Security

This section covers many security related aspects of Canton.

Note

This section is in development and will be extended over the coming months.

Ledger-API Authorization

The Ledger Api provides authorization support using JWT tokens. While the JWT token authorization allows to authorize third party applications properly, it poses some issues for Canton internal services such as the PingService or the DarService, which are used to manage domain wide concerns. Therefore, Canton generates on each startup a new admin bearer token (64 bytes, randomly generated, hex-encoded) which is communicated to these services internally and used by these services to authorize themselves on the Ledger Api. The admin token allows to act as any party registered on that participant node.

The admin token is only used within the same process. Therefore, in order to obtain this token, an attacker needs to be able to either dump the memory or capture the network traffic, which typically only a privileged user can do.

It is important to enable TLS together with JWT support in general, as otherwise, tokens can be leaked to an attacker that has the ability to inspect network traffic.