Skip to content

hsmtools: add a tool to recover a to_remote output from peer unilateral close#3217

Closed
darosior wants to merge 7 commits into
ElementsProject:masterfrom
darosior:hsm_tools_bruteforce
Closed

hsmtools: add a tool to recover a to_remote output from peer unilateral close#3217
darosior wants to merge 7 commits into
ElementsProject:masterfrom
darosior:hsm_tools_bruteforce

Conversation

@darosior
Copy link
Copy Markdown
Contributor

@darosior darosior commented Oct 28, 2019

This builds upon #3186 (starts at 02a1934).

I suffered a power outage some weeks ago and lost the dbid of many channels from the database, the remote peer has then unilaterally closed the channel : I was not able to recover the private key from the to_remote output of its commitment transaction without the dbid. Since I've seen others in the same situation (this has been in the news, too...), here is a tool which derives n payment keys for every dbid and compares it to the pubkeyhash output in the witness program (we just take a bech32 P2WPKH address and derive the goal hash from it).

darosior and others added 6 commits October 22, 2019 11:15
@darosior
pytest: clean up hsm_secret_encryption test
1a94351
@darosior
tools/hsmtools: added a tool for decrypting hsm_secret
24025d8 
A general one, for all things hsm_secret.
@darosior
tools/hsmtools: added a tool for encrypting hsm_secret
77406e2
@darosior
pytest: test hsm_secret management with hsmtools
0e5e425
@darosior
README: move hsm_secret encryption infos into a dedicated part
5821cfd 
And tell about decryption with hsmtools
@darosior @Sjors
hsmtools: add a tool to dump commitments points and secrets
26bf34e 
This takes a dbid, a "depth" (how many commits to dump), the hsm_secret
path, and a potential password to dump informations about all
commitments until the depth.

Co-Authored-By: Sjors Provoost <sjors@sprovoost.nl>
@darosior darosior requested a review from cdecker as a code owner October 28, 2019 11:21
@darosior
hsmtools: add a tool to recover to_remote output from remote unilateral
e62a80d 
In case of a loss of data, namely the dbid of a given channel, we might
not be able to recover the payment private key corresponding to the
`to_remote` output of the commitment transaction of the peer.

This adds a tool which compares the pubkeyhash in the output witness
program to the hash of payment keys derived until a specified depth and
a seed derived for every dbid..
@darosior darosior force-pushed the hsm_tools_bruteforce branch from 02a1934 to e62a80d Compare October 28, 2019 12:27
@darosior
Copy link
Copy Markdown
Contributor Author

darosior commented Oct 29, 2019
edited
Loading

Closing this, since it doesn't make sense without option_static_remotekey

@darosior darosior closed this Oct 29, 2019
@darosior darosior mentioned this pull request Oct 29, 2019
Closed
@darosior darosior mentioned this pull request Nov 11, 2019
Merged
@darosior darosior mentioned this pull request Nov 25, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cdecker cdecker Awaiting requested review from cdecker

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@darosior