New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce 256 bit keys on raw import, support raw mobile imports #14502
Conversation
@ligi PTAL |
YAY - LGTM - Thanks! |
After thinking about it a bit more - perhaps also exporting should be done to get symmetric API-wise - that said for exporting I think I will in the end use JSON for making paper-wallets with WALLETH - just opened #14481 as I saw raw keys used for paper-wallets often - so I need it for importing - but otherwise I like the context that the JSON gives .. |
I don't think we want to support that use case tbh. Exporting unencrypted raw private keys has more dangers that benefits imho. The whole use case of exporting keys is to allow moving them to a different service/device, which is covered by the json format. |
Regarding generating paper wallets, I can accept to put raw keys on paper wallets, but those should be done when generating the account and not later (which is a security risk if your mobile is stolen). Similarly to how hardware wallets do the recovery mnemonics. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's see what breaks
No regression tests? |
@chfast Please provide a bit more detail :) |
Fixes #14481
The first commit changes our crypto API a bit so importing raw ECDSA keys are enforced to be 32 bytes in size not only for hex strings, but for raw byte slices too. The second commit surfaces importing raw keys into the mobile keystore (hence why it was important to enforce the correct bytes, to prevent users importing hex strings accidentally).