Skip to content

feat: secp256k1 keys #2499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mergify merged 20 commits into from
Sep 2, 2022
Merged

feat: secp256k1 keys #2499

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
461d1a4
First draft
adamspofford-dfinity Aug 26, 2022
5b82a48
GPL
adamspofford-dfinity Aug 26, 2022
4d31eec
Fix pem heading
adamspofford-dfinity Aug 26, 2022
c92b2da
Merge branch 'master' into spofford/k256+seed
adamspofford-dfinity Aug 26, 2022
917e0cf
sec1, not pkcs8
adamspofford-dfinity Aug 26, 2022
85bfc90
???
adamspofford-dfinity Aug 26, 2022
a08cb94
Merge branch 'spofford/k256+seed' of https://github.com/dfinity/sdk i…
adamspofford-dfinity Aug 26, 2022
b2a962a
Update tests
adamspofford-dfinity Aug 30, 2022
241491f
Add ability to import from seed phrase
adamspofford-dfinity Aug 30, 2022
157973b
lint
adamspofford-dfinity Aug 30, 2022
822e043
Merge branch 'master' into spofford/k256+seed
adamspofford-dfinity Aug 30, 2022
e088f2a
Merge branch 'master' into spofford/k256+seed
adamspofford-dfinity Aug 31, 2022
0ba91b8
Update changelog
adamspofford-dfinity Aug 31, 2022
edde3da
Be more specific in the test
adamspofford-dfinity Aug 31, 2022
f12f70b
Validate pem before exporting
adamspofford-dfinity Aug 31, 2022
a4fa5fb
Assume most common format for both parsing and erroring
adamspofford-dfinity Aug 31, 2022
17a9356
Merge branch 'master' into spofford/k256+seed
adamspofford-dfinity Aug 31, 2022
c60d699
Merge branch 'master' into spofford/k256+seed
adamspofford-dfinity Sep 1, 2022
edeb386
Add test for specific seed phrase
adamspofford-dfinity Sep 2, 2022
31071ba
Merge branch 'master' into spofford/k256+seed
adamspofford-dfinity Sep 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@

## DFX

### feat: generate secp256k1 keys by default

When creating a new identity with `dfx identity new`, whereas previously it would have generated an Ed25519 key, it now generates a secp256k1 key. This is to enable users to write down a BIP39-style seed phrase, to recover their key in case of emergency, which will be printed when the key is generated and can be used with a new `--seed-phrase` flag in `dfx identity import`. `dfx identity import` is however still capable of importing an Ed25519 key.

### chore: update Candid UI canister with commit 528a4b04807904899f67b919a88597656e0cd6fa

* Allow passing did files larger than 2KB.
Expand Down
117 changes: 117 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions e2e/assets/ed25519/identity.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VwBCIEIODVjQrIvbt3PO3FPDKCZs2FarAbsRrLuiQZ+NBslV9U
oSMDIQDVkl2stdaeyBDvfb0t4qy9vhsv6xLl1v7p7i0NO1+9pw==
-----END PRIVATE KEY-----
29 changes: 29 additions & 0 deletions e2e/tests-dfx/ed25519.bash
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/usr/bin/env bats

load ../utils/_

setup() {
standard_setup
}

teardown() {
dfx_stop

standard_teardown
}

@test "can call a canister using an ed25519 identity" {
install_asset ed25519
assert_command dfx identity import --disable-encryption ed25519 identity.pem
dfx_new # This installs replica and other binaries
dfx identity use ed25519
install_asset whoami
dfx_start
dfx canister create whoami
dfx build
dfx canister install whoami
assert_command dfx canister call whoami whoami
assert_eq '(principal "2nor3-keehi-duuup-d7jcn-onggn-3atzm-gejtl-5tlzn-k4g6c-nnbf7-7qe")'
assert_command dfx identity get-principal
assert_eq "2nor3-keehi-duuup-d7jcn-onggn-3atzm-gejtl-5tlzn-k4g6c-nnbf7-7qe"
}
34 changes: 26 additions & 8 deletions e2e/tests-dfx/identity_command.bash
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ frank'
assert_command dfx identity new --disable-encryption alice
assert_match 'Created identity: "alice".' "$stderr"
assert_command head "$DFX_CONFIG_ROOT/.config/dfx/identity/alice/identity.pem"
assert_match "BEGIN PRIVATE KEY"
assert_match "BEGIN EC PRIVATE KEY"

