo expect very specific hash and crypto algorithm plus crypto wallet always add prefixes to messages signed.

Kubo could be modified to verify BTC or ETH signatures and that would make my life way easier!

Jorropo · September 13, 2022, 12:42pm

I think there is a call in the ethereum RPC that doesn’t add thoses.
If there isn’t then you need to recover the private key of the wallet and do crypto yourself.

SionoiS · September 14, 2022, 11:11am

I think there is a call in the ethereum RPC that doesn’t add thoses.
If there isn’t then you need to recover the private key of the wallet and do crypto yourself.

There is but it’s not secure someone could trick you into signing a message then use it to spend your coins, that is why it’s prefixed.

Also, recovering the public key is not the problem, a user does not control how the wallet sign messages and neither how Kubo verify and they are not compatible because of a different hash algo is used and prefix used in the case of BTC & ETH.

You can always do the crypto yourself but your out of luck if you want to use a preexisting wallet hardware or not.

paulgmiller · September 15, 2022, 6:19am

There is but it’s not secure someone could trick you into signing a message then use it to spend your coins, that is why it’s prefixed.

That’s unfortunate web3.personal.sign was what I was considering ethsign/index.html at 74b24d6884c56417ec6882d652860c24d6718955 · shobhitic/ethsign · GitHub
But that prefixing sounds correct.

Could roll my own variant of ipns and try and shove it into Ipfs’s dht or an different kademila dht but was hoping to use a common standard to get better replication.

paulgmiller · September 15, 2022, 6:23am

Yep definitely prefixes
web3.eth.personal — web3.js 1.0.0 documentation (web3js.readthedocs.io)

The sign method calculates an Ethereum specific signature with:

sign(keccak256(“\x19Ethereum Signed Message:\n” + dataToSign.length + dataToSign)))

SionoiS · September 15, 2022, 11:00am

Could roll my own variant of ipns and try and shove it into Ipfs’s dht or an different kademila dht but was hoping to use a common standard to get better replication.

Would be easier to add ETH & BTC signature schemes to Kubo since there’s already secp256k1 curve verification but without prefix.

edit: same problem with DAG-JOSE can’t use crypto wallet either

paulgmiller · September 16, 2022, 5:00am

Would kubo maintainers actually be open to taking something like that assuming somone wrote the code?

SionoiS · September 16, 2022, 11:33am

IPNS Spec

Records
Keys

Useful links if your going to implement something.

paulgmiller · September 21, 2022, 5:12am

Tried to raise this up here.
[Feature] Support ethereum wallet signing. · Issue #44 · ipfs/go-ipns (github.com)

Think I can pretty easily verify an eth sig just need suggestions on when we should check that prefix.

danieln · December 6, 2022, 7:05pm

Hey @paulgmiller

Did you make any progress with this?

This would be a great contribution to the community.

danieln · December 12, 2022, 9:20am

I’ve picked this up and made a bit of progress in the js-ipns implementation.

This PR allows creating an unsigned IPNS record which could then be passed to a wallet for signing.

paulgmiller · December 12, 2022, 5:06pm

I kind of gave up on using ipns since it wasn’t clear it would ever take a record signed only by cypto wallet

[Feature] Support ethereum wallet signing. · Issue #323 · ipfs/specs (github.com)

So in my project just did something similar to ipns and broadcast that to pubsub. Its not idea since it doens’t get as many repeaters as ipfs (and makybe i should be putting on a dht instead)

zebu/types.go at main · paulgmiller/zebu (github.com)

Jorropo · December 12, 2022, 9:53pm

I belive there is some rpc endpoint to sign arbitrary data, it has a big red disclaimer in the wallets tho.

paulgmiller · December 12, 2022, 10:04pm

The oldest siging method makes that disclaimer to stop people from being tricked into making transactions but personal sign is pretty safe because it prefixes it something to the data that means it can’t be a transaction.

danieln · December 14, 2022, 4:23pm

Thanks for your feedback.

There are several variants of a signing endpoint. See this for more history on the differences, evolution and risks: Signing Data | MetaMask Docs

@lidel just wrote an elaborate update on signing IPNS with Metamask/cryptowallets IPNS: support Ethereum wallet signing · Issue #323 · ipfs/specs · GitHub

SionoiS · December 15, 2022, 12:28pm

For my use case, I finally decided to not use ETH signatures, here’s why.

Key rotation is a must and to complement that, ETH account can sign a message that allow certain other keys to update IPNS record for some identity.

This system is going in the same direction as UCANs tokens. Bunch of keys can be bundled together in a way that allow rotation and specify X keys are for X purpose.

Easy to use decentralized identity will happen and the problems of I need this system to support this crypto will disappear IMO.