reorganize: consolidate keystore in /opt/aitbc/keys
Some checks failed
CLI Tests / test-cli (push) Has been cancelled
Documentation Validation / validate-docs (push) Has been cancelled
Security Scanning / security-scan (push) Has been cancelled
Integration Tests / test-service-integration (push) Has been cancelled
Python Tests / test-python (push) Has been cancelled
Systemd Sync / sync-systemd (push) Has been cancelled
API Endpoint Tests / test-api-endpoints (push) Has been cancelled
Some checks failed
CLI Tests / test-cli (push) Has been cancelled
Documentation Validation / validate-docs (push) Has been cancelled
Security Scanning / security-scan (push) Has been cancelled
Integration Tests / test-service-integration (push) Has been cancelled
Python Tests / test-python (push) Has been cancelled
Systemd Sync / sync-systemd (push) Has been cancelled
API Endpoint Tests / test-api-endpoints (push) Has been cancelled
- Move keystore from /var/lib/aitbc/keystore to /opt/aitbc/keys - Consolidate validator_keys.json, .password, and README.md - Update README with comprehensive documentation - Centralize key management for better organization - Maintain secure permissions (600 for sensitive files)
This commit is contained in:
aitbc
81
keys/README.md
Normal file
81
keys/README.md
Normal file
@@ -0,0 +1,81 @@
|
||||
# AITBC Keys Directory
|
||||
|
||||
## 🔐 Purpose
|
||||
Secure storage for blockchain cryptographic keys and keystore files.
|
||||
|
||||
## 📁 Contents
|
||||
|
||||
### Validator Keys
|
||||
- **`validator_keys.json`** - Validator key pairs for PoA consensus
|
||||
- **`.password`** - Keystore password (secure, restricted permissions)
|
||||
- **`README.md`** - This documentation file
|
||||
|
||||
## 🔑 Key Types
|
||||
|
||||
### Validator Keys
|
||||
```json
|
||||
{
|
||||
"0x1234567890123456789012345678901234567890": {
|
||||
"private_key_pem": "RSA private key (PEM format)",
|
||||
"public_key_pem": "RSA public key (PEM format)",
|
||||
"created_at": 1775124393.78119,
|
||||
"last_rotated": 1775124393.7813215
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Keystore Password
|
||||
- **File**: `.password`
|
||||
- **Purpose**: Password for encrypted keystore operations
|
||||
- **Permissions**: 600 (root read/write only)
|
||||
- **Format**: Plain text password
|
||||
|
||||
## 🛡️ Security
|
||||
|
||||
### File Permissions
|
||||
- **validator_keys.json**: 600 (root read/write only)
|
||||
- **.password**: 600 (root read/write only)
|
||||
- **Directory**: 700 (root read/write/execute only)
|
||||
|
||||
### Key Management
|
||||
- **Rotation**: Supports automatic key rotation
|
||||
- **Encryption**: PEM format for standard compatibility
|
||||
- **Backup**: Regular backups recommended
|
||||
|
||||
## 🔧 Usage
|
||||
|
||||
### Loading Validator Keys
|
||||
```python
|
||||
import json
|
||||
with open('/opt/aitbc/keys/validator_keys.json', 'r') as f:
|
||||
keys = json.load(f)
|
||||
```
|
||||
|
||||
### Keystore Password
|
||||
```bash
|
||||
# Read keystore password
|
||||
cat /opt/aitbc/keys/.password
|
||||
```
|
||||
|
||||
## 📋 Integration
|
||||
|
||||
### Blockchain Services
|
||||
- **PoA Consensus**: Validator key authentication
|
||||
- **Block Signing**: Cryptographic block validation
|
||||
- **Transaction Verification**: Digital signature verification
|
||||
|
||||
### AITBC Components
|
||||
- **Consensus Layer**: Multi-validator PoA mechanism
|
||||
- **Security Layer**: Key rotation and management
|
||||
- **Network Layer**: Validator identity and trust
|
||||
|
||||
## ⚠️ Security Notes
|
||||
|
||||
1. **Access Control**: Only root should access these files
|
||||
2. **Backup Strategy**: Secure, encrypted backups required
|
||||
3. **Rotation Schedule**: Regular key rotation recommended
|
||||
4. **Audit Trail**: Monitor key access and usage
|
||||
|
||||
## 🔄 Migration
|
||||
|
||||
Previously located at `/var/lib/aitbc/keystore/` - moved to `/opt/aitbc/keys/` for centralized key management.
|
||||
Reference in New Issue
Block a user