xud master password
#912
Assignees
Labels
configuration
cryptography
Issues related to encryption & signing packets or local data
P1
top priority
Comments
kilrau
added
configuration
cryptography
|
Divide & conquer for @sangaman @erkarl |
Closed
|
As per #889 (comment), this includes simplifying and integrating the following LND calls: |
|
Karl is going to look into how we can generate an ethereum address based on a seed (which does not seem to be a built in feature of geth but which is done by open source projects like MetaMask and MyEtherWallet). This would require xud to communicate directly with geth most likely, unless Raiden exposes API calls that will do this for us (as well as allowing us to unlock encrypted ethereum keys). The plan is still to have xud prompt for a password when it starts up and attempt to unlock every lnd wallet (and eventually raiden/geth wallet) using that password. And if xud starts up and doesn't find an xud pubkey such that it has to create a new one, it will generate a seed (using any one of the lnd instances) and attempt to init wallets for every lnd client we have configured using that seed, and also prompt for a password and set that for every newly initialized wallet. That same seed will be used to derive the xud key and same password will be used to encrypt it. We'll need to change the flow for initializing LndClients, since we can't call GetInfo on an lnd instance that is still locked or uninitialized. |
ghost
mentioned this issue
sangaman
added a commit
that referenced
this issue
Jun 4, 2019
This is a major commit that introduces new functionality to encrypt the xud node key with a password which can also be used to encrypt lnd and (with a separate PR) Raiden. A new config option `noencrypt` is added and for now defaults to `true`, meaning that this functionality is off by default. This is to minimize disruption with existing applications of xud. When `noencrypt` is true, starting up xud occurs as it does before this PR. When `noencrypt` is false, we first check if there is an existing node key file saved to disk. If one exists, we wait to receive a new `UnlockNode` call to provide us with a password. We use this password to decrypt the node key file and to call `UnlockWallet` on each configured lnd instance that is waiting to be unlocked. If none is found, we wait to receive a new `CreateNode` call to provide us with a password. We then attempt to call `GenSeed` on a configured lnd instance to generate an aezeed 24 word mnemonic. We use this mnemonic to generate our node key, and then encrypt that with our password and save to disk. We then call `InitWallet` on each configured lnd instance that is waiting to be unlocked, using the same mnemonic and password from earlier steps. As part of this PR, we introduce a new grpc `XudInitService` for calls when xud is in a state of waiting for a password before it can complete initialization. New `create` and `unlock` commands are added for `xucli` as well. This is a major step towards #912.
sangaman
added a commit
that referenced
this issue
Jun 4, 2019
This is a major commit that introduces new functionality to encrypt the xud node key with a password which can also be used to encrypt lnd and (with a separate PR) Raiden. A new config option `noencrypt` is added and for now defaults to `true`, meaning that this functionality is off by default. This is to minimize disruption with existing applications of xud. When `noencrypt` is true, starting up xud occurs as it does before this PR. When `noencrypt` is false, we first check if there is an existing node key file saved to disk. If one exists, we wait to receive a new `UnlockNode` call to provide us with a password. We use this password to decrypt the node key file and to call `UnlockWallet` on each configured lnd instance that is waiting to be unlocked. If none is found, we wait to receive a new `CreateNode` call to provide us with a password. We then attempt to call `GenSeed` on a configured lnd instance to generate an aezeed 24 word mnemonic. We use this mnemonic to generate our node key, and then encrypt that with our password and save to disk. We then call `InitWallet` on each configured lnd instance that is waiting to be unlocked, using the same mnemonic and password from earlier steps. As part of this PR, we introduce a new grpc `XudInitService` for calls when xud is in a state of waiting for a password before it can complete initialization. New `create` and `unlock` commands are added for `xucli` as well. This is a major step towards #912.
