-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keys: add command warns on poor key practices #1809
Conversation
if let Ok(secret_key) = std::env::var("SOROBAN_SECRET_KEY") { | ||
print.infoln("Read secret key from environment variable SOROBAN_SECRET_KEY"); | ||
Ok(Secret::SecretKey { secret_key }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just realized there is no check here that it is a valid secret key. That's what we get for using a String
when we should just use PrivateKey
directly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, see:
Closing this because this warning is too aggressive. I had a moment and forgot that 12 word seed phrases are still 128-bit. |
if let Ok(secret_key) = std::env::var("SOROBAN_SECRET_KEY") { | ||
print.infoln("Read secret key from environment variable SOROBAN_SECRET_KEY"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit
print.infoln("Read secret key from environment variable SOROBAN_SECRET_KEY"); | |
print.infoln("Reading secret key from environment variable SOROBAN_SECRET_KEY"); |
.collect::<Vec<_>>(); | ||
let seed_words_len = seed_words.len(); | ||
if seed_words_len < 24 { | ||
print.warnln("Warning, seed phrases containing less than 24 words may not be secure. It is safer to use a 24 word seed. To generate a new key and a 24 word seed phrase use the `stellar keys generate` command."); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉
.map(ToString::to_string) | ||
.collect::<Vec<_>>() | ||
.join(" "), | ||
seed_phrase: seed_words.join(" "), | ||
}) | ||
} else { | ||
Err(Error::PasswordRead {}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just noticed that when a user doesn't pass --secret-key
or --seed-phrase
, we get to this else
arm, but the error isn't super informative:
$ stellar keys add my-new-key
❌ error: secret input error
Perhaps we can add this, or just add a new error message for this case.
Err(Error::PasswordRead {}) | |
print.errorln("No secret key or seed phrase provided. Please use one of these flags: `--secret-key` or `--seed-phrase`."); | |
Err(Error::PasswordRead {}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, just noticed that this PR is closed. I can open a new PR with this small change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm removing the error in another PR anyway:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, that's even better!
What
Output a warning if word count is less than 24 when accepting seed phrases as a new key.
Also changed how the output of the add command is displayed to use the Print functionality to normalize the output like other newer commands.
Why
Close #1806
Known limitations
[TODO or N/A]