Documentation
¶
Index ¶
Examples ¶
Constants ¶
const ( // Secp256k1 uses the Bitcoin secp256k1 ECDSA parameters. Secp256k1 = SigningAlgo("secp256k1") // Ed25519 represents the Ed25519 signature system. // It is currently not supported for end-user keys (wallets/ledgers). Ed25519 = SigningAlgo("ed25519") )
Variables ¶
var ( // ErrUnsupportedSigningAlgo is raised when the caller tries to use a // different signing scheme than secp256k1. ErrUnsupportedSigningAlgo = errors.New("unsupported signing algo: only secp256k1 is supported") // ErrUnsupportedLanguage is raised when the caller tries to use a // different language than english for creating a mnemonic sentence. ErrUnsupportedLanguage = errors.New("unsupported language: only english is supported") )
var BcryptSecurityParameter = 12
Make bcrypt security parameter var, so it can be changed within the lcd test Making the bcrypt security parameter a var shouldn't be a security issue: One can't verify an invalid key by maliciously changing the bcrypt parameter during a runtime vulnerability. The main security threat this then exposes would be something that changes this during runtime before the user creates their key. This vulnerability must succeed to update this to that same value before every subsequent call to gaiacli keys in future startups / or the attacker must get access to the filesystem. However, with a similar threat model (changing variables in runtime), one can cause the user to sign a different tx than what they see, which is a significantly cheaper attack then breaking a bcrypt hash. (Recall that the nonce still exists to break rainbow tables) TODO: Consider increasing default
Functions ¶
This section is empty.
Types ¶
type Info ¶
type Info interface {
// Human-readable type for key listing
GetType() string
// Name of the key
GetName() string
// Public key
GetPubKey() crypto.PubKey
}
Info is the publicly exposed information about a keypair
type Keybase ¶
type Keybase interface {
// CRUD on the keystore
List() ([]Info, error)
Get(name string) (Info, error)
Delete(name, passphrase string) error
// Sign some bytes, looking up the private key to use
Sign(name, passphrase string, msg []byte) (crypto.Signature, crypto.PubKey, error)
// CreateMnemonic creates a new mnemonic, and derives a hierarchical deterministic
// key from that.
CreateMnemonic(name string, language Language, passwd string, algo SigningAlgo) (info Info, seed string, err error)
// CreateKey takes a mnemonic and derives, a password. This method is temporary
CreateKey(name, mnemonic, passwd string) (info Info, err error)
// CreateFundraiserKey takes a mnemonic and derives, a password
CreateFundraiserKey(name, mnemonic, passwd string) (info Info, err error)
// Derive derives a key from the passed mnemonic using a BIP44 path.
Derive(name, mnemonic, passwd string, params hd.BIP44Params) (Info, error)
// Create, store, and return a new Ledger key reference
CreateLedger(name string, path ccrypto.DerivationPath, algo SigningAlgo) (info Info, err error)
// Create, store, and return a new offline key reference
CreateOffline(name string, pubkey crypto.PubKey) (info Info, err error)
// The following operations will *only* work on locally-stored keys
Update(name, oldpass string, getNewpass func() (string, error)) error
Import(name string, armor string) (err error)
ImportPubKey(name string, armor string) (err error)
Export(name string) (armor string, err error)
ExportPubKey(name string) (armor string, err error)
// *only* works on locally-stored keys. Temporary method until we redo the exporting API
ExportPrivateKeyObject(name string, passphrase string) (crypto.PrivKey, error)
}
Keybase exposes operations on a generic keystore
func New ¶
New creates a new keybase instance using the passed DB for reading and writing keys.
Example ¶
// Select the encryption and storage for your cryptostore
cstore := New(
dbm.NewMemDB(),
)
sec := Secp256k1
// Add keys and see they return in alphabetical order
bob, _, err := cstore.CreateMnemonic("Bob", English, "friend", sec)
if err != nil {
// this should never happen
fmt.Println(err)
} else {
// return info here just like in List
fmt.Println(bob.GetName())
}
cstore.CreateMnemonic("Alice", English, "secret", sec)
cstore.CreateMnemonic("Carl", English, "mitm", sec)
info, _ := cstore.List()
for _, i := range info {
fmt.Println(i.GetName())
}
// We need to use passphrase to generate a signature
tx := []byte("deadbeef")
sig, pub, err := cstore.Sign("Bob", "friend", tx)
if err != nil {
fmt.Println("don't accept real passphrase")
}
// and we can validate the signature with publicly available info
binfo, _ := cstore.Get("Bob")
if !binfo.GetPubKey().Equals(bob.GetPubKey()) {
fmt.Println("Get and Create return different keys")
}
if pub.Equals(binfo.GetPubKey()) {
fmt.Println("signed by Bob")
}
if !pub.VerifyBytes(tx, sig) {
fmt.Println("invalid signature")
}
Output: Bob Alice Bob Carl signed by Bob
type Language ¶
type Language int
Language is a language to create the BIP 39 mnemonic in. Currently, only english is supported though. Find a list of all supported languages in the BIP 39 spec (word lists).
const ( // English is the default language to create a mnemonic. // It is the only supported language by this package. English Language = iota + 1 // Japanese is currently not supported. Japanese // Korean is currently not supported. Korean // Spanish is currently not supported. Spanish // ChineseSimplified is currently not supported. ChineseSimplified // ChineseTraditional is currently not supported. ChineseTraditional // French is currently not supported. French // Italian is currently not supported. Italian )
type SigningAlgo ¶
type SigningAlgo string
SigningAlgo defines an algorithm to derive key-pairs which can be used for cryptographic signing.
Source Files
Directories