oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

reorganize: consolidate keystore in /opt/aitbc/keys
Some checks failed
CLI Tests / test-cli (push) Has been cancelled
Details
Documentation Validation / validate-docs (push) Has been cancelled
Details
Security Scanning / security-scan (push) Has been cancelled
Details
Integration Tests / test-service-integration (push) Has been cancelled
Details
Python Tests / test-python (push) Has been cancelled
Details
Systemd Sync / sync-systemd (push) Has been cancelled
Details
API Endpoint Tests / test-api-endpoints (push) Has been cancelled
Details

Browse Source 
- Move keystore from /var/lib/aitbc/keystore to /opt/aitbc/keys
- Consolidate validator_keys.json, .password, and README.md
- Update README with comprehensive documentation
- Centralize key management for better organization
- Maintain secure permissions (600 for sensitive files)
This commit is contained in:
aitbc
2026-04-02 14:11:11 +02:00
parent 180622c723
commit 6d8107fa37
1 changed files with 81 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
keys/README.md Normal file
View File

@@ -0,0 +1,81 @@
# AITBC Keys Directory
## 🔐 Purpose
Secure storage for blockchain cryptographic keys and keystore files.
## 📁 Contents
### Validator Keys
- **`validator_keys.json`** - Validator key pairs for PoA consensus
- **`.password`** - Keystore password (secure, restricted permissions)
- **`README.md`** - This documentation file
## 🔑 Key Types
### Validator Keys
```json
{
"0x1234567890123456789012345678901234567890": {
"private_key_pem": "RSA private key (PEM format)",
"public_key_pem": "RSA public key (PEM format)",
"created_at": 1775124393.78119,
"last_rotated": 1775124393.7813215
}
}
```
### Keystore Password
- **File**: `.password`
- **Purpose**: Password for encrypted keystore operations
- **Permissions**: 600 (root read/write only)
- **Format**: Plain text password
## 🛡️ Security
### File Permissions
- **validator_keys.json**: 600 (root read/write only)
- **.password**: 600 (root read/write only)
- **Directory**: 700 (root read/write/execute only)
### Key Management
- **Rotation**: Supports automatic key rotation
- **Encryption**: PEM format for standard compatibility
- **Backup**: Regular backups recommended
## 🔧 Usage
### Loading Validator Keys
```python
import json
with open('/opt/aitbc/keys/validator_keys.json', 'r') as f:
keys = json.load(f)
```
### Keystore Password
```bash
# Read keystore password
cat /opt/aitbc/keys/.password
```
## 📋 Integration
### Blockchain Services
- **PoA Consensus**: Validator key authentication
- **Block Signing**: Cryptographic block validation
- **Transaction Verification**: Digital signature verification
### AITBC Components
- **Consensus Layer**: Multi-validator PoA mechanism
- **Security Layer**: Key rotation and management
- **Network Layer**: Validator identity and trust
## ⚠️ Security Notes
1. **Access Control**: Only root should access these files
2. **Backup Strategy**: Secure, encrypted backups required
3. **Rotation Schedule**: Regular key rotation recommended
4. **Audit Trail**: Monitor key access and usage
## 🔄 Migration
Previously located at `/var/lib/aitbc/keystore/` - moved to `/opt/aitbc/keys/` for centralized key management.