zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9958 Commits
183 Branches
291 MiB
 
 
 
 
 
 
Tree: f992a7e740
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f992a7e740'
${ noResults }
tendermint/docs/nodes/remote-signer.md

3.7 KiB
Raw Blame History

order
7

Remote signer

Tendermint provides a remote signer option for validators. A remote signer enables the operator to store the validator key on a different machine minimizing the attack surface if a server were to be compromised.

The remote signer protocol implements a client and server architecture. When Tendermint requires the public key or signature for a proposal or vote it requests it from the remote signer.

To run a secure validator and remote signer system it is recommended to use a VPC (virtual private cloud) or a private connection.

There are two different configurations that can be used: Raw or gRPC.

Raw

While both options use tcp or unix sockets the raw option uses tcp or unix sockets without http. The raw protocol sets up Tendermint as the server and the remote signer as the client. This aids in not exposing the remote signer to public network.

Warning: Raw will be deprecated in a future major release, we recommend implementing your key management server against the gRPC configuration.

gRPC

gRPC is an RPC framework built with HTTP/2, uses Protocol Buffers to define services and has been standardized within the cloud infrastructure community. gRPC provides a language agnostic way to implement services. This aids developers in the writing key management servers in various different languages.

GRPC utilizes TLS, another widely standardized protocol, to secure connections. There are two forms of TLS to secure a connection, one-way and two-way. One way is when the client identifies the server but the server allows anyone to connect to it. Two-way is when the client identifies the server and the server identifies the client, prohibiting connections from unknown parties.

When using gRPC Tendermint is setup as the client. Tendermint will make calls to the remote signer. We recommend not exposing the remote signer to the public network with the use of virtual private cloud.

Securing your remote signers connection is highly recommended, but we provide the option to run it with a insecure connection.

Generating Certificates

To run a secure connection with gRPC we need to generate certificates and keys. We will walkthrough how to self sign certificates for two-way TLS.

There are two ways to generate certificates, openssl and certstarp. Both of these options can be used but we will be covering certstrap because it provides a simpler process then openssl.

  • Install Certstrap:
  go get github.com/square/certstrap@v1.2.0
  • Create certificate authority for self signing.
 # generate self signing ceritificate authority
 certstrap init --common-name "<name_CA>" --expires "20 years"
  • Request a certificate for the server.
    • For generalization purposes we set the ip to 127.0.0.1, but for your node please use the servers IP.
  • Sign the servers certificate with your certificate authority
 # generate server cerificate
 certstrap request-cert -cn server -ip 127.0.0.1
 # self-sign server cerificate with rootCA
 certstrap sign server --CA "<name_CA>" 127.0.0.1
  • Request a certificate for the client.
    • For generalization purposes we set the ip to 127.0.0.1, but for your node please use the clients IP.
  • Sign the clients certificate with your certificate authority
# generate client cerificate
 certstrap request-cert -cn client -ip 127.0.0.1
# self-sign client cerificate with rootCA
 certstrap sign client --CA "<name_CA>" 127.0.0.1