Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce gaiacli keys export / gaiacli keys import #2020

Closed
cwgoes opened this issue Aug 14, 2018 · 14 comments · Fixed by #4436
Closed

Introduce gaiacli keys export / gaiacli keys import #2020

cwgoes opened this issue Aug 14, 2018 · 14 comments · Fixed by #4436
Assignees
Labels
C:CLI C:Keys Keybase, KMS and HSMs T: UX

Comments

@cwgoes
Copy link
Contributor

cwgoes commented Aug 14, 2018

We definitely need these prelaunch. They can come with extensive warnings.

Ideally we should do this in a standard format; the ASCII-armored one currently in the keybase implementation should be fine for now.

@cwgoes
Copy link
Contributor Author

cwgoes commented Aug 14, 2018

Brought up by @alessio - cc @ebuchman was this controversial?

@cwgoes cwgoes added C:CLI T: UX C:Keys Keybase, KMS and HSMs prelaunch labels Aug 14, 2018
@zmanian
Copy link
Member

zmanian commented Aug 15, 2018

Our view has that people need to store their words and that's our portability solution.

I disagree that this is prelaunch cause no one will be able to transfer funds at launch.

@rigelrozanski
Copy link
Contributor

second zmanian, exporting the seed phrase should be sufficient

@cwgoes
Copy link
Contributor Author

cwgoes commented Aug 28, 2018

second zmanian, exporting the seed phrase should be sufficient

That would be fine if it were possible but it isn't because we don't store the seed phrase. I think we want some export method that can happen after you first create the key, otherwise users who fail to write down their seed phrase - but still have the gaiacli DB and their password - will find it very difficult to recover their keys.

It's a non-breaking change - so OK on post-launch - I expect we'll get requests for this pretty quickly.

@jackzampolin
Copy link
Member

Sounds like we still don't have gaiacli keys export

@alexanderbez
Copy link
Contributor

alexanderbez commented May 28, 2019

Correct, we do not have this atm. As I see it, we can:

  1. Expect users to write down/safely store their seeds (as they should as it is up to them) and this is generally a good practice users should be doing anyway. If they lose a seed -- they're screwed.
  2. Potentially store the seed and allow that to be exported. I'm less worried about this now since we updated the permissions on the keys DB, so only a system user with the correct privileges would be able to execute such a command.

@alessio
Copy link
Contributor

alessio commented May 28, 2019

We can export the private key in ASCII format - provided that the user supply the correct mnemonic.

@alessio
Copy link
Contributor

alessio commented May 28, 2019

@alexanderbez storing the seed is in my opinion the most riskiest of all options

@alexanderbez
Copy link
Contributor

alexanderbez commented May 28, 2019

The problem is that the users doesn't know the seed. They were silly and forgot to save it in a safe location.

@alessio
Copy link
Contributor

alessio commented May 28, 2019

I'll spike on this and demo something soon

@sabau
Copy link
Contributor

sabau commented May 29, 2019

So would the seed phrase be accessible in clear text or GPG signed -> requiring password to access it?

@alessio
Copy link
Contributor

alessio commented May 29, 2019

[Brain dump mode ON]

A malicious actor sits next to me. By mistake I run gaiacli keys export mykey and the seed is printed out. The seed is 24 word long, human intelligible text - not too hard to memorise/remember.
Had export generated a GPG- ASCII armored string of bytes it'd have been a way harder for them to memorise it.

[brain dump mode OFF]

@alessio alessio self-assigned this May 29, 2019
alessio pushed a commit that referenced this issue May 30, 2019
Add Keybase's ExportPrivKey()/ImportPrivKey() API calls to export/import
ASCII-armored private keys. Relevant keys subcommands are provided as well.

Closes: #2020
@Kwaskoff
Copy link

and how import key when you saved generated key and didn't save "export" file?

@Kwaskoff
Copy link

gaiacli keys unsafe-import-eth-key keyname key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C:CLI C:Keys Keybase, KMS and HSMs T: UX
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants