Integrating TPM/Secure Enclave support into libp2p

[vgarleanu]

Hi there, for security reasons I would like to integrate support for the Apple Enclave and in the future, various TPMs. The main reason is that I would like the Private key of the keypair to not be accessible directly so that it can't be copied/exported/tampered with.

Has anyone attempted to do this and is there any architectural advice that someone can give me?

From a quick glance at the code in libp2p-identity, it seems that it might be enough to add a new Keypair variant that is not owned, ie it is owned by the enclave subsystem.

Any thoughts would be highly appreciated!

[mxinden]

Has anyone attempted to do this and is there any architectural advice that someone can give me?

I am not aware of any such attempt.

From a quick glance at the code in libp2p-identity, it seems that it might be enough to add a new Keypair variant that is not owned, ie it is owned by the enclave subsystem.

That sounds like a good starting point for a proof of concept.

While I'm not against the feature, I think it's not justified if it introduces excessive complexity.