# does not change the default identity
assert_command dfx identity whoami
Expand Down Expand Up @@ -129,7 +129,7 @@ frank'
assert_command dfx identity new --disable-encryption alice

assert_command head "$DFX_CONFIG_ROOT/.config/dfx/identity/alice/identity.pem"
assert_match "BEGIN PRIVATE KEY"
assert_match "BEGIN EC PRIVATE KEY"
assert_command dfx identity list
assert_match \
'alice
Expand Down Expand Up @@ -168,7 +168,7 @@ default'
assert_command_fail dfx identity remove alice

assert_command head "$DFX_CONFIG_ROOT/.config/dfx/identity/alice/identity.pem"
assert_match "BEGIN PRIVATE KEY"
assert_match "BEGIN EC PRIVATE KEY"
assert_command dfx identity list
assert_match \
'alice
Expand Down Expand Up @@ -211,7 +211,7 @@ default'
anonymous
default'
assert_command head "$DFX_CONFIG_ROOT/.config/dfx/identity/alice/identity.pem"
assert_match "BEGIN PRIVATE KEY"
assert_match "BEGIN EC PRIVATE KEY"
x=$(cat "$DFX_CONFIG_ROOT/.config/dfx/identity/alice/identity.pem")
local key="$x"

Expand All @@ -225,7 +225,7 @@ bob
default'
assert_command cat "$DFX_CONFIG_ROOT/.config/dfx/identity/bob/identity.pem"
assert_eq "$key" "$(cat "$DFX_CONFIG_ROOT/.config/dfx/identity/bob/identity.pem")"
assert_match "BEGIN PRIVATE KEY"
assert_match "BEGIN EC PRIVATE KEY"
assert_command_fail cat "$DFX_CONFIG_ROOT/.config/dfx/identity/alice/identity.pem"
}

Expand All @@ -236,7 +236,7 @@ default'
assert_command dfx identity list
assert_match 'bob'
assert_command head "$DFX_CONFIG_ROOT/.config/dfx/identity/bob/identity.pem"
assert_match "BEGIN PRIVATE KEY"
assert_match "BEGIN EC PRIVATE KEY"

assert_command dfx identity whoami
assert_eq 'bob'
Expand All @@ -262,7 +262,7 @@ default'
assert_eq 'charlie'

assert_command head "$DFX_CONFIG_ROOT/.config/dfx/identity/charlie/identity.pem"
assert_match "BEGIN PRIVATE KEY"
assert_match "BEGIN EC PRIVATE KEY"
assert_command_fail cat "$DFX_CONFIG_ROOT/.config/dfx/identity/alice/identity.pem"
}

Expand Down Expand Up @@ -427,7 +427,7 @@ default'
echo -n 1 >> bob.pem
tail -n 3 alice.pem > bob.pem
assert_command_fail dfx identity import --disable-encryption bob bob.pem
assert_match 'Invalid Ed25519 private key in PEM file' "$stderr"
assert_match 'Failed to validate PEM content' "$stderr"
}

@test "identity: can import an EC key without an EC PARAMETERS section (as quill generate makes)" {
Expand All @@ -452,3 +452,21 @@ XXX
assert_file_exists export.pem
assert_command dfx identity import --disable-encryption bob export.pem
}

@test "identity: can import a seed phrase" {
reg="seed phrase for identity 'alice': ([a-z ]+)"
assert_command dfx identity new --disable-encryption alice
[[ $stderr =~ $reg ]]
echo "${BASH_REMATCH[1]}" >seed.txt
principal=$(dfx identity get-principal --identity alice)
assert_command dfx identity import alice2 --seed-file seed.txt --disable-encryption
assert_command dfx identity get-principal --identity alice2
assert_eq "$principal"
}

@test "identity: consistently imports a known seed phrase" {
echo "hollow damage this yard journey anchor tool fat action school cash ridge oval beef tribe magnet apology cabbage leisure group sign around object exact">seed.txt
assert_command dfx identity import alice --seed-file seed.txt --disable-encryption
assert_command dfx identity get-principal --identity alice
assert_eq "zs7ty-uv4vo-rvgkk-srfjo-hjaxr-w55wx-ybo5x-qx7k3-noknf-wzwe5-pqe"
}
27 changes: 0 additions & 27 deletions e2e/tests-dfx/secp256k1.bash
View file
Open in desktop

This file was deleted.

3 changes: 3 additions & 0 deletions src/dfx/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ anyhow = "1.0.56"
argon2 = "0.4.0"
atty = "0.2.13"
base64 = "0.13.0"
bip32 = "0.4.0"
byte-unit = { version = "4.0.14", features = ["serde"] }
candid = { version = "0.7.15", features = [ "random" ] }
clap = { version = "3.1.6", features = [ "derive" ] }
Expand All @@ -45,6 +46,7 @@ ic-asset = { version = "0.20.0", path = "../canisters/frontend/ic-asset" }
ic-wasm = { version = "0.1.3", default-features = false, features = ["optimize"]}
indicatif = "0.16.0"
itertools = "0.10.3"
k256 = { version = "0.11.4", features = ["pem"] }
lazy_static = "1.4.0"
mime = "0.3.16"
mime_guess = "2.0.4"
Expand Down Expand Up @@ -75,6 +77,7 @@ tempfile = "3.3.0"
term = "0.7.0"
thiserror = "1.0.20"
time = { version = "0.3.9", features = ["serde", "macros", "serde-human-readable"] }
tiny-bip39 = "1.0.0"
tokio = { version = "1.17.0", features = [ "fs" ] }
url = "2.1.0"
walkdir = "2.2.9"
Expand Down
Loading