Master key should not be input with env or args #106

zhongguozhang · 2018-11-01T07:58:02Z

查看自己的钱包余额时，如果之前有输入master key，则提示失败。

错误提示如下：

./cql -config conf/config.yaml -get-balance

ERRO[0000] decrypt private key error caller="privatekeystore.go:50 crypto/kms.LoadPrivateKey"

INFO[0000] load private key failed: invalid PKCS#7 padding caller="privatekeystore.go:90 crypto/kms.InitLocalKeyPair"

ERRO[0000] unexpected error while loading private key: invalid PKCS#7 padding caller="privatekeystore.go:109 crypto/kms.InitLocalKeyPair"

ERRO[0000] init covenantsql client failed: invalid PKCS#7 padding caller="main.go:196 main.main"

auxten · 2018-11-02T06:34:13Z

You can try -password to pass a master key.
This is vulnerable and will be changed to use an interactive way to let user input master key in the console.

zhongguozhang · 2018-11-02T07:12:18Z

测过了， ./cql -config conf/config.yaml -get-balance -password xxxxxx 这样可以

auxten · 2019-03-28T03:12:06Z

Fixed at #284

auxten added the vuln Vulnerability label Nov 2, 2018

auxten changed the title ~~查看自己的钱包余额时，如果之前有输入master key，则提示失败。~~ Master key should not be input with env or args Nov 4, 2018

auxten closed this as completed Mar 28, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Master key should not be input with env or args #106

Master key should not be input with env or args #106

zhongguozhang commented Nov 1, 2018

auxten commented Nov 2, 2018

zhongguozhang commented Nov 2, 2018

auxten commented Mar 28, 2019

Master key should not be input with env or args #106

Master key should not be input with env or args #106

Comments

zhongguozhang commented Nov 1, 2018

auxten commented Nov 2, 2018

zhongguozhang commented Nov 2, 2018

auxten commented Mar 28, 2019