certusone
/
cosmos-sdk
mirror of https://github.com/certusone/cosmos-sdk.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
cosmos-sdk/crypto/keys/keyring.go

609 lines
16 KiB
Go
Raw Normal View History

Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
package keys
import (
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
"bufio"
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
"fmt"
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
"io"
"io/ioutil"
"os"
"path/filepath"
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
"reflect"
"sort"
"strings"
"github.com/99designs/keyring"
"github.com/pkg/errors"
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
"github.com/tendermint/crypto/bcrypt"
"github.com/tendermint/tendermint/crypto"
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
tmcrypto "github.com/tendermint/tendermint/crypto"
cryptoAmino "github.com/tendermint/tendermint/crypto/encoding/amino"
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
"github.com/cosmos/cosmos-sdk/client/input"
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
"github.com/cosmos/cosmos-sdk/crypto/keys/keyerror"
"github.com/cosmos/cosmos-sdk/crypto/keys/mintkey"
"github.com/cosmos/cosmos-sdk/types"
)
keyring's encrypted file backend integration (#5355) Client commands accept a new `--keyring-backend` option through which users can specify which backend should be used by the new key store: - os: use OS default credentials storage (default). - file: use encrypted file-based store. - test: use password-less key store (highly insecure).
2019-12-11 01:45:26 -08:00
const (
[keyring] support for kwallet, pass (#5560) Add support for KDE Wallet service and the pass command line tool.
2020-01-23 08:48:00 -08:00
BackendFile = "file"
BackendOS = "os"
BackendKWallet = "kwallet"
BackendPass = "pass"
BackendTest = "test"
Create new generic keyring constructor: NewKeyring (#5547) Remove other convenience constructors: * Remove NewKeyBaseFromHomeFlag * Remove NewKeyringFromDir * Remove NewKeyringFromHomeFlag
2020-01-22 09:54:56 -08:00
)
const (
keyringDirNameFmt = "keyring-%s"
testKeyringDirNameFmt = "keyring-test-%s"
keyring's encrypted file backend integration (#5355) Client commands accept a new `--keyring-backend` option through which users can specify which backend should be used by the new key store: - os: use OS default credentials storage (default). - file: use encrypted file-based store. - test: use password-less key store (highly insecure).
2019-12-11 01:45:26 -08:00
)
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
var _ Keybase = keyringKeybase{}
// keyringKeybase implements the Keybase interface by using the Keyring library
// for account key persistence.
type keyringKeybase struct {
base baseKeybase
Merge PR #5192: golangcI-lint updates & set static version to 1.19
2019-10-14 08:43:19 -07:00
db keyring.Keyring
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
}
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
var maxPassphraseEntryAttempts = 3
Merge PR #5526: Fix migrate command
2020-01-15 09:29:36 -08:00
func newKeyringKeybase(db keyring.Keyring, opts ...KeybaseOption) Keybase {
return keyringKeybase{
db: db,
base: newBaseKeybase(opts...),
}
}
Interchangable PrivKey implementations in keybase (#5278) Allow for the keybase to be configured to override the implementation of the key that is saved to the keybase. Closes: #4941
2019-12-12 13:52:24 -08:00
// NewKeyring creates a new instance of a keyring. Keybase
// options can be applied when generating this new Keybase.
Create new generic keyring constructor: NewKeyring (#5547) Remove other convenience constructors: * Remove NewKeyBaseFromHomeFlag * Remove NewKeyringFromDir * Remove NewKeyringFromHomeFlag
2020-01-22 09:54:56 -08:00
// Available backends are "os", "file", "test".
