sui icon indicating copy to clipboard operation
sui copied to clipboard

Published 20 hours ago verified publisher icon MystenLabs

[wallet] Encrypt wallet keystore and add password protection

Open patrickkuo opened this issue 3 years ago • 2 comments
trafficstars

The wallet.key file should be encrypted and protected by a password to make it a little bit more secure.

patrickkuo avatar Mar 04 '22 09:03 patrickkuo

handing this issue over to @joyqvq to decide if we still need this or not.

patrickkuo avatar Nov 02 '22 13:11 patrickkuo

yes this is on my plate (closing the other ticket to track this here) - I dont think encrypting the keystore itself is a good idea, since it will not allow retrieval by address, and we already need to load all keys to memory (in fact all hardware wallet assumes single key as well).

I think this is the most efficient:

  1. sui keytool generate can generate a single key file with encryption to $KEYFILE_PATH
  2. sui client serialize-transfer-sui can generate the tx bytes to sign
  3. sui keytool sign --data $TX_BYTES --path=$KEYFILE_PATH prompt user to enter password, and can output the signed data with the path
  4. sui client execute-signed-tx can execute the signed data returned from the previous step.

so the default behavior for user is still use the unencrypted keystore. if they decide to encrypt or do offline signing, they can use the more flexible interface above.

with https://github.com/MystenLabs/sui/pull/5345 step 2, 4 are doable, will send a PR for step 1 and 3

joyqvq avatar Nov 02 '22 16:11 joyqvq

@joyqvq I'll close this as I think most of the things are now already in place.

stefan-mysten avatar Jan 02 '24 03:01 stefan-mysten