cmd/ethkey: new tool for key files #15438
Conversation
|
Thank you for your contribution! Your commits seem to not adhere to the repository coding standards
Please check the contribution guidelines for more details. This message was auto-generated by https://gitcop.com |
|
Thank you for your contribution! Your commits seem to not adhere to the repository coding standards
Please check the contribution guidelines for more details. This message was auto-generated by https://gitcop.com |
|
Have you seen https://github.com/bas-vk/ethsign ? Is there anythiing which differs in the functionality between Because I'd rather get the code into |
|
I didn't know about ethsign. It seems to use keystores though. And it is an
interactive shell instead of a standalone CLI.
What I needed it for was dumping the private key. I didn't find a tool that
could do it. Ethsign doesn't do it either.
…On 9 Nov 2017 9:33 am, "Martin Holst Swende" ***@***.***> wrote:
Have you seen https://github.com/bas-vk/ethsign ? Is there anythiing
which differs in the functionality between ethsign (
https://github.com/bas-vk/ethsign) and your proposed utility?
Because I'd rather get the code into ethsign and then (perhaps) merge
that into a standalone binary. ethsign relies on the account storage,
which can either be raw keys, but also other things, such as hardware
wallets.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#15438 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA0F3LIbwH4afNhrBktaQJAhI7gl2unmks5s0rjugaJpZM4QWz3G>
.
|
Makefile
Outdated
| @@ -21,6 +21,11 @@ swarm: | |||
| @echo "Done building." | |||
| @echo "Run \"$(GOBIN)/swarm\" to launch swarm." | |||
|
|
|||
| ethkey: | |||
There was a problem hiding this comment.
There is no need to add this command to Makefile. It can be built using make all.
| ) | ||
|
|
||
| var ( // Commonly used command line flags. | ||
| passphraseFlag = cli.StringFlag{ |
There was a problem hiding this comment.
This is a dangerous flag because it encourages setting the flag on the command line, where it might end up in history. Command line arguments are visible to any user. Please remove the flag.
There was a problem hiding this comment.
Well, it's one in three ways. For testing or for the large quantities of files with an empty passphrase, I think it's worth it. I just made a change that makes --passphrase "" work for files with empty passphrases. I think it's easier than touch tempfile; ethkey --passphrasefile tempfile :D
There was a problem hiding this comment.
You can always pipe empty strings into the interactive password input to do stuff like that.
| @@ -0,0 +1,322 @@ | |||
| package main | |||
There was a problem hiding this comment.
New files in cmd/ need the GPLv3 header. Please copy it from cmd/geth/main.go.
cmd/ethkey/main.go
Outdated
|
|
||
| // Configure the app instance. | ||
| func init() { | ||
| app = cli.NewApp() |
There was a problem hiding this comment.
Please use utils.NewApp, which sets version automatically. For its gitCommit, define a global variable called gitCommit. It will be filled in by the linker.
Please don't set app.Copyright.
There was a problem hiding this comment.
The reason why I avoided that is because utils.NewApp sets the version to the geth version. That might be misleading since geth versions might change while the functionality of this CLI will remain the same. (That's actually very likely given the simplicity of this tool.)
There was a problem hiding this comment.
All tools including rlpdump, evm, swarm use the same version. Releases in this repo are go-ethereum releases, not just geth releases.
There was a problem hiding this comment.
That's fair enough.
cmd/ethkey/main.go
Outdated
| keyfilepath = defaultKeyfilePath | ||
| } | ||
| var err error | ||
| keyfilepath, err = filepath.Abs(keyfilepath) |
There was a problem hiding this comment.
Why do you need the absolute path?
There was a problem hiding this comment.
os.Stat was failing for some reason while I was testing. I tried without and it works fine, so I remove all the filepath.Abs calls. Thanks for the critical suggestion :)
|
Thank you for this PR! It's a good addition to the toolchain. |
stevenroose
force-pushed
the
ethkey
branch
2 times, most recently
from
8a9db48 to
4418c15
Compare
cmd/ethkey/README.md
Outdated
|
|
||
| # Usage | ||
|
|
||
| ## generate |
There was a problem hiding this comment.
Please use full command as heading, e.g.
## `ethkey generate`
Generates a new keyfile.There was a problem hiding this comment.
