[ros-users] [Discourse.ros.org] [Next Generation ROS] SROS2 - Securing certs and keys

ruffsl ros.discourse at gmail.com
Tue Aug 8 01:55:47 UTC 2017

Hello @narayave,

The current way the certificates are being constructed is quite basic: via subprocess commands to openssl's CLI. Once you exicute the [`create_keystore`](https://github.com/ros2/sros2/blob/bc8b86a8a8f0f5b2d50ce4aa400ea4d2018b9044/SROS2_Linux.md#generate-a-keystore) command via the SROS CLI, an [api](https://github.com/ros2/sros2/blob/b0d6934f15a71c1cf1f1f61d18d9ed7052ffd11d/sros2/api/__init__.py#L164) is triggered to bootstrap the openssl configuration files, then calls upon openssl command to generate the private keys, and singe the necessary public certificates. 

Later, should you decide to invoke access control, the [`create_permission`](https://github.com/ros2/sros2/blob/bc8b86a8a8f0f5b2d50ce4aa400ea4d2018b9044/SROS2_Linux.md#access-control-rti-connext-only-from-source-only) command will again use the keystore to sing governance and permission files consumed by the vendor specific middle ware to enable access control enforcement as defined in the [OMG DDS-SECURITY](http://www.omg.org/spec/DDS-SECURITY/1.0/) spec.

I'm working on refactoring this to use something like a modern python library such as [cryptography](https://cryptography.io/en/latest/) to more pragmatically control the key generation and signing of certificate authorities, like I did for SROS1. Last year I did spend a brief amount of time exploring more rigorous keystore solutions, such as open source projects like Vault:


However, in the end I figured most end users would not enjoy installing and learning a host of other dependencies and frameworks, and would more likely impeded the ease of use and adoption of SROS. So I went with the simple method of optionally ciphering the private keys to disk. Most PKI frameworks support loading ciphered keys via secrets that can be supplied at runtime, as used in SROS1 [here](http://wiki.ros.org/SROS/EnvironmentVariables#SROS_PASSWORD). End users can easily take additional steps from there to guard private keys via additional custom solutions if need be.

What secure keystores methods where you looking at? It would still be nice if we could design SROS2 to interoperate easily with other 3rd party keystores methods.

[Visit Topic](https://discourse.ros.org/t/sros2-securing-certs-and-keys/2400/2) or reply to this email to respond.

More information about the ros-users mailing list