aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzelig <viktor.tron@gmail.com>2015-03-27 02:55:39 +0800
committerzelig <viktor.tron@gmail.com>2015-03-27 03:00:18 +0800
commit7577d1261403dbabdb30e21415d34b4e5da466ec (patch)
tree5b5fe5aeb443a8fd8a325743490b8fb416a903d3
parentabbdf4156057de8a4f866b0840defc00c2c500db (diff)
downloadgo-tangerine-7577d1261403dbabdb30e21415d34b4e5da466ec.tar.gz
go-tangerine-7577d1261403dbabdb30e21415d34b4e5da466ec.tar.zst
go-tangerine-7577d1261403dbabdb30e21415d34b4e5da466ec.zip
max paranoia mode to UNsupport unencrypted keys entirely
- remove account export functionality from CLI - remove accountExport method, - remove unencrypted-keys flag from everywhere - improve documentation
-rw-r--r--accounts/account_manager.go2
-rw-r--r--cmd/ethereum/main.go149
-rw-r--r--cmd/utils/flags.go14
3 files changed, 73 insertions, 92 deletions
diff --git a/accounts/account_manager.go b/accounts/account_manager.go
index 392518703..34a2c4891 100644
--- a/accounts/account_manager.go
+++ b/accounts/account_manager.go
@@ -208,6 +208,8 @@ func zeroKey(k *ecdsa.PrivateKey) {
}
}
+// USE WITH CAUTION = this will save an unencrypted private key on disk
+// no cli or js interface
func (am *Manager) Export(path string, addr []byte, keyAuth string) error {
key, err := am.keyStore.GetKey(addr, keyAuth)
if err != nil {
diff --git a/cmd/ethereum/main.go b/cmd/ethereum/main.go
index 2e721dc71..42321e8bc 100644
--- a/cmd/ethereum/main.go
+++ b/cmd/ethereum/main.go
@@ -77,9 +77,8 @@ The output of this command is supposed to be machine-readable.
},
{
- Action: accountList,
- Name: "wallet",
- Usage: "ethereum presale wallet",
+ Name: "wallet",
+ Usage: "ethereum presale wallet",
Subcommands: []cli.Command{
{
Action: importWallet,
@@ -92,6 +91,28 @@ The output of this command is supposed to be machine-readable.
Action: accountList,
Name: "account",
Usage: "manage accounts",
+ Description: `
+
+Manage accounts lets you create new accounts, list all existing accounts,
+import a private key into a new account.
+
+It supports interactive mode, when you are prompted for password as well as
+non-interactive mode where passwords are supplied via a given password file.
+Non-interactive mode is only meant for scripted use on test networks or known
+safe environments.
+
+Make sure you remember the password you gave when creating a new account (with
+either new or import). Without it you are not able to unlock your account.
+
+Note that exporting your key in unencrypted format is NOT supported.
+
+Keys are stored under <DATADIR>/keys.
+It is safe to transfer the entire directory or the individual keys therein
+between ethereum nodes.
+Make sure you backup your keys regularly.
+
+And finally. DO NOT FORGET YOUR PASSWORD.
+`,
Subcommands: []cli.Command{
{
Action: accountList,
@@ -106,12 +127,18 @@ The output of this command is supposed to be machine-readable.
ethereum account new
-Creates a new accountThe account is saved in encrypted format, you are prompted for a passphrase.
-You must remember this passphrase to unlock your account in future.
+Creates a new account. Prints the address.
+
+The account is saved in encrypted format, you are prompted for a passphrase.
+
+You must remember this passphrase to unlock your account in the future.
+
For non-interactive use the passphrase can be specified with the --password flag:
ethereum --password <passwordfile> account new
+Note, this is meant to be used for testing only, it is a bad idea to save your
+password to file or expose in any other way.
`,
},
{
@@ -122,38 +149,23 @@ For non-interactive use the passphrase can be specified with the --password flag
ethereum account import <keyfile>
-Imports a private key from <keyfile> and creates a new account with the address
-derived from the key.
+Imports an unencrypted private key from <keyfile> and creates a new account.
+Prints the address.
+
The keyfile is assumed to contain an unencrypted private key in canonical EC
-format.
+raw bytes format.
The account is saved in encrypted format, you are prompted for a passphrase.
-You must remember this passphrase to unlock your account in future.
-For non-interactive use the passphrase can be specified with the -password flag:
- ethereum --password <passwordfile> account import <keyfile>
+You must remember this passphrase to unlock your account in the future.
- `,
- },
- {
- Action: accountExport,
- Name: "export",
- Usage: "export an account into key file",
- Description: `
-
- ethereum account export <address> <keyfile>
-
-Exports the given account's private key into keyfile using the canonical EC
-format.
-The account needs to be unlocked, if it is not the user is prompted for a
-passphrase to unlock it.
-For non-interactive use, the passphrase can be specified with the --unlock flag:
+For non-interactive use the passphrase can be specified with the -password flag:
- ethereum --password <passwrdfile> account export <address> <keyfile>
+ ethereum --password <passwordfile> account import <keyfile>
Note:
As you can directly copy your encrypted accounts to another ethereum instance,
-this import/export mechanism is not needed when you transfer an account between
+this import mechanism is not needed when you transfer an account between
nodes.
