The Problem
The keygen CLI command generates an Ed25519 keypair, prints the private key in hex to stdout, and says "store this securely." That is the entire key management story.
There is no encrypted keystore. No passphrase protection. No key listing. No key rotation. Developers will do what developers always do: pipe the output to a file, put the file in their home directory, forget about the permissions, and eventually commit it to git.
This is not a theoretical concern. It is what happens every single time a tool outputs raw key material to a terminal.
Where It Breaks
drs-sdk/src/cli/commands/keygen.ts — the command calls crypto.getRandomValues(), derives the public key, encodes both as hex, and prints them. The private key is never encrypted, never stored in a protected format, never associated with metadata (creation date, purpose, rotation schedule).
What Must Change
- Add an encrypted keystore. The private key gets encrypted at rest with a passphrase-derived key. Argon2id for the KDF, XChaCha20-Poly1305 for the cipher. This is the same pattern used by age, ssh-keygen, and Signet's keystore.
- The keystore file must be
chmod 600 on creation. If the platform doesn't support file permissions, warn loudly.
keygen should write to the keystore by default, not to stdout. Add `--stdout` flag for the rare case where raw output is needed, with a warning.- Add
key list, key export (public only), and key delete subcommands.
- Never print the private key without the user explicitly asking for it.
Severity
HIGH for adoption and operational security. The crypto primitives are correct — the key generation is fine. But generating a good key and then storing it badly is the same as having a bad key.
The Problem
The
keygenCLI command generates an Ed25519 keypair, prints the private key in hex to stdout, and says "store this securely." That is the entire key management story.There is no encrypted keystore. No passphrase protection. No key listing. No key rotation. Developers will do what developers always do: pipe the output to a file, put the file in their home directory, forget about the permissions, and eventually commit it to git.
This is not a theoretical concern. It is what happens every single time a tool outputs raw key material to a terminal.
Where It Breaks
drs-sdk/src/cli/commands/keygen.ts— the command callscrypto.getRandomValues(), derives the public key, encodes both as hex, and prints them. The private key is never encrypted, never stored in a protected format, never associated with metadata (creation date, purpose, rotation schedule).What Must Change
chmod 600on creation. If the platform doesn't support file permissions, warn loudly.keygenshould write to the keystore by default, not to stdout. Add `--stdout` flag for the rare case where raw output is needed, with a warning.key list,key export(public only), andkey deletesubcommands.Severity
HIGH for adoption and operational security. The crypto primitives are correct — the key generation is fine. But generating a good key and then storing it badly is the same as having a bad key.