Done. Not sure how well that would work with the longer arguments in sign and verify, though. Let me check how GitHub renders it here :)
There was a problem hiding this comment.
Doesn't look that nice. I'll probably change that to regular text
*`ethkey generate`*
|
I'm also thinking about a |
|
Thank you for your contribution! Your commits seem to not adhere to the repository coding standards
Please check the contribution guidelines for more details. This message was auto-generated by https://gitcop.com |
|
One extra thing I'd like to add before having this merged is creating a keyfile from a raw private key. |
|
I am not overly fond of making it so easy to extract the raw private keys. I mean, sure, it should be possible , but I think it's good that it's not easy. People are, today, not exporting and importing raw private keys, and I think that's a good thing. By releasing this, we're enabling people to handle raw privkeys on usb-sticks between their computers. And I'm not sure that's a net benefit. |
|
@holiman The reason why I created this for myself in the first place was to be able to extract the raw private keys. I agree that it should be hard, but it should be possible without having to write your own tool.. There is really not a single other way to get the raw private key than to create something like this yourself. It doesn't have to be advertised. I could also f.e. have |
|
@stevenroose exporting the raw private key should, imo, at least involve being shown a very explicit warning about the operation, and having to enter some text to confirm - maybe random text, e.g. "Do you want to proceed? Enter 93281 to confirm". |
|
I'm super happy about this PR and want to see Should the tool handle transaction signing? I think yes, but we can add that in a subsequent PR. Argument handling is complicated:
I'll think about a good proposal for the latter issue. |
|
Yeah that's always concerns for those kind of utilities. Too many ways to input data. I will rename Input is very welcome for the way we handle input data. @fjl what is your opinion about outputting private keys? I'm personally against some random input like @holiman proposed. But I'd be ok with moving it to a |
|
On an extra note: most of those "too many options to input data" comes to making the code messy and harder to maintain. So I believe a great deal can be done code-wise to make it acceptable. Having a ton of flags is not necessarily a problem, most users will just look for the one they need, find it, and use it. So if we can keep it clean code-wise, I think it should be acceptable. EDIT: Next to that, intuitive defaults are also key. Extra functionality can confuse users, but having a very simple default functionality can resolve that for a big part. |
|
Not sure about inputting random text. I can see both sides. My own view is that users already need to enter the password to dump the key so maybe that's good enough. Other ideas:
About "too many ways to input data":
There should be one way to provide the private key. IMHO that way should be "encrypted key file". All subcommands should take a key path as the (required) first argument, pointing to a JSON file on disk. That's sufficient for the beginning. We can expand this at some point if lots of people see the need to deal with keys in a different way. Likewise, we should reduce the number of ways to input the passphrase. My suggestion is to only accept it via stdin because it is the most secure/private way to pass data to another program. Users can always script themselves out of this by piping it in. There is a conflict for the signing commands: we can't read passphrase and message from the same stdin stream. IMHO these commands should accept the unsigned tx/message as the second argument (because unsigned tx/message needs less security than the passphrase). There can be a local flag (e.g. -f) to read it from a file instead. For output, I'm fine with having a human-readable and machine-readable (JSON) version. |
|
I agree with the points @fjl made. However, I still think As Felix says, you can use bash to skip through that anyway, but at least it would be harder to trick an unsuspecting user into doing it. |
|
Made some changes. Most of the comments should have been addressed.
This is now true, except of course for
This is not true right now, but the private key is hidden behind a
I kept a flag to point to a passprase file (a lot of keyfiles have an empty passphrase so they can be used by passing |
It's a tool that serves as a command line interface to the basic key management functionalities of geth. It currently supports: - generating keyfiles - inspecting keyfiles (print public and private key) - signing messages - verifying signed messages
ethkey is a new tool that serves as a command line interface to the basic key management functionalities of geth. It currently supports: - generating keyfiles - inspecting keyfiles (print public and private key) - signing messages - verifying signed messages
Since I failed building Parity's similar
ethkeycommand line tool, I implemented this one in Go.It is based entirely on functionality in the codebase, just interfaces them easily through a CLI.
There is currently one issue: v1.20.0 from urfave/cli breaks the
--helpflag on commands. I created upstream issue urfave/cli#678 to track this and will add a commit updating the cli dependency when it is resolved.