cardano-addresses icon indicating copy to clipboard operation
cardano-addresses copied to clipboard

Published 20 hours ago verified publisher icon IntersectMBO

FR: Expose the Passphrase for the "from-recovery-phrase" command

Open gitmachtl opened this issue 3 years ago • 9 comments

Hi, after a little chat with @KtorZ i am opening this FR to expose the passphrase parameter via a cli parameter

something like

$ cardano-address key from-recovery-phrase icarus "mnemonics" --passphrase "mySecretPassphrase"

Would be an awesome addition to the tool, thx!

gitmachtl avatar Aug 15 '22 09:08 gitmachtl

CC @paweljakubas

KtorZ avatar Aug 15 '22 15:08 KtorZ

@teddyjfpender I am happy to add this functionality if you can put that in some future sprint

paweljakubas avatar Aug 16 '22 13:08 paweljakubas

hi @KtorZ So in essence we want to have:

  1. ability to derive xprv with passwd as here https://github.com/input-output-hk/cardano-crypto/blob/04c211d7f9504b04eb6595cab62eb39a573467f1/src/Cardano/Crypto/Wallet.hs#L180
  2. and then be able to "restore" xprv using this https://github.com/input-output-hk/cardano-crypto/blob/04c211d7f9504b04eb6595cab62eb39a573467f1/src/Cardano/Crypto/Wallet.hs#L171 (here newpasswd would be BS.empty). Here we should have xprv as obtained from derivation without password provided the mnemonic matches.
  3. and from user point of view password could be just text. Any requirement here? Maybe we want to see how text passwd can be represented as password hash? Do I understand the request properly? Many thanks!

paweljakubas avatar Aug 16 '22 17:08 paweljakubas

I am not familiar with the code you posted, but the requested passphrase was ment to be part of the pbkdf2 xprv key generation from a given mnemonics for the icarus method. Like its used for example in Trezor-HW-Wallets (exept for the 24 words with the entropy bug), like:

https://github.com/vacuumlabs/cardano-crypto.js/blob/8c8e467481380ba29db6295a9edbcdc54b1c63eb/features/key-derivation.js#L102

I think its https://github.com/input-output-hk/cardano-crypto/blob/04c211d7f9504b04eb6595cab62eb39a573467f1/src/Cardano/Crypto/Wallet.hs#L126 in the cardano-crypto lib?

Passphrase should be in plaintext, because thats also how f. e. Trezor is using it to switch between different accounts on the device. Could be passed as hex too i guess, little conversion on the user side does not hurt i guess.

I have made a little tool meanwhile that can do it for icarus, icarus-trezor and ledger method.

Basically its about the password like ...

function generateIcarusMasterKey(seed, password) {
        const xprv = crypto.pbkdf2Sync(
                password,
                seed,
                4096,
                96,
                'sha512')

        xprv[0] &= 248
        xprv[31] &= 31
        xprv[31] |= 64

        return xprv;
}

Testvectors from CIP003 for example: https://github.com/cardano-foundation/CIPs/blob/master/CIP-0003/Icarus.md#test-vectors

Without Passphrase:

$ cardano-mnemonic-rootkey icarus "eight country switch draw meat scout mystery blade tip drift useless good keep usage title"
c065afd2832cd8b087c4d9ab7011f481ee1e0721e78ea5dd609f3ab3f156d245d176bd8fd4ec60b4731c3918a2a72a0226c0cd119ec35b47e4d55884667f552a23f7fdcd4a10c6cd2c7393ac61d877873e248f417634aa3d812af327ffe9d620

With Passphrase="foo" (UTF-8)

$ cardano-mnemonic-rootkey icarus "eight country switch draw meat scout mystery blade tip drift useless good keep usage title" foo
70531039904019351e1afb361cd1b312a4d0565d4ff9f8062d38acf4b15cce41d7b5738d9c893feea55512a3004acb0d222c35d3e3d5cde943a15a9824cbac59443cf67e589614076ba01e354b1a432e0e6db3b59e37fc56b5fb0222970a010e

gitmachtl avatar Aug 16 '22 17:08 gitmachtl

@paweljakubas this 'passphrase' isn't to be mixed up the encryption passphrase. This is an additional passphrase that can be set during the master key generation as a second factor. This ensures that not only the recovery phrase is needed, but also that extra passphrase, in order to recover the root private key.

cardano-wallet exposes that feature in the API already and call it mnemonic_second_factor although weirdly enough, this is defined as a list of 9-12 BIP-0039 words instead of a plain UTF-8 string. I guess we didn't want people to mix that up with the spending, passphrase at the time and thought that a second factor as a mnemonic was good enough.

Note that this is only available for the new derivation style (used by Icarus and Shelley wallets) and I think, Ledger's style also supports it.

KtorZ avatar Aug 16 '22 18:08 KtorZ

I think, Ledger's style also supports it

Trezor supports it 1:1, Ledger uses another derivation style and also uses "mnemonic"+passphrase as the final password string to confuse devs even more 😆 https://github.com/LedgerHQ/orakolo/blob/0b2d5e669ec61df9a824df9fa1a363060116b490/src/python/orakolo/HDEd25519.py#L370-L387

Also icarus uses the mnemonics as seed and the password as password, ledger is using the password as seed and the mnemonics as password 😆

gitmachtl avatar Aug 16 '22 18:08 gitmachtl

Yes, Trezor is the same style as Icarus / Shelley (except for 24 words 😔), and ledger has its own, similar, but different. And.. Right, I know remember how ledger had this weird things of concatenating the passphrase with an hard-coded "mnemonic"... Sigh.

KtorZ avatar Aug 16 '22 18:08 KtorZ

@KtorZ @gitmachtl @teddyjfpender the PR addressing what you asked for (I hope so) is there https://github.com/input-output-hk/cardano-addresses/pull/202

paweljakubas avatar Aug 19 '22 11:08 paweljakubas

@gitmachtl @KtorZ PR https://github.com/input-output-hk/cardano-addresses/pull/202 merged - see READE.md in section

How to generate a root private key with passphrase (root.xsk)

on instructions

paweljakubas avatar Sep 29 '22 15:09 paweljakubas