Skip to content

verify we have the private key for an identity before signing#1790

Open
HayimShaul wants to merge 6 commits into
mainfrom
1638_verify_ownership
Open

verify we have the private key for an identity before signing#1790
HayimShaul wants to merge 6 commits into
mainfrom
1638_verify_ownership

Conversation

@HayimShaul

@HayimShaul HayimShaul commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Verify we have the secret key for an id given in Echo Path matches a key in our wallet.
Addresses issue #1638

@HayimShaul HayimShaul added this to the Q3/26 milestone Jun 18, 2026
@HayimShaul HayimShaul linked an issue Jun 18, 2026 that may be closed by this pull request
@HayimShaul HayimShaul marked this pull request as ready for review June 18, 2026 11:10
Comment thread token/services/ttx/recipients.go Outdated
@AkramBitar

Copy link
Copy Markdown
Contributor

@adecaro could you please have a look at that PR? I need your help here. Thanks a lot.

@HayimShaul HayimShaul force-pushed the 1638_verify_ownership branch from 08b4b54 to cb97f37 Compare June 30, 2026 07:52
// Step 2: Verify we possess the private key by attempting to retrieve the signer
// This proves ownership, not just visibility
if !w.Remote() {
_, err = w.GetSigner(context.Context(), suppliedIdentity)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please, can you explain why w.Contains does not guarantee that we are also able to sign with this identity? Under which condition does this happen?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

w.Contains queries a wallet-to-identity mapping table — it answers "was this identity ever registered/bound to this wallet?" by checking a DB row written by BindIdentity or RegisterRecipientData. GetSigner is a completely separate question: "can I produce a cryptographic signature right now?" which requires the private key to be locally available and is answered by attempting to reconstruct a live signer via DeserializeSigner against a different store (StoreSignerInfo/the local key store). The two stores are populated by entirely independent code paths, so an identity can be fully enrolled in the wallet — its bytes bound to the wallet ID, its audit info persisted — while the private key never existed on this node. The canonical example is a remote/KMS wallet (IsRemote() == true, meaning userKeySKI == nil for Idemix or sID == nil for X.509) and an Idemix pseudonym registered as a counterparty recipient (where only BindIdentity + RegisterRecipientData were called, never RegisterSigner).

Comment thread token/services/ttx/recipients.go Outdated
@HayimShaul HayimShaul force-pushed the 1638_verify_ownership branch from c97c2f7 to bddcf40 Compare July 1, 2026 14:51
@HayimShaul HayimShaul force-pushed the 1638_verify_ownership branch from 3ff66c8 to b1f8328 Compare July 9, 2026 07:36
Hayim.Shaul@ibm.com added 6 commits July 12, 2026 07:50
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
@HayimShaul HayimShaul force-pushed the 1638_verify_ownership branch from 3c6c10f to fff9543 Compare July 12, 2026 07:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Implement Ownership Verification and Field Reconstruction [HIGH]

3 participants