Voting is open for a new IC release - 8b674ed

Hi @JxBrian! Happy to provide some context.

As part of the key rotation feature we started attaching timestamps to public keys generated by the nodes. E.g. in threshold ECDSA, the registry uses a timestamp to keep track of the registration of a key. This is used by the registry to check if it is time for nodes to rotate their keys. Recently we also allowed nodes to record locally when they generated their keys, this could be used, e.g., to raise an alert in case they are not able to register a key for a prolonged period of time.

Regarding the MR. Node keys are stored in the Crypto Service Provider (CSP), and specifically in the CSP Vault which runs in a dedicated process and performs all operations with secret keys. Since keys are only accessible within the vault, this MR introduces an API to let the rest of the replica (specifically the part of the crypto component running in the replica process) to access the key generation timestamp of some public keys. This could be then used to report some metrics about the age of the node keys.

I hope this helps understanding the MR!

5 Likes