feeless icon indicating copy to clipboard operation
feeless copied to clipboard
verified publisher icon feeless

Wallet file encryption

Open gak opened this issue 4 years ago • 5 comments

It would be good to optionally have the wallet encrypted. For now I think the whole wallet file should be encrypted, rather than individual wallets. A new issue should be made for individual wallets.

This should use a well established cryptography algorithm.

An example to encrypt the whole wallet file:

export FEELESS_WALLET_FILE=gak.wallet

feeless wallet password
Enter a new password:
Confirm password:
Password added.

Doing it again will ask for the existing password:

feeless wallet password
Enter existing password:
Enter a new password:
Confirm password:
Password replaced.

When accessing keys, a password will be requested:

feeless wallet address
Enter password:
nano_1abcd...

Having an environment variable would be handy although insecure:

FEELESS_WALLET_PASSWORD=hunter2 feeless wallet address
nano_1abcd...

You can remove a password and make it unencrypted again:

feeless wallet password --remove
Enter existing password:
Password removed.

gak avatar Mar 20 '21 22:03 gak

For encryption maybe we could use one of these? https://github.com/RustCrypto/stream-ciphers

Fiono11 avatar Mar 25 '21 17:03 Fiono11

Yes, I think so. Not sure what's good though. Maybe see what other crypto wallets (Nano, Ethereum, Bitcoin) are using?

gak avatar Mar 26 '21 00:03 gak

Bitcoin seems to use AES/SHA512

https://github.com/bitcoin/bitcoin/blob/c7ad94428ab6f54661d7a5441e1fdd0ebf034903/src/wallet/crypter.cpp#L46

gak avatar Mar 26 '21 00:03 gak

Did some more research. Let's go with https://crates.io/crates/ctr

gak avatar Mar 26 '21 03:03 gak

Working on this issue.

Fiono11 avatar Mar 26 '21 17:03 Fiono11