diff --git a/docs/examples/create_wallet/create_wallet.go b/docs/examples/create_wallet/create_wallet.go index 6b6f4de4..9d0422cb 100644 --- a/docs/examples/create_wallet/create_wallet.go +++ b/docs/examples/create_wallet/create_wallet.go @@ -1,6 +1,7 @@ package main import ( + "crypto/sha256" "fmt" "log" @@ -79,7 +80,8 @@ func main() { // Get the public key from the private key publicKey := privateKey.PubKey() - fmt.Printf("Derived Public Key (Hex): %x\n", publicKey.Compressed()) + publicKeyHash := sha256.Sum256(publicKey.Compressed()) + fmt.Printf("Derived public key fingerprint: %x\n", publicKeyHash[:8]) // Get the P2PKH address from the public key // This is one way to get the address. diff --git a/docs/examples/generate_hd_key/README.md b/docs/examples/generate_hd_key/README.md index c0e09903..161de744 100644 --- a/docs/examples/generate_hd_key/README.md +++ b/docs/examples/generate_hd_key/README.md @@ -7,7 +7,7 @@ This example demonstrates how to use the `bip32` compatibility package to genera The `generate_hd_key` example showcases: 1. Calling `bip32.GenerateHDKeyPair` with a specified seed length (`bip32.SecureSeedLength`). 2. Receiving the generated extended private key (xPriv) and extended public key (xPub). -3. Printing both keys. +3. Verifying the public key via a fingerprint without exposing key material. ## Code Walkthrough @@ -21,9 +21,9 @@ if err != nil { log.Fatalf("Error generating HD key pair: %s", err.Error()) } -// Print the generated keys -log.Printf("xPrivateKey: %s\n", xPrivateKey) -log.Printf("xPublicKey: %s\n", xPublicKey) +// Never log raw keys. Use a small fingerprint to confirm success. +fingerprint := sha256.Sum256([]byte(xPublicKey)) +log.Printf("Generated HD key pair (xPriv length: %d, xPub fingerprint: %x)", len(xPrivateKey), fingerprint[:8]) ``` This section shows the direct use of `bip32.GenerateHDKeyPair`. This function creates a new master HD key from a randomly generated seed of the given length. It returns the extended private key (xPriv) and the corresponding extended public key (xPub) as strings. @@ -35,11 +35,11 @@ To run this example: ```bash go run generate_hd_key.go ``` -The output will be the newly generated xPrivateKey and xPublicKey strings. Each run will produce a different key pair. +The output will confirm the generated key lengths and show a short fingerprint of the xPub. Each run will produce a different key pair, so securely store the raw keys instead of logging them. **Note**: -- The generated xPrivateKey is the master private key for an HD wallet structure. It should be kept extremely secure. -- The xPublicKey can be used to derive child public keys without exposing the private key. +- The generated xPrivateKey is the master private key for an HD wallet structure. It should be kept extremely secure and never logged in plaintext. +- The xPublicKey can be used to derive child public keys without exposing the private key. Only expose fingerprints when confirming values in logs. - `bip32.SecureSeedLength` is typically 32 bytes (256 bits) or 64 bytes (512 bits) for strong security. ## Integration Steps diff --git a/docs/examples/generate_hd_key/generate_hd_key.go b/docs/examples/generate_hd_key/generate_hd_key.go index 3b7401fb..195dc22f 100644 --- a/docs/examples/generate_hd_key/generate_hd_key.go +++ b/docs/examples/generate_hd_key/generate_hd_key.go @@ -1,6 +1,7 @@ package main import ( + "crypto/sha256" "log" bip32 "github.com/bsv-blockchain/go-sdk/compat/bip32" @@ -12,6 +13,8 @@ func main() { log.Fatalf("error occurred: %s", err.Error()) } - // Success! - log.Printf("xPrivateKey: %s \n xPublicKey: %s", xPrivateKey, xPublicKey) + // Success! Avoid logging sensitive key material. Use a fingerprint of the public key + // for verification instead of printing the full keys. + publicKeyFingerprint := sha256.Sum256([]byte(xPublicKey)) + log.Printf("Generated HD key pair (xPriv length: %d, xPub fingerprint: %x)", len(xPrivateKey), publicKeyFingerprint[:8]) }