New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make tx keys available to the user #380
Conversation
They are also stored in the cache file, to be retrieved using a new get_tx_key command.
bc97938
to
6c99571
Compare
This seems problematic from a security perspective.
Also (not a security issue)
If I recall correctly (I could be wrong) there is no private information going over the RPC currently, so this is a significant (de?) evolution of the security model from having the private key information stay contained within the wallet (encrypted key file and process memory). Suggestions
|
Alternative to item 3 above would be a separate (encrypted) tx keys file. That would address the compatibility issue. |
Numbers under "This seems problematic from a security perspective."
1 under (not a security issue): Based on my 3, I think the new functionality should be on by default. (thoughts?) I do not understand "Maybe a rescan feature to populate it". Thanks for your input! I think topic this warrants more discussion in general. |
Perhaps my mistake. I thought it was possible to extract the key from a previous existing transaction but I didn't check that and it may well not be the case. Anyway, I think @moneromooo-monero has said he plans to encrypt the file now. There is other potentially private data in there, such as the record of all your transactions. That's not as bad as key data but its still not something a privacy-oriented coin should leave unencrypted. BTW there is even more data in the simplewallet.log file, but I assume at some point we will clean that up and only put relevant "log" type messages there not info about every single tx (unless in debug mode of course) |
To clarify, if it is indeed the case that there is no method to recover the key then we should indeed store it (encrypted). |
6c99571 make tx keys available to the user (moneromooo-monero)
They are also stored in the cache file, to be retrieved using
a new get_tx_key command.