`,
},
@@ -217,7 +229,6 @@ JavaScript API. See https://github.com/ethereum/go-ethereum/wiki/Javascipt-Conso
utils.RPCEnabledFlag,
utils.RPCListenAddrFlag,
utils.RPCPortFlag,
- utils.UnencryptedKeysFlag,
utils.VMDebugFlag,
utils.ProtocolVersionFlag,
utils.NetworkIdFlag,
@@ -290,19 +301,17 @@ func execJSFiles(ctx *cli.Context) {
}
func unlockAccount(ctx *cli.Context, am *accounts.Manager, account string) (passphrase string) {
- if !ctx.GlobalBool(utils.UnencryptedKeysFlag.Name) {
- var err error
- // Load startup keys. XXX we are going to need a different format
- // Attempt to unlock the account
- passphrase = getPassPhrase(ctx, "", false)
- accbytes := common.FromHex(account)
- if len(accbytes) == 0 {
- utils.Fatalf("Invalid account address '%s'", account)
- }
- err = am.Unlock(accbytes, passphrase)
- if err != nil {
- utils.Fatalf("Unlock account failed '%v'", err)
- }
+ var err error
+ // Load startup keys. XXX we are going to need a different format
+ // Attempt to unlock the account
+ passphrase = getPassPhrase(ctx, "", false)
+ accbytes := common.FromHex(account)
+ if len(accbytes) == 0 {
+ utils.Fatalf("Invalid account address '%s'", account)
+ }
+ err = am.Unlock(accbytes, passphrase)
+ if err != nil {
+ utils.Fatalf("Unlock account failed '%v'", err)
}
return
}
@@ -343,32 +352,30 @@ func accountList(ctx *cli.Context) {
}
func getPassPhrase(ctx *cli.Context, desc string, confirmation bool) (passphrase string) {
- if !ctx.GlobalBool(utils.UnencryptedKeysFlag.Name) {
- passfile := ctx.GlobalString(utils.PasswordFileFlag.Name)
- if len(passfile) == 0 {
- fmt.Println(desc)
- auth, err := readPassword("Passphrase: ", true)
+ passfile := ctx.GlobalString(utils.PasswordFileFlag.Name)
+ if len(passfile) == 0 {
+ fmt.Println(desc)
+ auth, err := readPassword("Passphrase: ", true)
+ if err != nil {
+ utils.Fatalf("%v", err)
+ }
+ if confirmation {
+ confirm, err := readPassword("Repeat Passphrase: ", false)
if err != nil {
utils.Fatalf("%v", err)
}
- if confirmation {
- confirm, err := readPassword("Repeat Passphrase: ", false)
- if err != nil {
- utils.Fatalf("%v", err)
- }
- if auth != confirm {
- utils.Fatalf("Passphrases did not match.")
- }
+ if auth != confirm {
+ utils.Fatalf("Passphrases did not match.")
}
- passphrase = auth
+ }
+ passphrase = auth
- } else {
- passbytes, err := ioutil.ReadFile(passfile)
- if err != nil {
- utils.Fatalf("Unable to read password file '%s': %v", passfile, err)
- }
- passphrase = string(passbytes)
+ } else {
+ passbytes, err := ioutil.ReadFile(passfile)
+ if err != nil {
+ utils.Fatalf("Unable to read password file '%s': %v", passfile, err)
}
+ passphrase = string(passbytes)
}
return
}
@@ -417,24 +424,6 @@ func accountImport(ctx *cli.Context) {
fmt.Printf("Address: %x\n", acct)
}
-func accountExport(ctx *cli.Context) {
- account := ctx.Args().First()
- if len(account) == 0 {
- utils.Fatalf("account address must be given as first argument")
- }
- keyfile := ctx.Args().Get(1)
- if len(keyfile) == 0 {
- utils.Fatalf("keyfile must be given as second argument")
- }
- am := utils.GetAccountManager(ctx)
- auth := unlockAccount(ctx, am, account)
-
- err := am.Export(keyfile, common.FromHex(account), auth)
- if err != nil {
- utils.Fatalf("Account export failed: %v", err)
- }
-}
-
func importchain(ctx *cli.Context) {
if len(ctx.Args()) != 1 {
utils.Fatalf("This command requires an argument.")
diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go
index dda409502..f948cdb06 100644
--- a/cmd/utils/flags.go
+++ b/cmd/utils/flags.go
@@ -97,14 +97,9 @@ var (
Usage: "Enable mining",
}
- // key settings
- UnencryptedKeysFlag = cli.BoolFlag{
- Name: "unencrypted-keys",
- Usage: "disable private key disk encryption (for testing)",
- }
UnlockedAccountFlag = cli.StringFlag{
Name: "unlock",
- Usage: "unlock the account given until this program exits (prompts for password).",
+ Usage: "unlock the account given until this program exits (prompts for password). '--unlock coinbase' unlocks the primary (coinbase) account",
Value: "",
}
PasswordFileFlag = cli.StringFlag{
@@ -249,12 +244,7 @@ func GetChain(ctx *cli.Context) (*core.ChainManager, common.Database, common.Dat
func GetAccountManager(ctx *cli.Context) *accounts.Manager {
dataDir := ctx.GlobalString(DataDirFlag.Name)
- var ks crypto.KeyStore2
- if ctx.GlobalBool(UnencryptedKeysFlag.Name) {
- ks = crypto.NewKeyStorePlain(path.Join(dataDir, "plainkeys"))
- } else {
- ks = crypto.NewKeyStorePassphrase(path.Join(dataDir, "keys"))
- }
+ ks := crypto.NewKeyStorePassphrase(path.Join(dataDir, "keys"))
return accounts.NewManager(ks)
}