RPC: Add support for pub key auth #6598

issue jonasschnelli opened this issue on August 29, 2015

jonasschnelli commented at 9:35 AM on August 29, 2015: contributor
Nice to see progress in improving the RPC server (#5677). A dorn in the flesh is still the http base auth.

What about supporting (as addition or by replacing the http base auth.) something similar to bitpays BitAuth?

Single user auth could work like this:
- The bitcoin.conf could hold a -rpcpubkey=<pubkeyhex>.
- Each request would need to have a x-signature: <sig> http header containing a signature of the URL+http-body.
dcousens commented at 10:13 AM on August 29, 2015: contributor

A symmetric token scheme would probably work just as well IMHO.
jonasschnelli commented at 10:42 AM on August 29, 2015: contributor

IMO asym cypher auth. has advantages over a sym auth. No need to preshare secrets. ECDSA is essential for bitcoin-core so it would be a small change to support pub key auth over ECDSA. And, ... if we once manage to make the RPC server stable and exposable to insecure environments, having a asym. auth process would be better.
dcousens commented at 10:50 AM on August 29, 2015: contributor

@jonasschnelli granted it also puts a much larger burden on the RPC caller to have an ECDSA library on hand, hopefully not making any mistakes.
jonasschnelli commented at 10:56 AM on August 29, 2015: contributor

Agreed. Client side this can be a burden. Because of that, supporting ECDSA auth as addition to base auth. could make sense. On the other hand, I think, lots of client applications are already using a ec stack somehow.
laanwj added the label RPC on Sep 4, 2015
jonasschnelli commented at 1:15 PM on November 18, 2015: contributor

Implementation #6604. Is a controversial change, closing.
jonasschnelli closed this on Nov 18, 2015
MarcoFalke locked this on Sep 8, 2021

Contributors

jonasschnelli

dcousens

Labels

RPC/REST/ZMQ

Linked (view graph)

#5677 libevent-based http server