Azure Keyvault and AWS Key management service is the main key inspiration for this project.
What it does
A secure multi-tenant RSK KMS is a key management service built with the RSK Blockchain and Smart Contracts. The contract is designed to securely manage the sensitive keys which the application or products can make use of. Security and Privacy are two things that are primarily focused on and taken care of as part of the smart contract development.
The Application is responsible for encrypting and decrypting the key values with the help of the "RSA" certificate, whereas the RSK smart contract is for managing the sensitive key info on the RSK blockchain.
How I built it
The RSK KMS is built with smart contracts. There are two aspects to it. The Smart Contract was coded using the Solidity programming language. Whereas the consumer of the contract was built in C# with the help of the popular open-source C# library - NEthereum
There are two main applications or client consumers that are built as part of this effort. One is the RSM KMS Console app and the other one is a desktop app with a rick presentation. Both of the apps handle the same key management related to functionalities or aspects.
Here is the list of current problems that we have with the existing KMS Vendors.
- Controlled by bigger corporates.
- Priced per transaction.
- No control over the sensitive data as they are managed by the KMS Providers.
- Hardware Security Modules (HSM) costs a lot and not so easy to use.
- The on-premise KMS requires a complete set of HSM and is not affordable for Startups/medium companies.
What are we solving?
With the help of RSK Platform, Here are the key aspects that we are solving.
- Decentralized solution. Not controlled by a single entity or organization.
- Easy and affordable solution.
- Open source solution. Allows everyone to review, audit, enhance, and build their own KMS.
- A secure multi-tenant KMS.
- Best suited for cloud as well as on-premise.
- Independent of technology and vendor.
- Secure and transparent solution.
- A full proof solution.
Here are the use-cases where one can make use of the RSK KMS.
- Secure and Sensitive Key management outside of the Application.
- A fully decentralized SaaS-based service to customers to manage the application configurations in a safe and secure manner.
- Build a "Multi-Tenant" password management service like Lastpass.
- Build a true identity based key management service for various consumers within our outside of the organization.
- Build a customizable and low-cost innovative blockchain-based secure key management service to customers.
- Adopt to customers or use your own apps for better secure management of keys outside of the application.
- Build the most secure and scalable secure key management service with zero downtime.
Here's the high-level view of the client and contracts communication architecture diagram.
Here is the list of technologies that are being used for this project.
- RSK Blockchain
- Smart contract using Solidity
- Microsoft .NET
Challenges I ran into
As part of the RSK Contract development and consuming the same, I happened to face several challenges including the contract deployment and communicating the same via the C# Console and Desktop App.
Accomplishments that I'm proud of
I am really proud of the design and development of secure sensitive key management in the most simplistic manner.
What I learned
I learned how to work well with the RSK Blockchain via the Solidity based smart contract. Also, I learnt how to work with C# NEthereum and RSK Blockchain. Deployment and troubleshooting of issues etc.
What's next for RSK KMS (Key Management Service)
- Handling a true claims or roles and permission based contracts. It’s easy to integrate or extend the solution.
- Password management services such as LastPass are best examples where we can use these concepts.