Commit Graph

9 Commits

Author SHA1 Message Date
Dev Ojha 98bc419d5e Merge PR #1659: crypto/keys: Allow one to export their private key
* crypto/keys: Allow one to export their private key
* Update changelog
2018-07-13 00:12:20 +02:00
ValarDragon fc4c563e29 keys: Keybase.Update no longer asks for newpass if oldpass is incorrect
Achieved by refactoring the parameter newpass as follows:

* (newpass string) -> (getNewpass func() (string, error))

Closes #1629
2018-07-10 20:00:22 -07:00
ValarDragon 0b10430d65 gaiacli, keys: Improve error message when deleting non-existant key 2018-07-05 18:03:41 -07:00
Ethan Buchman f78f30c67a update for tm v0.22.0. tmlibs->tendermint/libs 2018-07-02 16:34:06 -04:00
Dev Ojha 955a0c9af7 Switch asserts to require (#1483)
* meta: Switch the majority of asserts to require

Switch most assert statements to require, to ease debugging.
Closes #1418

* Fix imports
2018-06-30 03:10:15 +02:00
Dev Ojha fc3dd56281 Merge PR #1477: gaiacli: Make recovery allow new keys
* gaiacli: Make recovery allow new keys
* Move create key to a temporary method, restore create fundraiser key
2018-06-30 00:47:09 +02:00
Dev Ojha 24a68d3bdf Merge PR #1451: crypto/keys: move checksum size into constants
Closes #1410
2018-06-29 09:52:32 +02:00
Dev Ojha 337e87b228 Merge PR #1449: crypto/keys: make bcrypt security param a var
This is done so that the time spent on bcrypt during test cases
can be reduced. This change reduces the amount of time lcd tests
spend on bcrypt from 76% to 40%. (We need to reduce the number of
calls to bcrypt in a seperate PR, along with fixing other sources
of slowness)

Making the bcrypt security parameter a var shouldn't be a security issue:
One can't verify an invalid key by maliciously changing the bcrypt
parameter during a runtime vulnerability. The main security
threat this then exposes would be something that changes this during
runtime before the user creates their key. This vulnerability must
succeed to update this to that same value before every subsequent call
to gaiacli keys in future startups / or the attacker must get access
to the filesystem. However, with this same threat model (changing
variables in runtime), one can cause the user to sign a different tx
than what they see, which is a significantly cheaper attack then breaking
a bcrypt hash. (Recall that the nonce still exists to break rainbow
tables)
2018-06-29 09:22:06 +02:00
Christopher Goes 59aadf42aa
Ledger integration (#931)
Merges the keybase and Ledger code from go-crypto (which is no more) into the SDK
Adds support for Ledger into gaiacli
Cherry-picks updated error handling from #1158
2018-06-29 02:54:47 +02:00