feat: create eth keystore with master seed#1247
Conversation
sangaman
force-pushed
the
eth-master-seed
branch
from
75caee6 to
3460180
Compare
ghost
left a comment
ghost
left a comment
There was a problem hiding this comment.
LGTM in general :).
I'm also wondering if we should be using xud's master password that we use to encrypt the private keys on disk as the password for the seed (or let user specify an extra seed password). With the current implementation we can recover the wallet only with 24 words (no password required). This can be done in a separate PR if we choose to go that route.
We discussed this before and yes we want this at some point. It already has an issue: #1030 - but definitely not in this PR. We decided to push this feature to |
Thanks for reminding me. I'll bring this up during our next call to discuss if we can implement this without a breaking change. |
| await Promise.all(initWalletPromises); | ||
| if (!this.raidenClient.isDisabled()) { | ||
| const { keystorepath } = this.config.raiden; | ||
| const keystorePromise = seedutil(seedMnemonic, walletPassword, keystorepath).then(() => { |
There was a problem hiding this comment.
In order to programmatically unlock raiden we'll need to store the password of the keystore file in plain text. If I'm reading the code correctly it's using the xud master password to protect the keystore. Can we temporarily set it to empty string until we have a way of unlocking raiden via the REST API?
There was a problem hiding this comment.
Good thinking, I will do this on a temporary basis until we get a much needed call to unlock the keystore.
There was a problem hiding this comment.
Done, I had to make a few changes to the seedutil tool to make the encryption password optional.
sangaman
force-pushed
the
eth-master-seed
branch
from
3460180 to
cab5f12
Compare
sangaman
changed the title
This modifies the seedutil tool so that it uses separate passwords for the aezeed and for encrypting the private key in the keystore. Previously, a single password was used for both, which is incompatible with how xud uses them separately with a master password for decryption and currently always using the default "aezeed" password for the aezeed itself. The encryption password, keystore path, and aezeed passwords are now treated as optional flags.
This commit uses the seed generated during the `CreateNode` call to create the raiden/ethereuem keystore along with the lnd wallets. This is the next step towards having a single recovery seed and a single encryption password for all lnd and raiden wallets. The keystore is encrypted with an empty password instead of the master password until raiden adds a way to decrypt the keystore without needing to store the password in a file in plaintext. A new configuration option `raiden.keystorepath` specifies where xud should create the keystore directory. Closes #1242.
sangaman
force-pushed
the
eth-master-seed
branch
from
cab5f12 to
9b4d9f9
Compare
ghost
merged commit 2 participants
Closes #1242.
This commit uses the seed generated during the
CreateNodecall to create the raiden/ethereuem keystore along with the lnd wallets. This is the final step to having a single recovery seed and a single encryption password for all lnd and raiden wallets.A new configuration option
raiden.keystorepathspecifies where xud should create the keystore directory.@reliveyy You should pass in this new option to
xudwhen creating the wallets in docker. We will still need to figure out the best approach to ensuring the seedutil binary is available through non-docker installations. For dev/testing purposes if you have Go installed you can just usenpm run compile:seedutil.