| # Integration Guide: Adding Secure Signing to Coldstar SOL | |
| This guide shows how to integrate the Rust secure signer into your existing Python Coldstar SOL CLI. | |
| ## Overview | |
| The Rust signing core will replace Python-based key handling with secure, memory-locked operations. The integration is designed to be minimally invasive to your existing codebase. | |
| ## Integration Strategy | |
| ``` | |
| Before (Insecure): | |
| βββββββββββββββββββββββββββββββββββββββββββ | |
| β Python CLI β | |
| β ββ Load key from file β | |
| β ββ Key in Python memory (INSECURE) β | |
| β ββ Sign transaction in Python β | |
| βββββββββββββββββββββββββββββββββββββββββββ | |
| After (Secure): | |
| βββββββββββββββββββββββββββββββββββββββββββ | |
| β Python CLI β | |
| β ββ Load encrypted container β | |
| β ββ Call Rust signer βββββββββββ β | |
| βββββββββββββββββββββββββββββββββββΌβββββββββ | |
| βΌ | |
| βββββββββββββββββββββββββββ | |
| β Rust Signing Core β | |
| β ββ Decrypt in locked β | |
| β β memory β | |
| β ββ Sign transaction β | |
| β ββ Zeroize & return β | |
| βββββββββββββββββββββββββββ | |
| ``` | |
| ## Security Checklist | |
| After integration, verify: | |
| - [ ] Plaintext keys are deleted (or securely backed up offline) | |
| - [ ] Encrypted containers are created with strong passphrases (12+ characters) | |
| - [ ] Passphrase prompts use `getpass` (not visible on screen) | |
| - [ ] No plaintext keys are logged or printed | |
| - [ ] File permissions on encrypted containers are restrictive (`chmod 600`) | |
| - [ ] Backup encrypted containers securely | |
| - [ ] Test signing with correct and incorrect passphrases | |
| ## Rollback Plan | |
| If you need to rollback to the old system: | |
| 1. Keep your original `keypair.json` backed up (securely!) | |
| 2. Keep the old wallet/transaction code in a separate branch | |
| 3. Test thoroughly before deleting plaintext keys | |
| ## Performance Considerations | |
| - **FFI mode**: ~0.1ms overhead per signature (negligible) | |
| - **CLI mode**: ~10-50ms overhead per signature (process startup) | |
| For production with high throughput, use FFI mode. For development or occasional use, CLI mode is fine. | |
| ## Troubleshooting | |
| ### "Secure signer not available" | |
| The Rust library isn't built or not found. Build it: | |
| ```bash | |
| cd rust_signer | |
| cargo build --release | |
| ``` | |
| ### "Failed to lock memory" | |
| Your system may have limits on locked memory. Increase the limit: | |
| ```bash | |
| # Temporary (current session) | |
| ulimit -l unlimited | |
| # Permanent (add to /etc/security/limits.conf) | |
| * soft memlock unlimited | |
| * hard memlock unlimited | |
| ``` | |
| ### "Decryption failed" | |
| - Check that you're using the correct passphrase | |
| - Verify the encrypted container file isn't corrupted | |
| - Try recreating the container from the original key | |
| ## Next Steps | |
| 1. **Integrate with UI**: Add passphrase prompts to your UI | |
| 2. **Key Rotation**: Implement periodic key rotation | |
| 3. **Multi-Sig**: Extend for multi-signature support | |
| 4. **Hardware Integration**: Consider HSM integration for production | |
| ## Support | |
| For issues or questions: | |
| - Check the README.md and SECURITY.md | |
| - Review the example code in python_signer_example.py | |
| - Open an issue with detailed logs and steps to reproduce | |