import/export accounts #550
Conversation
zelig
force-pushed
the
frontier/cli-key
branch
4 times, most recently
from
e18bfef to
2704b7e
Compare
|
|
||
| Note: | ||
| Since you can directly copy your encrypted accounts to another ethereum instance, this import/export mechanism is not needed when you transfer an account between nodes. | ||
| `, |
There was a problem hiding this comment.
Please wrap these strings at column 80.
|
zelig
force-pushed
the
frontier/cli-key
branch
2 times, most recently
from
7352dfc to
22fd1e2
Compare
| @@ -101,6 +101,17 @@ func (am *Manager) firstAddr() ([]byte, error) { | |||
| return addrs[0], nil | |||
| } | |||
|
|
|||
| func (am *Manager) getKey(addr []byte, keyAuth string) (*crypto.Key, error) { | |||
| if len(addr) == 0 { | |||
There was a problem hiding this comment.
This is not a good idea. Unlock(nil, ...) should never work.
It's like saying: "please unlock some random account with this passphrase".
This change is also unrelated to the account import/export.
There was a problem hiding this comment.
An error needs to be returned if an invalid addr is passed.
|
We can merge this once you remove |
|
Also maybe squash the changes together if you want. |
| am := utils.GetAccountManager(ctx) | ||
| auth := unlockAccount(ctx, am, account) | ||
|
|
||
| err := am.Export(keyfile, common.FromHex(account), auth) |
There was a problem hiding this comment.
We shouldn't export private keys directly to disk. Export encrypted keys only. Maybe supply an additional tool to actually export the private key.
People tend to forget they exported something to file. Ending up with your HDD compromised will lead to your private keys being compromised. We should try to do everything we can do minimise the risk. Supplying an additional tool means "look, you can do it, we don't recommend it, but feel free to use this tool."
Importing is a different story. Would it be possible to check the format of the key and assume either "encrypted key" or "unencrypted key"?
There was a problem hiding this comment.
The current files have different JSON schema for encrypted and unencrypted, but it's not very clean to use compared to a proper header. @fjl and I discussed this before and talked about adding a common format with a header that specifies whether what follows is encrypted or not.
There was a problem hiding this comment.
so currently there are 2 consistent options which both make sense:
1 leave everything there as is.
- we support unencrypted keys anyway as part of the cli with a simple flag then no point in worrying about unencrypted export for now.
- Its all developers anyway. and it is hidden in a subcommand. You really need to be tech savvy to do this.
2 full paranoid mode:
- remove export
- remove plain text key-store
- remove --unencrypted-keys flag
testers can setup a coinbase and unlock it all non-interactively with the following commands:
ethereum -datadir /tmp/eth/42 -logfile /dev/null -password <(echo -n notsosecret) account new
ethereum -datadir /tmp/eth/42 -logfile /dev/null -port 30342 js <(echo 'console.log(admin.nodeInfo().NodeUrl)') > enode
ethereum -datadir /tmp/eth/42 -logfile 42.log -port 30342- password <(echo -n notsosecret) -unlock coinbase .....<further flags to run the node>
and therefore test team won't even need a custom built client
- cli: add passwordfile flag - cli: change unlock flag only takes account - cli: with unlock you are prompted for password or use passfile with password flag - cli: unlockAccount used in normal client start (run) and accountExport - cli: getPassword used in accountCreate and accountImport - accounts: Manager.Import, Manager.Export - crypto: SaveECDSA (to complement LoadECDSA) to save to file - crypto: NewKeyFromECDSA added (used in accountImport and New = generated constructor)
- extract accounts.getKey method - if given empty address it retrieves coinbase (first account) - cli -unlock coinbase will unlock coinbase
- accounts: remove Manager.getKey - cli: for -unlock coinbase, use account manager Coinbase()
…ead /path: is a directory") msg
- remove account export functionality from CLI - remove accountExport method, - remove unencrypted-keys flag from everywhere - improve documentation
Release v1.1.5
…inniting `environment` (ethereum#550) Reduce rawdb calls
Implement EIPs to support the increase of TX size limit configuration. EIPs: 2464, 2364, 2124
#541
https://github.com/ethereum/go-ethereum/wiki/Managing-your-accounts