Interchangable PrivKey implementations in keybase (#5278) Allow for the keybase to be configured to override the implementation of the key that is saved to the keybase. Closes: #4941
2019-12-12 13:52:24 -08:00
func NewKeyring(
Create new generic keyring constructor: NewKeyring (#5547) Remove other convenience constructors: * Remove NewKeyBaseFromHomeFlag * Remove NewKeyringFromDir * Remove NewKeyringFromHomeFlag
2020-01-22 09:54:56 -08:00
svcName, backend, rootDir string, userInput io.Reader, opts ...KeybaseOption,
Interchangable PrivKey implementations in keybase (#5278) Allow for the keybase to be configured to override the implementation of the key that is saved to the keybase. Closes: #4941
2019-12-12 13:52:24 -08:00
) (Keybase, error) {
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
Create new generic keyring constructor: NewKeyring (#5547) Remove other convenience constructors: * Remove NewKeyBaseFromHomeFlag * Remove NewKeyringFromDir * Remove NewKeyringFromHomeFlag
2020-01-22 09:54:56 -08:00
var db keyring.Keyring
var err error
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
Create new generic keyring constructor: NewKeyring (#5547) Remove other convenience constructors: * Remove NewKeyBaseFromHomeFlag * Remove NewKeyringFromDir * Remove NewKeyringFromHomeFlag
2020-01-22 09:54:56 -08:00
switch backend {
case BackendTest:
db, err = keyring.Open(lkbToKeyringConfig(svcName, rootDir, nil, true))
case BackendFile:
db, err = keyring.Open(newFileBackendKeyringConfig(svcName, rootDir, userInput))
case BackendOS:
db, err = keyring.Open(lkbToKeyringConfig(svcName, rootDir, userInput, false))
[keyring] support for kwallet, pass (#5560) Add support for KDE Wallet service and the pass command line tool.
2020-01-23 08:48:00 -08:00
case BackendKWallet:
db, err = keyring.Open(newKWalletBackendKeyringConfig(svcName, rootDir, userInput))
case BackendPass:
db, err = keyring.Open(newPassBackendKeyringConfig(svcName, rootDir, userInput))
Create new generic keyring constructor: NewKeyring (#5547) Remove other convenience constructors: * Remove NewKeyBaseFromHomeFlag * Remove NewKeyringFromDir * Remove NewKeyringFromHomeFlag
2020-01-22 09:54:56 -08:00
default:
return nil, fmt.Errorf("unknown keyring backend %v", backend)
keyring's encrypted file backend integration (#5355) Client commands accept a new `--keyring-backend` option through which users can specify which backend should be used by the new key store: - os: use OS default credentials storage (default). - file: use encrypted file-based store. - test: use password-less key store (highly insecure).
2019-12-11 01:45:26 -08:00
}
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
if err != nil {
Merge PR #5164: Handle New{,Test}Keyring errors
2019-10-09 11:53:54 -07:00
return nil, err
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
}
Interchangable PrivKey implementations in keybase (#5278) Allow for the keybase to be configured to override the implementation of the key that is saved to the keybase. Closes: #4941
2019-12-12 13:52:24 -08:00
return newKeyringKeybase(db, opts...), nil
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
}
// CreateMnemonic generates a new key and persists it to storage, encrypted
// using the provided password. It returns the generated mnemonic and the key Info.
// An error is returned if it fails to generate a key for the given algo type,
// or if another key is already stored under the same name.
func (kb keyringKeybase) CreateMnemonic(
name string, language Language, passwd string, algo SigningAlgo,
) (info Info, mnemonic string, err error) {
return kb.base.CreateMnemonic(kb, name, language, passwd, algo)
}
// CreateAccount converts a mnemonic to a private key and persists it, encrypted
// with the given password.
func (kb keyringKeybase) CreateAccount(
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
name, mnemonic, bip39Passwd, encryptPasswd, hdPath string, algo SigningAlgo,
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
) (Info, error) {
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
return kb.base.CreateAccount(kb, name, mnemonic, bip39Passwd, encryptPasswd, hdPath, algo)
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
}
// CreateLedger creates a new locally-stored reference to a Ledger keypair.
// It returns the created key info and an error if the Ledger could not be queried.
func (kb keyringKeybase) CreateLedger(
name string, algo SigningAlgo, hrp string, account, index uint32,
) (Info, error) {
return kb.base.CreateLedger(kb, name, algo, hrp, account, index)
}
// CreateOffline creates a new reference to an offline keypair. It returns the
// created key info.
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
func (kb keyringKeybase) CreateOffline(name string, pub tmcrypto.PubKey, algo SigningAlgo) (Info, error) {
return kb.base.writeOfflineKey(kb, name, pub, algo), nil
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
}
// CreateMulti creates a new reference to a multisig (offline) keypair. It
// returns the created key Info object.
func (kb keyringKeybase) CreateMulti(name string, pub tmcrypto.PubKey) (Info, error) {
return kb.base.writeMultisigKey(kb, name, pub), nil
}
// List returns the keys from storage in alphabetical order.