sangaman
added a commit
that referenced
this issue
Jun 6, 2019
This is a major commit that introduces new functionality to encrypt the xud node key with a password which can also be used to encrypt lnd and (with a separate PR) Raiden. A new config option `noencrypt` is added and for now defaults to `true`, meaning that this functionality is off by default. This is to minimize disruption with existing applications of xud. When `noencrypt` is true, starting up xud occurs as it does before this PR. When `noencrypt` is false, we first check if there is an existing node key file saved to disk. If one exists, we wait to receive a new `UnlockNode` call to provide us with a password. We use this password to decrypt the node key file and to call `UnlockWallet` on each configured lnd instance that is waiting to be unlocked. If none is found, we wait to receive a new `CreateNode` call to provide us with a password. We then attempt to call `GenSeed` on a configured lnd instance to generate an aezeed 24 word mnemonic. We use this mnemonic to generate our node key, and then encrypt that with our password and save to disk. We then call `InitWallet` on each configured lnd instance that is waiting to be unlocked, using the same mnemonic and password from earlier steps. As part of this PR, we introduce a new grpc `XudInitService` for calls when xud is in a state of waiting for a password before it can complete initialization. New `create` and `unlock` commands are added for `xucli` as well. This is a major step towards #912.
sangaman
added a commit
that referenced
this issue
Jun 6, 2019
This is a major commit that introduces new functionality to encrypt the xud node key with a password which can also be used to encrypt lnd and (with a separate PR) Raiden. A new config option `noencrypt` is added and for now defaults to `true`, meaning that this functionality is off by default. This is to minimize disruption with existing applications of xud. When `noencrypt` is true, starting up xud occurs as it does before this PR. When `noencrypt` is false, we first check if there is an existing node key file saved to disk. If one exists, we wait to receive a new `UnlockNode` call to provide us with a password. We use this password to decrypt the node key file and to call `UnlockWallet` on each configured lnd instance that is waiting to be unlocked. If none is found, we wait to receive a new `CreateNode` call to provide us with a password. We then attempt to call `GenSeed` on a configured lnd instance to generate an aezeed 24 word mnemonic. We use this mnemonic to generate our node key, and then encrypt that with our password and save to disk. We then call `InitWallet` on each configured lnd instance that is waiting to be unlocked, using the same mnemonic and password from earlier steps. As part of this PR, we introduce a new grpc `XudInitService` for calls when xud is in a state of waiting for a password before it can complete initialization. New `create` and `unlock` commands are added for `xucli` as well. This is a major step towards #912.
This was referenced Jun 10, 2019
This was referenced Jun 10, 2019
16 tasks
sangaman
added a commit
that referenced
this issue
Jun 18, 2019
This is a major commit that introduces new functionality to encrypt the xud node key with a password which can also be used to encrypt lnd and (with a separate PR) Raiden. A new config option `noencrypt` is added and for now defaults to `true`, meaning that this functionality is off by default. This is to minimize disruption with existing applications of xud. When `noencrypt` is true, starting up xud occurs as it does before this PR. When `noencrypt` is false, we first check if there is an existing node key file saved to disk. If one exists, we wait to receive a new `UnlockNode` call to provide us with a password. We use this password to decrypt the node key file and to call `UnlockWallet` on each configured lnd instance that is waiting to be unlocked. If none is found, we wait to receive a new `CreateNode` call to provide us with a password. We then attempt to call `GenSeed` on a configured lnd instance to generate an aezeed 24 word mnemonic. We use this mnemonic to generate our node key, and then encrypt that with our password and save to disk. We then call `InitWallet` on each configured lnd instance that is waiting to be unlocked, using the same mnemonic and password from earlier steps. As part of this PR, we introduce a new grpc `XudInitService` for calls when xud is in a state of waiting for a password before it can complete initialization. New `create` and `unlock` commands are added for `xucli` as well. This is a major step towards #912.
|
Closed by #1006 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Needs some research if this could work like this @sangaman :
xudmaster passwordThe text was updated successfully, but these errors were encountered: