Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

keys: add command warns on poor key practices #1809

Closed
wants to merge 1 commit into from
Closed

keys: add command warns on poor key practices #1809

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 13 additions & 12 deletions cmd/soroban-cli/src/config/secret.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,29 +43,30 @@ pub struct Args {

impl Args {
pub fn read_secret(&self) -> Result<Secret, Error> {
let print = Print::new(false);
if let Ok(secret_key) = std::env::var("SOROBAN_SECRET_KEY") {
print.infoln("Read secret key from environment variable SOROBAN_SECRET_KEY");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit

Suggested change
print.infoln("Read secret key from environment variable SOROBAN_SECRET_KEY");
print.infoln("Reading secret key from environment variable SOROBAN_SECRET_KEY");

Ok(Secret::SecretKey { secret_key })
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just realized there is no check here that it is a valid secret key. That's what we get for using a String when we should just use PrivateKey directly.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, see:

} else if self.secret_key {
println!("Type a secret key: ");
print.kbln("Enter a secret key (starts with S):");
let secret_key = read_password()?;
let secret_key = PrivateKey::from_string(&secret_key)
.map_err(|_| Error::InvalidSecretKey)?
.to_string();
Ok(Secret::SecretKey { secret_key })
} else if self.seed_phrase {
println!("Type a 12 word seed phrase: ");
print.kbln("Enter a 24 word seed phrase:");
let seed_phrase = read_password()?;
let seed_phrase: Vec<&str> = seed_phrase.split_whitespace().collect();
// if seed_phrase.len() != 12 {
// let len = seed_phrase.len();
// return Err(Error::InvalidSeedPhrase { len });
// }
let seed_words = seed_phrase
.split_whitespace()
.map(ToString::to_string)
.collect::<Vec<_>>();
let seed_words_len = seed_words.len();
if seed_words_len < 24 {
print.warnln("Warning, seed phrases containing less than 24 words may not be secure. It is safer to use a 24 word seed. To generate a new key and a 24 word seed phrase use the `stellar keys generate` command.");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

}
Ok(Secret::SeedPhrase {
seed_phrase: seed_phrase
.into_iter()
.map(ToString::to_string)
.collect::<Vec<_>>()
.join(" "),
seed_phrase: seed_words.join(" "),
})
} else {
Err(Error::PasswordRead {})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just noticed that when a user doesn't pass --secret-key or --seed-phrase, we get to this else arm, but the error isn't super informative:

$ stellar keys add my-new-key

❌ error: secret input error

Perhaps we can add this, or just add a new error message for this case.

Suggested change
Err(Error::PasswordRead {})
print.errorln("No secret key or seed phrase provided. Please use one of these flags: `--secret-key` or `--seed-phrase`.");
Err(Error::PasswordRead {})

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, just noticed that this PR is closed. I can open a new PR with this small change.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm removing the error in another PR anyway:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, that's even better!

Expand Down
1 change: 1 addition & 0 deletions cmd/soroban-cli/src/print.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,3 +106,4 @@ create_print_functions!(save, saveln, "💾");
create_print_functions!(search, searchln, "🔎");
create_print_functions!(warn, warnln, "⚠️");
create_print_functions!(exclaim, exclaimln, "❗️");
create_print_functions!(kb, kbln, "⌨️");
Loading