func (kb keyringKeybase) List() ([]Info, error) {
var res []Info
keys, err := kb.db.Keys()
if err != nil {
return nil, err
}
sort.Strings(keys)
for _, key := range keys {
if strings.HasSuffix(key, infoSuffix) {
rawInfo, err := kb.db.Get(key)
if err != nil {
return nil, err
}
if len(rawInfo.Data) == 0 {
return nil, keyerror.NewErrKeyNotFound(key)
}
info, err := unmarshalInfo(rawInfo.Data)
if err != nil {
return nil, err
}
res = append(res, info)
}
}
return res, nil
}
// Get returns the public information about one key.
func (kb keyringKeybase) Get(name string) (Info, error) {
key := infoKey(name)
bs, err := kb.db.Get(string(key))
if err != nil {
return nil, err
}
if len(bs.Data) == 0 {
return nil, keyerror.NewErrKeyNotFound(name)
}
return unmarshalInfo(bs.Data)
}
// GetByAddress fetches a key by address and returns its public information.
func (kb keyringKeybase) GetByAddress(address types.AccAddress) (Info, error) {
ik, err := kb.db.Get(string(addrKey(address)))
if err != nil {
return nil, err
}
if len(ik.Data) == 0 {
return nil, fmt.Errorf("key with address %s not found", address)
}
bs, err := kb.db.Get(string(ik.Data))
if err != nil {
return nil, err
}
return unmarshalInfo(bs.Data)
}
// Sign signs an arbitrary set of bytes with the named key. It returns an error
// if the key doesn't exist or the decryption fails.
func (kb keyringKeybase) Sign(name, passphrase string, msg []byte) (sig []byte, pub tmcrypto.PubKey, err error) {
info, err := kb.Get(name)
if err != nil {
return
}
var priv tmcrypto.PrivKey
switch i := info.(type) {
case localInfo:
if i.PrivKeyArmor == "" {
return nil, nil, fmt.Errorf("private key not available")
}
priv, err = cryptoAmino.PrivKeyFromBytes([]byte(i.PrivKeyArmor))
if err != nil {
return nil, nil, err
}
case ledgerInfo:
return kb.base.SignWithLedger(info, msg)
case offlineInfo, multiInfo:
return kb.base.DecodeSignature(info, msg)
}
sig, err = priv.Sign(msg)
if err != nil {
return nil, nil, err
}
return sig, priv.PubKey(), nil
}
// ExportPrivateKeyObject exports an armored private key object.
func (kb keyringKeybase) ExportPrivateKeyObject(name string, passphrase string) (tmcrypto.PrivKey, error) {
info, err := kb.Get(name)
if err != nil {
return nil, err
}
var priv tmcrypto.PrivKey
switch linfo := info.(type) {
case localInfo:
if linfo.PrivKeyArmor == "" {
err = fmt.Errorf("private key not available")
return nil, err
}
priv, err = cryptoAmino.PrivKeyFromBytes([]byte(linfo.PrivKeyArmor))
if err != nil {
return nil, err
}
case ledgerInfo, offlineInfo, multiInfo:
return nil, errors.New("only works on local private keys")
}
return priv, nil
}
// Export exports armored private key to the caller.
func (kb keyringKeybase) Export(name string) (armor string, err error) {
bz, err := kb.db.Get(string(infoKey(name)))
if err != nil {
return "", err
}
if bz.Data == nil {
return "", fmt.Errorf("no key to export with name: %s", name)
}
return mintkey.ArmorInfoBytes(bz.Data), nil
}
// ExportPubKey returns public keys in ASCII armored format. It retrieves an Info
// object by its name and return the public key in a portable format.
func (kb keyringKeybase) ExportPubKey(name string) (armor string, err error) {
bz, err := kb.Get(name)
if err != nil {
return "", err
}
if bz == nil {
return "", fmt.Errorf("no key to export with name: %s", name)
}
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
return mintkey.ArmorPubKeyBytes(bz.GetPubKey().Bytes(), string(bz.GetAlgo())), nil
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
}
// Import imports armored private key.
func (kb keyringKeybase) Import(name string, armor string) error {
bz, _ := kb.Get(name)
if bz != nil {
pubkey := bz.GetPubKey()
if len(pubkey.Bytes()) > 0 {
return fmt.Errorf("cannot overwrite data for name: %s", name)
}
}
infoBytes, err := mintkey.UnarmorInfoBytes(armor)
if err != nil {
return err
}
info, err := unmarshalInfo(infoBytes)
if err != nil {
return err
}
kb.writeInfo(name, info)
err = kb.db.Set(keyring.Item{
Key: string(addrKey(info.GetAddress())),
Data: infoKey(name),
})
if err != nil {
return err
}
return nil
}
// ExportPrivKey returns a private key in ASCII armored format. An error is returned
// if the key does not exist or a wrong encryption passphrase is supplied.
