zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
218 Commits
183 Branches
291 MiB
Tree: 156416fe27
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '156416fe27'
${ noResults }
tendermint/keys/mintkey.go

73 lines
2.3 KiB
Raw Normal View History

go build compiles
7 years ago
no metalinter for now
7 years ago
go build compiles
7 years ago
 
  1. package keys
  2. 

  3. import (
  4. 	"encoding/hex"
  5. 	"fmt"
  6. 

  7. 	cmn "github.com/tendermint/tmlibs/common"
  8. 

  9. 	"github.com/tendermint/go-crypto"
  10. 	"github.com/tendermint/go-crypto/keys/bcrypt"
  11. )
  12. 

  13. const (
  14. 	blockTypePrivKey = "TENDERMINT PRIVATE KEY"
  15. )
  16. 

  17. func encryptArmorPrivKey(privKey crypto.PrivKey, passphrase string) string {
  18. 	saltBytes, encBytes := encryptPrivKey(privKey, passphrase)
  19. 	header := map[string]string{
  20. 		"kdf":  "bcrypt",
  21. 		"salt": fmt.Sprintf("%X", saltBytes),
  22. 	}
  23. 	armorStr := crypto.EncodeArmor(blockTypePrivKey, header, encBytes)
  24. 	return armorStr
  25. }
  26. 

  27. func unarmorDecryptPrivKey(armorStr string, passphrase string) (crypto.PrivKey, error) {
  28. 	var privKey crypto.PrivKey
  29. 	blockType, header, encBytes, err := crypto.DecodeArmor(armorStr)
  30. 	if err != nil {
  31. 		return privKey, err
  32. 	}
  33. 	if blockType != blockTypePrivKey {
  34. 		return privKey, fmt.Errorf("Unrecognized armor type: %v", blockType)
  35. 	}
  36. 	if header["kdf"] != "bcrypt" {
  37. 		return privKey, fmt.Errorf("Unrecognized KDF type: %v", header["KDF"])
  38. 	}
  39. 	if header["salt"] == "" {
  40. 		return privKey, fmt.Errorf("Missing salt bytes")
  41. 	}
  42. 	saltBytes, err := hex.DecodeString(header["salt"])
  43. 	if err != nil {
  44. 		return privKey, fmt.Errorf("Error decoding salt: %v", err.Error())
  45. 	}
  46. 	privKey, err = decryptPrivKey(saltBytes, encBytes, passphrase)
  47. 	return privKey, err
  48. }
  49. 

  50. func encryptPrivKey(privKey crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte) {
  51. 	saltBytes = crypto.CRandBytes(16)
  52. 	key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 12) // TODO parameterize.  12 is good today (2016)

  53. 	if err != nil {
  54. 		cmn.Exit("Error generating bcrypt key from passphrase: " + err.Error())
  55. 	}
  56. 	key = crypto.Sha256(key) // Get 32 bytes

  57. 	privKeyBytes := privKey.Bytes()
  58. 	return saltBytes, crypto.EncryptSymmetric(privKeyBytes, key)
  59. }
  60. 

  61. func decryptPrivKey(saltBytes []byte, encBytes []byte, passphrase string) (privKey crypto.PrivKey, err error) {
  62. 	key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 12) // TODO parameterize.  12 is good today (2016)

  63. 	if err != nil {
  64. 		cmn.Exit("Error generating bcrypt key from passphrase: " + err.Error())
  65. 	}
  66. 	key = crypto.Sha256(key) // Get 32 bytes

  67. 	privKeyBytes, err := crypto.DecryptSymmetric(encBytes, key)
  68. 	if err != nil {
  69. 		return privKey, err
  70. 	}
  71. 	privKey, err = crypto.PrivKeyFromBytes(privKeyBytes)
  72. 	return privKey, err
  73. }