Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

import unarmored-hex private key in keychain #4024

Closed
artmakh opened this issue Nov 3, 2021 · 8 comments
Closed

import unarmored-hex private key in keychain #4024

artmakh opened this issue Nov 3, 2021 · 8 comments
Labels
agd Agoric (Golang) Daemon enhancement New feature or request wontfix This will not be worked on

Comments

@artmakh
Copy link

artmakh commented Nov 3, 2021

Describe the bug

For now there is no supported way to import unarmored-hex private key through cli.

To Reproduce

Steps to reproduce the behavior:

  1. Create key with key add
Example

root@agoric:# ag0 keys add testkey
Enter keyring passphrase:

  • name: testkey
    type: local
    address: agoric17v05q6zkms4an52cmqjh66wyua4p3mc5x5x42n
    pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"ArBppIsQhPrugYbB2E3cBazDeImbSRfT4ersnCpX/PI5"}'
    mnemonic: ""

Important write this mnemonic phrase in a safe place.
It is the only way to recover your account if you ever forget your password.

donor misery hospital detect hole road sun stock bag sound surge sister young proud unhappy rubber hover limit glide hip element sign fossil blame

  1. Export created key in unarmored-hex format
Example

root@agoric:# ag0 keys export testkey --unarmored-hex --unsafe
WARNING: The private key will be exported as an unarmored hexadecimal string. USE AT YOUR OWN RISK. Continue? [y/N]: y
Enter keyring passphrase:
b101cfc33ec9f702d2d0540cdbe34855066520d1059c1535f86f08c368a15a6c

  1. Save key in file
Example

root@agoric:# echo "b101cfc33ec9f702d2d0540cdbe34855066520d1059c1535f86f08c368a15a6c" >> key.txt
root@agoric:# cat ./key.txt
b101cfc33ec9f702d2d0540cdbe34855066520d1059c1535f86f08c368a15a6c

  1. Try to import key and get an error keys import ...
Example

root@agoric:# ag0 keys import testkey2 ./key.txt
Enter passphrase to decrypt your key:
Error: failed to decrypt private key: EOF
Usage:
ag0 keys import [flags]

Flags:
-h, --help help for import

Global Flags:
--home string The application home directory (default "/root/.agoric")
--keyring-backend string Select keyring's backend (os|file|test) (default "os")
--keyring-dir string The client Keyring directory; if omitted, the default 'home' directory will be used
--log_format string The logging format (json|plain) (default "plain")
--log_level string The logging level (trace|debug|info|warn|error|fatal|panic) (default "info")
--output string Output format (text|json) (default "text")
--trace print out full stack trace on errors

Expected behavior

Key should be encrypted and imported in keychain

Platform Environment

  • Ubuntu 20.04 Go 1.17.2
  • ag0 tag agoric-3.1
@artmakh artmakh added the bug Something isn't working label Nov 3, 2021
@dckc
Copy link
Member

dckc commented Nov 3, 2021

I'm looking at my notes on wallets, and I find cosmjs has DirectSecp256k1Wallet.fromKey()
https://github.com/Agoric/faucet/blob/cosmjs-rpc/src/gift.js#L152
That might work with ag0 keys import

@dckc dckc added the agd Agoric (Golang) Daemon label Nov 3, 2021
@dckc
Copy link
Member

dckc commented Nov 3, 2021

I gather a number of people are hitting this issue via the Google login option of keplr:

How does Keplr store my private key?
... As for Google logins, we use Torus which securely generates a private key using DKG technology. That private key is encrypted and stored locally on your device.

Note: Torus generates a hex-formatted private key for the account, rather than a 12/24 word mnemonic.
-- Re: Account Settings & Security

@dckc
Copy link
Member

dckc commented Nov 5, 2021

keyFmt work-around

Given the raw key above b101cfc33ec9f702d2d0540cdbe34855066520d1059c1535f86f08c368a15a6c, using password for a password:

$ cd ag0/cmd

$ go build keyFmt.go # see source code below

$ ./keyFmt >keyfile
Enter 64 character raw hex private secp256k1 key:
Pick a password, at least 8 chars:

$ cat keyfile
-----BEGIN TENDERMINT PRIVATE KEY-----
kdf: bcrypt
salt: E0C8E18B626209820597AF1136C85F54

0Y4i7ZWCuAbyOYxOSkUQpHuXdofjnb0Aos2NFiC2oxFuqemctRDq+aFJIA3nWnoR
zNpdD+vcnGOMBQijgjIoEtqWMDse+zlwqNaKmdw=
=uXKy
-----END TENDERMINT PRIVATE KEY-----

$ ag0 keys import keyname keyfile
Enter passphrase to decrypt your key:

keyFmt.go

package main

import (
	"bufio"
	"encoding/hex"
	"fmt"
	"os"

	"github.com/cosmos/cosmos-sdk/client/input"

	"github.com/cosmos/cosmos-sdk/codec"
	"github.com/cosmos/cosmos-sdk/codec/legacy"
	"github.com/cosmos/cosmos-sdk/crypto"
	cryptocodec "github.com/cosmos/cosmos-sdk/crypto/codec"
	"github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1"
)

func main() {
	buf := bufio.NewReader(os.Stdin)
	privKeyHex, err := input.GetPassword("Enter 64 character raw hex private secp256k1 key:", buf)
	passphrase, err := input.GetPassword("Pick a password, at least 8 chars:", buf)
	if err != nil {
		panic(err)
	}

	privKeyRaw, err := hex.DecodeString(privKeyHex)
	if err != nil {
		panic(err)
	}
	cdc := codec.NewLegacyAmino()
	cryptocodec.RegisterCrypto(cdc)
	privKeyBytes := cdc.MustMarshal(secp256k1.PrivKey{Key: privKeyRaw})
	privKey, err := legacy.PrivKeyFromBytes(privKeyBytes)
	if err != nil {
		panic(err)
	}
	text := crypto.EncryptArmorPrivKey(privKey, passphrase, "")
	fmt.Println(text)
}

@artmakh
Copy link
Author

artmakh commented Nov 6, 2021

Can confirm - this workaround works. Thanks for your help!

@asifhj
Copy link

asifhj commented Nov 6, 2021

@dckc Thank you so much for the workaround. I confirm I am able to import my private key.

@kennyrowe
Copy link
Contributor

Just to bring it all home. You still must import the keyfile using this command ag0 keys import <name> keyfile

@asifhj
Copy link

asifhj commented Nov 7, 2021

Thank you @kennyrowe. Yes, I am able to import it.

@dckc dckc added enhancement New feature or request wontfix This will not be worked on and removed bug Something isn't working labels Nov 8, 2021
@dckc
Copy link
Member

dckc commented Nov 8, 2021

Thanks for confirming the work-around, everybody. I added a small section about this in the validator guide.

As to an actual fix, we could request that cosmos-sdk fix this bug, but my guess is that they would not consider it a bug. There are good reasons for them to insist on a mnemonic phrase; for example so that you can generate many accounts from the same recovery phrase. We could make an enhancement request, but I'm not sure how that would go over either.

Or we could add it to ag0 even though upstream cosmos-sdk doesn't support it. That adds additional cost which doesn't look worthwhile.

So I'm re-phrasing this as an enhancement but closing it as wontfix.

@dckc dckc closed this as completed Nov 8, 2021
@dckc dckc changed the title No supported way to import unarmored-hex private key in keychain import unarmored-hex private key in keychain Nov 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
agd Agoric (Golang) Daemon enhancement New feature or request wontfix This will not be worked on
Projects
None yet
Development

No branches or pull requests

4 participants