Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Message signatures with view-only wallets broken, despite support in CLI / RPC #4212

Open
selsta opened this issue Aug 18, 2023 · 2 comments
Open

Message signatures with view-only wallets broken, despite support in CLI / RPC #4212

selsta opened this issue Aug 18, 2023 · 2 comments

Comments

@selsta
Copy link
Collaborator

selsta commented Aug 18, 2023 

19:12 <m-relay> <d​atahoarder:monero.social> Hey, view-only wallets generate signatures within the advanced menu using the spend key, with the right spend public key but spend private key of zero. This makes these signatures not self-verifiable or proper.
19:12 <m-relay> <d​atahoarder:monero.social> monero-wallet-cli and RPC both allow setting either making the signature using the spend or view private key, and the code downstream supports this. Verification also returns which key signed the message.
19:12 <m-relay> <d​atahoarder:monero.social> Seems it is just a missing feature within GUI that is well supported within Monero code and RPC, and the method to sign/verify for both is documented.
19:12 <m-relay> <d​atahoarder:monero.social> The code TL;DR `get_message_hash mode=0, s_comm.key = spend_pub, but secret_key &sec = spend_zero`. On Monero GUI code, `QString Wallet::signMessage(const QString &message, bool filename) const` within `libwalletqt/Wallet.cpp` uses `m_walletImpl->signMessage()`, then signMessage() just takes the message and then calls `m_wallet->sign(message, tools::wallet2::sign_with_spend_key);`. This hardcodes to always use the spend key, even for view wallets.

image
@Monero-support

This comment was marked as spam.

Sign in to view
@plowsof
Copy link
Contributor

plowsof commented Oct 1, 2023
edited
Loading

This "new" pull request added the feature to optionally select the spend / view key to sign data with monero-project/monero#6600

some issues i notice:

  • if no signature_type is selected (for the rpc call), it will default to using the spend_key (even when we are using a view only wallet)

Where/how to fix this? is it the monero-gui's problem or a monero-core problem?

  • should monero-core simply detect if the spend key is empty and return an error without returning bogus data?
  • if no signature_type provided - auto detect if we're using a view only wallet and use the view key?

or is it the monero-guis problem to 'detect what mode we're in / pass the correct key' / add a radio button where the user can manually select the key (spend being greyed out if we're in view only)

i also have a patch for the wallet-rpc docs on site which may need a "if you are using a view only wallet it'll use a bogus spend key so please specify you want to use the view key" monero-project/monero-site@master...plowsof:monero-site:sign_verify

@selsta selsta mentioned this issue Dec 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@selsta @plowsof @Monero-support and others