func (kb keyringKeybase) ExportPrivKey(name, decryptPassphrase, encryptPassphrase string) (armor string, err error) {
priv, err := kb.ExportPrivateKeyObject(name, decryptPassphrase)
if err != nil {
return "", err
}
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
info, err := kb.Get(name)
if err != nil {
return "", err
}
return mintkey.EncryptArmorPrivKey(priv, encryptPassphrase, string(info.GetAlgo())), nil
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
}
// ImportPrivKey imports a private key in ASCII armor format. An error is returned
// if a key with the same name exists or a wrong encryption passphrase is
// supplied.
func (kb keyringKeybase) ImportPrivKey(name, armor, passphrase string) error {
if kb.HasKey(name) {
return fmt.Errorf("cannot overwrite key: %s", name)
}
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
privKey, algo, err := mintkey.UnarmorDecryptPrivKey(armor, passphrase)
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
if err != nil {
Merge PR #5097: Add keys migrate command Add new command to assist users migrate their keys from the legacy on-disk keybase to the new OS keyring-based implementation. Ref #4754
2019-09-30 08:49:12 -07:00
return errors.Wrap(err, "failed to decrypt private key")
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
}
Merge PR #5097: Add keys migrate command Add new command to assist users migrate their keys from the legacy on-disk keybase to the new OS keyring-based implementation. Ref #4754
2019-09-30 08:49:12 -07:00
// NOTE: The keyring keystore has no need for a passphrase.
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
kb.writeLocalKey(name, privKey, "", SigningAlgo(algo))
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
return nil
}
// HasKey returns whether the key exists in the keyring.
func (kb keyringKeybase) HasKey(name string) bool {
bz, _ := kb.Get(name)
return bz != nil
}
// ImportPubKey imports an ASCII-armored public key. It will store a new Info
// object holding a public key only, i.e. it will not be possible to sign with
// it as it lacks the secret key.
func (kb keyringKeybase) ImportPubKey(name string, armor string) error {
bz, _ := kb.Get(name)
if bz != nil {
pubkey := bz.GetPubKey()
if len(pubkey.Bytes()) > 0 {
return fmt.Errorf("cannot overwrite data for name: %s", name)
}
}
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
pubBytes, algo, err := mintkey.UnarmorPubKeyBytes(armor)
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
if err != nil {
return err
}
pubKey, err := cryptoAmino.PubKeyFromBytes(pubBytes)
if err != nil {
return err
}
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
kb.base.writeOfflineKey(kb, name, pubKey, SigningAlgo(algo))
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
return nil
}
// Delete removes key forever, but we must present the proper passphrase before
// deleting it (for security). It returns an error if the key doesn't exist or
// passphrases don't match. The passphrase is ignored when deleting references to
// offline and Ledger / HW wallet keys.
Drop on-disk keybase in favor of keyring (#5180) * Switch keys commands to keyring * Replace NewKeybase with NewKeyring * Fix delete test * Purge dead code * Override COSMOS_SDK_TEST_KEYRING envvar to switch to a test keyring * s/unningOnServer/unningUnattended/ C'ing @tnachen * Add deprecated warning, output looks like the following: ``` $ gaiacli keys update --help Command "update" is deprecated, it takes no effect with the new keyring based backend and is provided only for backward compatibility with the legacy LevelDB based backend. Refer to your operating system's manual to learn how to change your keyring's password. Change the password used to protect private key Usage: gaiacli keys update <name> [flags] Flags: -h, --help help for update Global Flags: --chain-id string Chain ID of tendermint node -e, --encoding string Binary encoding (hex|b64|btc) (default "hex") --home string directory for config and data (default "/home/alessio/.gaiacli") -o, --output string Output format (text|json) (default "text") --trace print out full stack trace on errors ``` * Update multisign command * Modify server.GenerateSaveCoinKey() * GenerateSaveCoinKey more modifications * Update docs * Update upgrade module
2019-11-14 06:17:21 -08:00
func (kb keyringKeybase) Delete(name, _ string, _ bool) error {
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
// verify we have the proper password before deleting
info, err := kb.Get(name)
if err != nil {
return err
}
err = kb.db.Remove(string(addrKey(info.GetAddress())))
if err != nil {
return err
}
err = kb.db.Remove(string(infoKey(name)))
if err != nil {
return err
}
return nil
}
// Update changes the passphrase with which an already stored key is encrypted.
