Merge pull request #858 from input-output-hk/add-encypt-key-command

Michał Mrożek · web-flow · commit bed419f986d4 · 2020-12-18T12:18:22.000+01:00
[CHORE] Add encrypt-key command to CLI
diff --git a/README.md b/README.md
@@ -50,6 +50,38 @@ Possible networks: `etc`, `eth`, `mordor`, `testnet-internal`
 ./bin/mantis cli generate-key-pairs 5
 ```
 
+- encrypt private key (default passphrase is empty string)
+ ```
+./bin/mantis cli encrypt-key --passphrase=pass 00b11c32957057651d56cd83085ef3b259319057e0e887bd0fdaee657e6f75d0
+```
+
+Command output uses the same format as keystore so it could be used ex. to setup private faucet
+
+ex.
+```
+{
+  "id":"3038d914-c4cd-43b7-9e91-3391ea443f95",
+  "address":"c28e15ebdcbb0bdcb281d9d5084182c9c66d5d12",
+  "version":3,
+  "crypto":{
+    "cipher":"aes-128-ctr",
+    "ciphertext":"6ecdb74b2a33dc3c016b460dccc96843d9d050aea3df27a3ae5348e85b3adc3e",
+    "cipherparams":{
+      "iv":"096b6490fe29e42e68e2db902920cad6"
+    },
+    "kdf":"scrypt",
+    "kdfparams":{
+      "salt":"cdcc875e116e2824ab02f387210c2f4ad7fd6fa1a4fc791cc92b981e3062a23e",
+      "n":262144,
+      "r":8,
+      "p":1,
+      "dklen":32
+    },
+    "mac":"8388ae431198d31d57e4c17f44335c2f15959b0d08d1145234d82f0d253fa593"
+  }
+}
+```
+
 ### Building the client
 
 #### SBT
diff --git a/src/main/scala/io/iohk/ethereum/cli/CliCommands.scala b/src/main/scala/io/iohk/ethereum/cli/CliCommands.scala
@@ -5,6 +5,7 @@ import com.monovore.decline.{Command, Opts}
 import io.iohk.ethereum.crypto
 import io.iohk.ethereum.crypto._
 import io.iohk.ethereum.domain.Address
+import io.iohk.ethereum.keystore.{EncryptedKey, EncryptedKeyJsonCodec}
 import io.iohk.ethereum.utils.ByteStringUtils
 import java.security.SecureRandom
 import io.iohk.ethereum.security.SecureRandomBuilder
@@ -16,9 +17,16 @@ object CliCommands extends SecureRandomBuilder {
   val generateKeyPairsCommand = "generate-key-pairs"
   val deriveAddressCommand = "derive-address"
   val generateAllocsCommand = "generate-allocs"
+  val encryptKeyCommand = "encrypt-key"
+
   val balanceOption = "balance"
   val keyOption = "key"
   val addressOption = "address"
+  val passphraseOption = "passphrase"
+
+  val privateKeyArgument = "private-key"
+  private val privateKeyOpt = Opts
+    .argument[String](privateKeyArgument)
 
   private val GeneratePrivateKeyCommand: Command[String] =
     Command(name = generatePrivateKeyCommand, header = "Generate private key") {
@@ -47,11 +55,7 @@ object CliCommands extends SecureRandomBuilder {
 
   private val DeriveAddressFromPrivateKey: Command[String] =
     Command(name = deriveAddressCommand, header = "Derive address from private key") {
-
-      Opts
-        .argument[String]("private-key")
-        .map(Hex.decode)
-        .map(privKeyToAddress)
+      privateKeyOpt.map(Hex.decode).map(privKeyToAddress)
     }
 
   private val GenerateAllocs: Command[String] =
@@ -74,6 +78,21 @@ object CliCommands extends SecureRandomBuilder {
       }
     }
 
+  private val EncryptKey: Command[String] =
+    Command(name = encryptKeyCommand, header = "Encrypt private key") {
+
+      val privateKey = privateKeyOpt.map(ByteStringUtils.string2hash)
+
+      val passphrase = Opts
+        .option[String](long = passphraseOption, short = "p", help = "Passphrase")
+        .withDefault("")
+
+      (privateKey, passphrase).mapN { (privateKey, passphrase) =>
+        val encKey = EncryptedKey(privateKey, passphrase, secureRandom)
+        EncryptedKeyJsonCodec.toJson(encKey)
+      }
+    }
+
   private def allocs(addresses: List[String], balance: BigInt): String =
     s""""alloc": ${addresses
       .map(address => s"""$address: { "balance": $balance }""")
@@ -87,6 +106,12 @@ object CliCommands extends SecureRandomBuilder {
   }
 
   val api: Command[String] = Command.apply(name = "cli", header = "Mantis CLI") {
-    Opts.subcommands(GeneratePrivateKeyCommand, DeriveAddressFromPrivateKey, GenerateAllocs, GenerateKeyPairs)
+    Opts.subcommands(
+      GeneratePrivateKeyCommand,
+      DeriveAddressFromPrivateKey,
+      GenerateAllocs,
+      GenerateKeyPairs,
+      EncryptKey
+    )
   }
 }
diff --git a/src/test/scala/io/iohk/ethereum/cli/CliCommandsSpec.scala b/src/test/scala/io/iohk/ethereum/cli/CliCommandsSpec.scala
@@ -1,5 +1,7 @@
 package io.iohk.ethereum.cli
 
+import io.iohk.ethereum.keystore.EncryptedKeyJsonCodec
+import io.iohk.ethereum.utils.ByteStringUtils
 import org.scalatest.EitherValues
 import org.scalatest.flatspec.AnyFlatSpec
 import org.scalatest.matchers.should.Matchers
@@ -92,6 +94,30 @@ class CliCommandsSpec extends AnyFlatSpec with Matchers with EitherValues {
     val stringSplit = result.right.get.split("\\n\\n")
     stringSplit.length shouldEqual numOfKeysAsInt
   }
+
+  behavior of encryptKeyCommand
+  it should "encrypt private key (without passphrase)" in {
+    val json = api.parse(Seq(encryptKeyCommand, privateKey)).value
+
+    val decrypted = (for {
+      encrypted <- EncryptedKeyJsonCodec.fromJson(json)
+      decrypted <- encrypted.decrypt("")
+    } yield decrypted).value
+
+    ByteStringUtils.hash2string(decrypted) shouldBe privateKey
+  }
+
+  it should "encrypt private key (with passphrase)" in {
+    val pass = "pass"
+    val json = api.parse(Seq(encryptKeyCommand, argument(passphraseOption, Some(pass)), privateKey)).value
+
+    val decrypted = (for {
+      encrypted <- EncryptedKeyJsonCodec.fromJson(json)
+      decrypted <- encrypted.decrypt(pass)
+    } yield decrypted).value
+
+    ByteStringUtils.hash2string(decrypted) shouldBe privateKey
+  }
 }
 
 object Fixture {
