Seed Import from json file #109
Conversation
…stead of the public part
| napi::Error::from_reason(format!("Failed to encrypt the device_bundle_seed: {}", e)) | ||
| })?; | ||
|
|
||
| let src_tag = format!("imported#{initial_host_pub_key_b64_derived}"); |
There was a problem hiding this comment.
Does this tag make sense? Or might there be a reason to pick another tag?
| nonce, | ||
| cipher, | ||
| src_tag.clone().into(), | ||
| false, |
There was a problem hiding this comment.
Might there be a reason for having the seed be exportable? And are there any trade-offs to having it exportable (e.g. security-wise)?
There was a problem hiding this comment.
Malicious actors will have a more difficult time extracting the private key if it is not exportable. I can't think of a use-case for needing to export this. Users should go back to their root seeds. If there is a use case, it doesn't change the security landscape that much, so this can be changed to true.
| /// Reads a json file containing the device bundle and the device derivation path, | ||
| /// then derives the device seed and from it a sub seed at index 1 whose base64 encoded | ||
| /// public part should equal the initial_host_pub_key field. | ||
| pub async fn derive_and_import_seed_from_json_file( |
There was a problem hiding this comment.
This is the relevant method. The zome_call_signing stuff is only part of this PR because the file got renamed.
| .map_err(|e| { | ||
| napi::Error::from_reason(format!("Failed to get public key: {:?}", e)) | ||
| })?, | ||
| secret: SecretKey::from_bytes(&*derived_seed.get_seed().read_lock()).map_err( |
There was a problem hiding this comment.
Here you are taking the secret out of protected memory, and placing it into unprotected memory. The protected memory struct can be passed directly into crypto_box_xsalsa_by_pub_key so it never has to be unprotected.
There was a problem hiding this comment.
But, I guess if you need it for the dalek library anyway, you can keep this as-is. Another option, though, would be to use sodoken directly instead of dalek.
There was a problem hiding this comment.
Alright, thanks. I think I can do that, it's only the public key that I would ideally want to have in plain format to be able to compare with what's expected before importing it.
There was a problem hiding this comment.
It looks like LairClient currently can't accept a sodoken buffer directly, so I guess you'll need to leave this as-is unless/until we update that api to be more flexible.
Adds the backend functionality to import seeds from a JSON file as defined in this PR.