// The oldpass must be the current passphrase used for encryption, getNewpass is
// a function to get the passphrase to permanently replace the current passphrase.
func (kb keyringKeybase) Update(name, oldpass string, getNewpass func() (string, error)) error {
info, err := kb.Get(name)
if err != nil {
return err
}
switch linfo := info.(type) {
case localInfo:
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
key, _, err := mintkey.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, oldpass)
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
if err != nil {
return err
}
newpass, err := getNewpass()
if err != nil {
return err
}
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
kb.writeLocalKey(name, key, newpass, linfo.GetAlgo())
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
return nil
default:
return fmt.Errorf("locally stored key required; received: %v", reflect.TypeOf(info).String())
}
}
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
// SupportedAlgos returns a list of supported signing algorithms.
func (kb keyringKeybase) SupportedAlgos() []SigningAlgo {
return kb.base.SupportedAlgos()
}
// SupportedAlgosLedger returns a list of supported ledger signing algorithms.
func (kb keyringKeybase) SupportedAlgosLedger() []SigningAlgo {
return kb.base.SupportedAlgosLedger()
}
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
// CloseDB releases the lock and closes the storage backend.
func (kb keyringKeybase) CloseDB() {}
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
func (kb keyringKeybase) writeLocalKey(name string, priv tmcrypto.PrivKey, _ string, algo SigningAlgo) Info {
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
// encrypt private key using keyring
pub := priv.PubKey()
Merge PR #5439: Keybase: Multiple Signature Algorithms
2020-01-14 07:40:10 -08:00
info := newLocalInfo(name, pub, string(priv.Bytes()), algo)
Add support for github.com/99designs/keyring-backed keybases (#5029) Introduce new Keybase implementation that can leverage operating systems' built-in functionalities to securely store secrets. This chunk is extracted from @poldsam's original PR: - #4754 Thanks: @alexanderbez
2019-09-21 09:54:14 -07:00
kb.writeInfo(name, info)
return info
}
func (kb keyringKeybase) writeInfo(name string, info Info) {
// write the info by key
key := infoKey(name)
serializedInfo := marshalInfo(info)
err := kb.db.Set(keyring.Item{
Key: string(key),
Data: serializedInfo,
})
if err != nil {
panic(err)
}
err = kb.db.Set(keyring.Item{
Key: string(addrKey(info.GetAddress())),
Data: key,
})
if err != nil {
panic(err)
}
}
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
func lkbToKeyringConfig(name, dir string, buf io.Reader, test bool) keyring.Config {
if test {
return keyring.Config{
[keyring] support for kwallet, pass (#5560) Add support for KDE Wallet service and the pass command line tool.
2020-01-23 08:48:00 -08:00
AllowedBackends: []keyring.BackendType{keyring.FileBackend},
Merge PR #5526: Fix migrate command
2020-01-15 09:29:36 -08:00
ServiceName: name,
Create new generic keyring constructor: NewKeyring (#5547) Remove other convenience constructors: * Remove NewKeyBaseFromHomeFlag * Remove NewKeyringFromDir * Remove NewKeyringFromHomeFlag
2020-01-22 09:54:56 -08:00
FileDir: filepath.Join(dir, fmt.Sprintf(testKeyringDirNameFmt, name)),
Merge PR #5526: Fix migrate command
2020-01-15 09:29:36 -08:00
FilePasswordFunc: func(_ string) (string, error) {
return "test", nil
},
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
}
}
keyring's encrypted file backend integration (#5355) Client commands accept a new `--keyring-backend` option through which users can specify which backend should be used by the new key store: - os: use OS default credentials storage (default). - file: use encrypted file-based store. - test: use password-less key store (highly insecure).
2019-12-11 01:45:26 -08:00
return keyring.Config{
ServiceName: name,
FileDir: dir,
FilePasswordFunc: newRealPrompt(dir, buf),
}
}
[keyring] support for kwallet, pass (#5560) Add support for KDE Wallet service and the pass command line tool.
