rfc: proposal for standard private key handling

[frrist]

📘 Preview

[alanshaw]

👍 I'm fine with this, for the reason of switching to PEM is mildy better from the standpoint of developer familiarity - I'm not convinced there's really any concrete advantages beyond that, which the existing format doesn't already support.

[alanshaw]

Ok a few observations:

1. I believe you introduced PEM.
2. I don't know if we've ever actually used JSON to pass around private keys although I know the w3 CLI has the option to print them as JSON.
3. I don't believe we've ever passed plain base64 encoded strings around but maybe I'm incorrect.

So there was only really the 1 format prior - for which some of the reasons below don't apply.

I'm not trying to oppose the proposal here but I think if this was phrased more as "switch from multibase base64 padded private keys to PEM" then I think it would be more accurate.

[frrist]

You're absolutely right on all points - thank you for the clarification.

I don't believe we've ever passed plain base64 encoded strings around but maybe I'm incorrect.

You're correct - looking at my shell history, we've been using multibase base64 padded strings, not plain base64.

I believe you introduced PEM

Yes, I did introduce PEM to the storage node. The current state is:

• storage id gen returns JSON with a DID and multibase-base64-padded private key.
• I added --type=pem option for PEM output (needed for Curio's API authentication).
• I added storage id parse to convert between formats, and to extract DIDs from PEM files.

The PEM format was specifically introduced to work with Curio's API, which requires PEM-formatted public keys for authentication.

I think if this was phrased more as "switch from multibase base64 padded private keys to PEM" then I think it would be more accurate

Yeah, the accurate framing is probably: "Switch from multibase base64 padded private keys to PEM". JSON is only used as an output wrapper in some cases, not as a key format itself.

It's worth noting that at the end of this doc the need for custom tooling to extract DIDs from PEM files is outlined. Curious what your thoughts are on this.

[alanshaw]

Yes, but typically we want to display the DID at the same time, so we have to dip back into our own tooling anyways.

[frrist]

Yeah, mentioned that here: https://github.com/storacha/RFC/pull/54/files#diff-d7bd9ff16dbeeb26dbb100c755bc613b14dfd9603e87cbcd5a7e56a694586c9cR170

[alanshaw]

🤷 the multibase encoded string is also self describing - the decoded bytes are also prefixed with the alogorithm. PEM has the advantage of being human readable to some extent.

[frrist]

My main concerns with multibase for private key material center around tooling, file conventions, and security.

• Most common cryptographic tools (OpenSSL, ssh-keygen, keytool, etc.) have native support for PEM format when working with private keys. With multibase-encoded keys, we typically need custom tooling or conversion steps for common operations like key generation, inspection, or format conversion.

• PEM has well-established conventions - .pem files, standard permissions (600), and clear practices around key storage. With multibase strings, we'd need to define our own conventions: What file extension? Plain text files? JSON wrapper?

• PEM has built-in support for passphrase encryption. For multibase, we'd need to implement our own encryption scheme or wrap it in another format, essentially recreating what PEM already provides

At the end of the day, specifically for the storage node, I'd prefer to maintain key material in a file, rather than a string passed over the CLI or environment variable.

[alanshaw]

Again, same for existing format.

[alanshaw]

We have historically used AWS SSM for deployed services and would continue to do so regardless of encoding (I understand this is not the same situation for storage nodes).

[frrist]

@alanshaw assuming we align on PEM as our mechanism for handling key material, curious to hear your thoughts on these bits.