Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CLI to allow for bundle v1.0.0 decryption/encryption #62

Merged
merged 6 commits into from
May 14, 2024
Merged

Fix CLI to allow for bundle v1.0.0 decryption/encryption #62

merged 6 commits into from
May 14, 2024

Conversation

r-n-o
Copy link
Collaborator

@r-n-o r-n-o commented May 14, 2024
edited
Loading

Summary & Motivation (Problem vs. Solution)

A bunch of things in this branch:

  • fixing the build-local target
  • bumping go-sdk to pick up changes for v1.0.0 bundles
  • allow our CLI to work with localhost (shocked that this wasn't working until now!)
  • switch the quorum key to be committed in standard uncompressed form (rather than committing both uncompressed pub keys and discarding half)
  • fix encrypt and decrypt cmds to allow for signer quorum key overrides. This will be handy to test in local and preprod environments
  • I also had to get rid of the "User not empty" check because it's actually not needed for export where we bind to an organization only.

How was this tested?

Tested this on my local machine against a local version of Turnkey which produce v1.0.0 bundles

Export flow

# Export a wallet
./build/turnkey wallets export --name "New Wallet" -k test --organization 86235bed-b259-44da-9abf-926781e07be4 --export-bundle-output /tmp/wallet.txt --host localhost:8081
>> "ab218775-834b-5998-9d2e-5c285df5f5da"

# Look at the bundle
cat /tmp/wallet.txt 
>> {"version":"v1.0.0","data":"7b22656e6361707065645075626c6963223a2230343333353465646537613266613534366665666536336634623838666636356364613433376532323361363636663364353230653735653064616239376538646561663066626461653239663236373536313935343463653036346366646237653039386262323163373838633335646462333565326164316133643662623932222c2263697068657274657874223a22306134393334356231613363313831376231343933393338633732373266306662663737326333626163646338633836633037643038363434376538393366653839313761306666613865373634653332363335326236653663613863373361323836303461613363376263353332646239356634666533613537663434333734613239346164633064386563613535333437336131376135643733313232623731616564643733616435363639376436323834626133306138393130363333336161656432222c226f7267616e697a6174696f6e4964223a2238363233356265642d623235392d343464612d396162662d393236373831653037626534227d","dataSignature":"3045022016c055f3b2ed71caa19d187dae136a29fa62fe38252a2512dfa1f19f1d6ef288022100fd86879b9ef1b2d284d91c204fd6138737d024b6fa701b0cf196ea08707169f0","enclaveQuorumPublic":"04bce6666ca6c12e0e00a503a52c301319687dca588165b551d369496bd1189235bd8302ae5e001fde51d1e22baa1d44249f2de9705c63797316fc8b7e3969a665"}

# Decrypt the bundle
./build/turnkey decrypt --export-bundle-input /tmp/wallet.txt --organization 86235bed-b259-44da-9abf-926781e07be4 --signer-quorum-key 04bce6666ca6c12e0e00a503a52c301319687dca588165b551d369496bd1189235bd8302ae5e001fde51d1e22baa1d44249f2de9705c63797316fc8b7e3969a665
>> "<redacted mnemonic>"

Import flow

# Init import (creates a bundle)
./build/turnkey wallets init-import -k test --organization 86235bed-b259-44da-9abf-926781e07be4 --user 87b9782a-ff4c-4d76-9cb4-36a79feccec6 --import-bundle-output /tmp/import.bundle --host localhost:8081

# Take a look at the import bundle
cat /tmp/import.bundle 
>> {"version":"v1.0.0","data":"7b227461726765745075626c6963223a2230343834643438363065343430643634383836656133336133383431306330356433323538353563373136666331636638663661396363373538306336333935666338613962383864643663323665653933363066363663643038366239336330303165363938656638336638636236613864343338663238366662643732336666222c226f7267616e697a6174696f6e4964223a2238363233356265642d623235392d343464612d396162662d393236373831653037626534222c22757365724964223a2238376239373832612d666634632d346437362d396362342d333661373966656363656336227d","dataSignature":"3046022100d3258b72dc4d71a3735f31248ca908ee00f2ce54098cf405795ed4567a4e5ccf022100b5fedc7126a3b7e9ee8e9dc0bb095ebdf41092eb67621225c4c737602db79e5a","enclaveQuorumPublic":"04bce6666ca6c12e0e00a503a52c301319687dca588165b551d369496bd1189235bd8302ae5e001fde51d1e22baa1d44249f2de9705c63797316fc8b7e3969a665"}

# Encrypt a seed phrase and produce an encrypted bundle to import
./build/turnkey encrypt --import-bundle-input /tmp/import.bundle --plaintext-input /tmp/mnemonic.txt  --encrypted-bundle-output /tmp/encrypted.bundle --organization 86235bed-b259-44da-9abf-926781e07be4 --user 87b9782a-ff4c-4d76-9cb4-36a79feccec6 --signer-quorum-key 04bce6666ca6c12e0e00a503a52c301319687dca588165b551d369496bd1189235bd8302ae5e001fde51d1e22baa1d44249f2de9705c63797316fc8b7e3969a665

# Take a look at the encrypted bundle
cat /tmp/encrypted.bundle 
>> {"encappedPublic":"040787482c5dd8f314f2a7515860ebfae46daddc3a274f2bc2c448a343056d9de59f71c5b9c719bf4ccdc0a3b2146d4b48cfd20d66173313b596e81a661f1bb6bd","ciphertext":"8ec8a66fe0092a8b13d99b379b8061bde64a96d0560a5597d6b4b67615882103176333581d7f7fd04da4496cff69718395a9953b41c19f1fcceaee8a76508508dbf73908422a352543389a404cfa66b2e0f601ac4f23d0a6714de7389fc57f"}

# Import the encrypted bundle
./build/turnkey wallets import -k test --organization 86235bed-b259-44da-9abf-926781e07be4 --user 87b9782a-ff4c-4d76-9cb4-36a79feccec6 --name "CLI Imported Wallet" --encrypted-bundle-input /tmp/encrypted.bundle --host localhost:8081
image

@r-n-o r-n-o requested a review from andrewkmin May 14, 2024 15:27
andrewkmin
andrewkmin approved these changes May 14, 2024
View reviewed changes
Copy link
Contributor

@andrewkmin andrewkmin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome 👏👏👏

src/cmd/turnkey/pkg/decrypt.go
@@ -18,6 +20,7 @@ var (
func init() {
decryptCmd.Flags().StringVar(&exportBundlePath, "export-bundle-input", "", "filepath to read the export bundle from.")
decryptCmd.Flags().StringVar(&plaintextPath, "plaintext-output", "", "optional filepath to write the plaintext from that will be decrypted.")
decryptCmd.Flags().StringVar(&signerPublicKeyOverride, "signer-quorum-key", "", "optional override for the signer quorum key. This option should be used for testing only. Leave this value empty for production decryptions.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏

src/cmd/turnkey/pkg/decrypt.go
if User == "" {
OutputError(eris.New("failed to associate the encryption key with a user; please manually specify the user ID"))
}
// If user is _still_ empty, the encryption key is still usable in some cases where user ID isn't needed (export)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice catch

src/cmd/turnkey/pkg/encrypt.go Outdated Show resolved Hide resolved
@r-n-o r-n-o merged commit fd37dfe into main May 14, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkmin andrewkmin andrewkmin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@r-n-o @andrewkmin