Skip to content

Save & load private key in base58 format #146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Dec 21, 2018
Merged

Save & load private key in base58 format #146

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5f1593b
feat: update privatekey file default perm to 0600
Dec 21, 2018
4874931
feat: save & load private key in base58 format
Dec 21, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 26 additions & 2 deletions crypto/kms/privatekeystore.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,20 @@ import (
"github.com/CovenantSQL/CovenantSQL/crypto/hash"
"github.com/CovenantSQL/CovenantSQL/crypto/symmetric"
"github.com/CovenantSQL/CovenantSQL/utils/log"
"github.com/btcsuite/btcutil/base58"
)

var (
// ErrNotKeyFile indicates specified key file is empty
ErrNotKeyFile = errors.New("private key file empty")
// ErrHashNotMatch indicates specified key hash is wrong
ErrHashNotMatch = errors.New("private key hash not match")
// ErrPrivateKeyVersion indicates specified key is not base58 version
ErrInvalidBase58Version = errors.New("invalid base58 version")
// ErrPrivateKeyChecksum indicates specified key is not base58 checksum
ErrInvalidBase58Checksum = errors.New("invalid base58 checksum")

PrivateKeyStoreVersion byte = 0x23
)

// LoadPrivateKey loads private key from keyFilePath, and verifies the hash
Expand All @@ -45,7 +52,21 @@ func LoadPrivateKey(keyFilePath string, masterKey []byte) (key *asymmetric.Priva
return
}

decData, err := symmetric.DecryptWithPassword(fileContent, masterKey)
encData, version, err := base58.CheckDecode(string(fileContent))
switch err {
case base58.ErrChecksum:
return

case base58.ErrInvalidFormat:
// be compatible with the original binary private key format
encData = fileContent
}

if version != 0 && version != PrivateKeyStoreVersion {
return nil, ErrInvalidBase58Version
}

decData, err := symmetric.DecryptWithPassword(encData, masterKey)
if err != nil {
log.Error("decrypt private key error")
return
Expand Down Expand Up @@ -79,7 +100,10 @@ func SavePrivateKey(keyFilePath string, key *asymmetric.PrivateKey, masterKey []
if err != nil {
return
}
return ioutil.WriteFile(keyFilePath, encKey, 0400)

base58EncKey := base58.CheckEncode(encKey, PrivateKeyStoreVersion)

return ioutil.WriteFile(keyFilePath, []byte(base58EncKey), 0600)
}

// InitLocalKeyPair initializes local private key
Expand Down
25 changes: 25 additions & 0 deletions crypto/kms/privatekeystore_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,9 @@ import (

"github.com/CovenantSQL/CovenantSQL/conf"
"github.com/CovenantSQL/CovenantSQL/crypto/asymmetric"
"github.com/CovenantSQL/CovenantSQL/crypto/hash"
"github.com/CovenantSQL/CovenantSQL/crypto/symmetric"
"github.com/btcsuite/btcutil/base58"
. "github.com/smartystreets/goconvey/convey"
)

Expand Down Expand Up @@ -95,6 +97,29 @@ func TestLoadPrivateKey(t *testing.T) {
So(err, ShouldEqual, ErrHashNotMatch)
So(lk, ShouldBeNil)
})
Convey("invalid base58 version", t, func() {
defer os.Remove("./.Base58VersionNotMatch")
var invalidPrivateKeyStoreVersion byte = 0x1
privateKeyBytes, _ := hex.DecodeString("f7c0bc718eb0df81e796a11e6f62e23cd2be0a4bdcca30df40d4d915cc3be3ff")
privateKey, _ := asymmetric.PrivKeyFromBytes(privateKeyBytes)
serializedKey := privateKey.Serialize()
keyHash := hash.DoubleHashB(serializedKey)
rawData := append(keyHash, serializedKey...)
encKey, _ := symmetric.EncryptWithPassword(rawData, []byte(password))
invalidBase58EncKey := base58.CheckEncode(encKey, invalidPrivateKeyStoreVersion)
ioutil.WriteFile("./.Base58VersionNotMatch", []byte(invalidBase58EncKey), 0600)
lk, err := LoadPrivateKey("./.Base58VersionNotMatch", []byte(password))
So(err, ShouldEqual, ErrInvalidBase58Version)
So(lk, ShouldBeNil)
})
Convey("invalid base58 checksum", t, func() {
defer os.Remove("./.Base58InvalidChecksum")
invalidBase58Str := "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
ioutil.WriteFile("./.Base58InvalidChecksum", []byte(invalidBase58Str), 0600)
lk, err := LoadPrivateKey("./.Base58InvalidChecksum", []byte(password))
So(err, ShouldEqual, base58.ErrChecksum)
So(lk, ShouldBeNil)
})
}

func TestInitLocalKeyPair(t *testing.T) {
Expand Down