feat: add scrypt to armor (to enable the removal of bcrypt later) #15155
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 tasks
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
facundomedica
commented
Feb 24, 2023
Comment on lines
-174
to
-187
| if header["kdf"] != "bcrypt" { | ||
| return privKey, "", fmt.Errorf("unrecognized KDF type: %v", header["kdf"]) | ||
| } | ||
|
|
||
| if header["salt"] == "" { | ||
| return privKey, "", fmt.Errorf("missing salt bytes") | ||
| } | ||
|
|
||
| saltBytes, err := hex.DecodeString(header["salt"]) | ||
| if err != nil { | ||
| return privKey, "", fmt.Errorf("error decoding salt: %v", err.Error()) | ||
| } | ||
|
|
||
| privKey, err = decryptPrivKey(saltBytes, encBytes, passphrase) |
There was a problem hiding this comment.
we can remove these as we are checking for these in other places
facundomedica
commented
Feb 24, 2023
| @@ -46,7 +46,7 @@ | |||
| passKeyringPrefix = "keyring-%s" | |||
|
|
|||
| // temporary pass phrase for exporting a key during a key rename | |||
| passPhrase = "temp" | |||
| tempPassphrase = "temp" | |||
Check failure
Code scanning / CodeQL
Hard-coded credentials
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
TBD: how to do the migration from bcrypt to scrypt. Dev mentioned here that we should be able to save using the new KDF when a user decrypts (#3129 (comment)).
Closes: #3129 (I think it might close this)
Note: geth's keystore uses scrypt: https://geth.ethereum.org/docs/developers/dapp-developer/native-accounts
In the original issue there is a mention of using the same format as Ethereum, do we still want that? (eth's format https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition)
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!to the type prefix if API or client breaking changeCHANGELOG.mdReviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
!in the type prefix if API or client breaking change