[BC/CWC] Wallet private key updates [1] #4068
Conversation
…sses, & expose method with DeriverProxy
…sses and add passthrough on DeriverProxy
…t to expected form
kajoseph
added
CWC
MichaelAJay
changed the title
kajoseph
left a comment
kajoseph
left a comment
There was a problem hiding this comment.
I think a better approach may be to auto migrate wallets with version < 2 to v2. That way we can avoid carve-outs while actively push better security.
loadWallet() {
const wallet = read wallet file;
if (wallet.version < 2) {
convert to v2 wallet;
backup wallet file to .bak;
overwrite wallet file with v2;
}
}
…loadWallet with 'raw' param
…t-privatekey-ref
…t-privatekey-ref
|
|
||
| /** | ||
| * New methods | ||
| * TODO: Deprecate above as necessary |
There was a problem hiding this comment.
Should we mark the above as @deprecated?
| /** | ||
| * Temporary - converts decrypted private key buffer to chain-native private key format | ||
| */ | ||
| privateKeyBufferToNativePrivateKey(buf: Buffer, network: string): any; |
There was a problem hiding this comment.
Sort of. It depends on how much we want THIS PR to do.
The point of this is that it pushes the buffer private keys all the way to the boundary - Wallet side.
Next would be updating the called libraries and sending buffers straight on through.
I think that should be a second effort after this one.
There was a problem hiding this comment.
This seems like some odd scope overlap. It's temporary but to be used in the future? Let's just save it for when we do the future work.
| } | ||
| } | ||
|
|
||
| // @deprecated - Use encryptBuffer |
There was a problem hiding this comment.
Invalid jsdoc. Should be
/** @deprecated - Use encryptBuffer */
| return this.storageType.saveWallet({ wallet }); | ||
| } | ||
|
|
||
| // @deprecated |
There was a problem hiding this comment.
Invalid jsdoc. What fn replaced it?
(+more below)
| const encData = cipher.update(privKey, 'utf8', 'hex') + cipher.final('hex'); | ||
| return encData; | ||
| // Store buffers this method makes to sanitize | ||
| const createdBuffers: Buffer[] = []; |
There was a problem hiding this comment.
This function seems overcomplicated. Why not just:
export function encryptPrivateKey(privKey, pubKey, encryptionKey) {
encryptionKey = Buffer.from(encryptionKey, 'hex');
privKey = Buffer.from(privKey, 'utf8');
return encryptBuffer(privKey, pubKey, encryptionKey);
}
2 participants
bitcore-client
Encryption
Storage
addKeysSafe- incoming keys' private key is encrypted, so not immediately available to be used to retrieve pubkey, which should be available anyway. Throws if missing a pubkeyWallet
createencrypts HDPrivateKey xprivkey and privateKey so they can be decrypted as buffers instead of serializing the whole masterKey and THEN encryptingimportKeysdoes the same for signing keyssignTxdecrypts to buffers then uses deriver for chain-aware decoding. In the next phase, this decoding should be made unnecessary by passing the buffer all the way through to use, if possibleTests
crypto-wallet-core
Derivation
privateKeyToBufferandprivateKeyBufferToNativePrivateKeyto IDeriver & implement for each Deriver - no need to override for any of the extending classes (UTXOs to AbstractBitcoreLibDeriver & EVM to EthDeriver)