2020-01-23 08:48:00 -08:00
func newKWalletBackendKeyringConfig(name, _ string, _ io.Reader) keyring.Config {
return keyring.Config{
AllowedBackends: []keyring.BackendType{keyring.KWalletBackend},
ServiceName: "kdewallet",
KWalletAppID: name,
KWalletFolder: "",
}
}
func newPassBackendKeyringConfig(name, dir string, _ io.Reader) keyring.Config {
prefix := filepath.Join(dir, fmt.Sprintf(keyringDirNameFmt, name))
return keyring.Config{
AllowedBackends: []keyring.BackendType{keyring.PassBackend},
ServiceName: name,
PassPrefix: prefix,
}
}
keyring's encrypted file backend integration (#5355) Client commands accept a new `--keyring-backend` option through which users can specify which backend should be used by the new key store: - os: use OS default credentials storage (default). - file: use encrypted file-based store. - test: use password-less key store (highly insecure).
2019-12-11 01:45:26 -08:00
func newFileBackendKeyringConfig(name, dir string, buf io.Reader) keyring.Config {
Create new generic keyring constructor: NewKeyring (#5547) Remove other convenience constructors: * Remove NewKeyBaseFromHomeFlag * Remove NewKeyringFromDir * Remove NewKeyringFromHomeFlag
2020-01-22 09:54:56 -08:00
fileDir := filepath.Join(dir, fmt.Sprintf(keyringDirNameFmt, name))
keyring's encrypted file backend integration (#5355) Client commands accept a new `--keyring-backend` option through which users can specify which backend should be used by the new key store: - os: use OS default credentials storage (default). - file: use encrypted file-based store. - test: use password-less key store (highly insecure).
2019-12-11 01:45:26 -08:00
return keyring.Config{
[keyring] support for kwallet, pass (#5560) Add support for KDE Wallet service and the pass command line tool.
2020-01-23 08:48:00 -08:00
AllowedBackends: []keyring.BackendType{keyring.FileBackend},
keyring's encrypted file backend integration (#5355) Client commands accept a new `--keyring-backend` option through which users can specify which backend should be used by the new key store: - os: use OS default credentials storage (default). - file: use encrypted file-based store. - test: use password-less key store (highly insecure).
2019-12-11 01:45:26 -08:00
ServiceName: name,
FileDir: fileDir,
FilePasswordFunc: newRealPrompt(fileDir, buf),
}
}
func newRealPrompt(dir string, buf io.Reader) func(string) (string, error) {
return func(prompt string) (string, error) {
Merge PR #5104: Remove keyring lazy implementation
2019-09-30 09:16:53 -07:00
keyhashStored := false
keyhashFilePath := filepath.Join(dir, "keyhash")
var keyhash []byte
_, err := os.Stat(keyhashFilePath)
switch {
case err == nil:
keyhash, err = ioutil.ReadFile(keyhashFilePath)
if err != nil {
return "", fmt.Errorf("failed to read %s: %v", keyhashFilePath, err)
}
keyhashStored = true
case os.IsNotExist(err):
keyhashStored = false
default:
return "", fmt.Errorf("failed to open %s: %v", keyhashFilePath, err)
}
failureCounter := 0
for {
failureCounter++
if failureCounter > maxPassphraseEntryAttempts {
return "", fmt.Errorf("too many failed passphrase attempts")
}
buf := bufio.NewReader(buf)
pass, err := input.GetPassword("Enter keyring passphrase:", buf)
if err != nil {
continue
}
if keyhashStored {
if err := bcrypt.CompareHashAndPassword(keyhash, []byte(pass)); err != nil {
fmt.Fprintln(os.Stderr, "incorrect passphrase")
continue
}
return pass, nil
}
reEnteredPass, err := input.GetPassword("Re-enter keyring passphrase:", buf)
if err != nil {
fmt.Fprintln(os.Stderr, err)
continue
}
if pass != reEnteredPass {
fmt.Fprintln(os.Stderr, "passphrase do not match")
continue
}
saltBytes := crypto.CRandBytes(16)
passwordHash, err := bcrypt.GenerateFromPassword(saltBytes, []byte(pass), 2)
if err != nil {
fmt.Fprintln(os.Stderr, err)
continue
}
if err := ioutil.WriteFile(dir+"/keyhash", passwordHash, 0555); err != nil {
return "", err
}
return pass, nil
}
}
}