Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gaiacli keys add UX could be much improved #2091

Closed
ebuchman opened this issue Aug 20, 2018 · 6 comments
Closed

gaiacli keys add UX could be much improved #2091

ebuchman opened this issue Aug 20, 2018 · 6 comments
Labels
C:CLI C:Keys Keybase, KMS and HSMs T: Security

Comments

@ebuchman
Copy link
Member

ebuchman commented Aug 20, 2018

gaiacli keys add is a bit weird. It has strange flags like:

  • --no-backup. Why would I ever run the command if people are watching? Seems unecessary
  • --dry-run. What's the point of this? Seems like we're just trying to generate a mnemonic and not make a key - that should probably be a separate command, otherwise we're just burdening this one with random flags
  • --recover. It's not always recovery. Sometimes we just want to make a new key from the same mnemonic (ie. with a different BIP44 path)
  • --account and --index. Not sure why this is better than just using a full. Let's just use the full path?
  • --type flag but currently only allow one type (secp256k1)

I think we should leave add for legacy sake but add two new commands: mnemonic and new.

Mnemonic

Generate a mnemonic from system or user-supplied entropy

Usage:
  gaiacli keys mnemonic

Flags:
  -h, --help             help for add
  -u, --user bool        Prompt the user to enter entropy. Otherwise, use the system's entropy

The output is just a straight up sequence of bip39 words to write down. By passing --user one can specify their own entropy (eg. by rolling ~99 die) instead of reading from system entropy.

New

Usage:
  gaiacli keys new <name> [flags]

Flags:
	--default	      Use system entropy to generate a new mnemonic and derive a key using default parameters
  -h, --help             help for add
      --ledger           Store a local reference to a private key on a Ledger device

This will completely replace add. Instead of flags, we use an interactive prompt that looks like:

$ gaiacli keys new bucky
> Enter your bip39 mnemonic.
> If you don't have one, just hit enter, and one will be generated for you.
gloom bulb estate urge present page tissue volcano pause only ranch body eyebrow cruise island express describe reject road index radar marble release oyster
> -------------------------------------
> Enter your bip39 passphrase.
> If you don't have one, just hit enter, and the default "" will be used
mybip39pass
> -------------------------------------
> Enter your bip44 path. Default is 44'/0'/0'/0/0
44'/118'/0'/0/0
> -------------------------------------
> Enter password to encrypt the derived private key with.
ondiskpass
> -------------------------------------
Successfuly wrote encrypted priv key named "bucky"

The result is the creation of the key named bucky in the gaiacli db, just like add would have done.

If you don't provide a mnemonic, one will be generated for you and output to the screen to be written down.

To avoid the prompts, use --default. It will generate (and print) your mnemonic and use default values for the path and bip39 passphrase. It will still ask you for a password to encrypt your privkey on disk, of course.

Related:

@cwgoes
Copy link
Contributor

cwgoes commented Aug 20, 2018

Note also that the HD derivation isn't yet hooked up - #1527 (comment).

@mslipper
Copy link
Contributor

I'm working on this... expect a PR tomorrow.

@mslipper
Copy link
Contributor

Quick update on this - I've implemented everything, and am working on automation now. It's a bit tough to unit test prompts.

@zramsay
Copy link
Contributor

zramsay commented Aug 27, 2018

#674

mslipper added a commit to mslipper/cosmos-sdk that referenced this issue Aug 29, 2018
@jackzampolin
Copy link
Member

Complete!

@tarcieri
Copy link

For anyone who had thoughts on this, I'm now trying to add similar functionality for the KMS's YubiHSM-based key management: tendermint/tmkms#56 (review)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C:CLI C:Keys Keybase, KMS and HSMs T: Security
Projects
None yet
Development

No branches or pull requests

6 participants