Conversation
axic
force-pushed
the
update-dependencies
branch
from
08b196b to
47a0001
Compare
holgerd77
left a comment
holgerd77
left a comment
There was a problem hiding this comment.
Please have a look at the ethereumjs-util comment.
| if (!this._hdkey._privateKey) { | ||
| throw new Error('Private key is not available') | ||
| if (!this._hdkey.privateExtendedKey) { | ||
| throw new Error('This is a public key only wallet') |
There was a problem hiding this comment.
Followed the discussion here a bit, if I got this right (so accessing privateExtendedKey is not raising an exception any more if not available), this makes sense.
| return { | ||
| version: 3, | ||
| id: uuid.v4({ random: opts.uuid || crypto.randomBytes(16) }), | ||
| id: uuidv4({ random: opts.uuid || crypto.randomBytes(16) }), |
| decipher.decrypt(encryptedSeed.slice(0, 16)), | ||
| decipher.decrypt(encryptedSeed.slice(16, 32)) | ||
| Buffer.from(decipher.decrypt(encryptedSeed.slice(0, 16))), | ||
| Buffer.from(decipher.decrypt(encryptedSeed.slice(16, 32))) |
There was a problem hiding this comment.
Tested this locally/manually, resulted in the same values with and without Buffer, so I'm not completely getting the reason here, assume this is an extra security measure. Anyway, also makes things a bit more explicit and minimally doesn't hurt.
There was a problem hiding this comment.
It is a Uint8Array which cannot be implicitly used in Buffer.concat, seemingly.
| "mocha": "^2.3.4", | ||
| "coveralls": "^3.0.0", | ||
| "istanbul": "^0.4.5", | ||
| "mocha": "^5.0.0", |
There was a problem hiding this comment.
Tested by successful test run.
| "utf8": "^2.1.1", | ||
| "uuid": "^2.0.1" | ||
| "utf8": "^3.0.0", | ||
| "uuid": "^3.2.1" |
| "bs58check": "^1.0.8", | ||
| "ethereumjs-util": "^4.4.0", | ||
| "hdkey": "^0.7.0", | ||
| "aes-js": "^3.1.0", |
There was a problem hiding this comment.
Ok, associated with changes below.
| "aes-js": "^3.1.0", | ||
| "bs58check": "^2.1.1", | ||
| "ethereumjs-util": "^5.1.4", | ||
| "hdkey": "^0.8.0", |
| "ethereumjs-util": "^4.4.0", | ||
| "hdkey": "^0.7.0", | ||
| "aes-js": "^3.1.0", | ||
| "bs58check": "^2.1.1", |
| "scrypt.js": "^0.2.0", | ||
| "utf8": "^2.1.1", | ||
| "uuid": "^2.0.1" | ||
| "utf8": "^3.0.0", |
| "hdkey": "^0.7.0", | ||
| "aes-js": "^3.1.0", | ||
| "bs58check": "^2.1.1", | ||
| "ethereumjs-util": "^5.1.4", |
There was a problem hiding this comment.
I wonder if this from Wallet.fromV1 doesn't need to be adopted due to this byte to bit length change in the sha3() function:
var decipher = crypto.createDecipheriv('aes-128-cbc', ethUtil.sha3(derivedKey.slice(0, 16)).slice(0, 16), Buffer.from(json.Crypto.IV, 'hex'))
(not possible in GitHub to comment on untouched lines, how stupid is that?)
There was a problem hiding this comment.
ethUtil.sha3(derivedKey.slice(0, 16)) just runs a standard 256bit keccak.
There was a problem hiding this comment.
Ah you mean we may be able to use the 128bits sponge output as it should be identical? I wouldn't do it right now as there is a very sparse test coverage for the V1 wallet (it may also should be removed).
There was a problem hiding this comment.
I don't understand anything of what you are assuming of what I could mean. 😸
I actually mis-read the brackets and thought, a width argument would have been passed to the function, so false alarm.
|
Will also merge in 5 min or so, since I want to write some tests and would like to do it on top of this. |
|
@holgerd77 cool! Do you want to create a changelog file? I want to release this today and have another changeset afterwards (which i won't include in this release). |
|
Yes, will do. |
3 participants
Fixes #24.
Still missing:
aes-js update (the API change broke it)(note: drops support for browsers <IE10)hdkey (asked them to make a release since master contains changes: Please push a release which includes the safe-buffer changes cryptocoinjs/hdkey#13)should also update to ethereumjs-util 5.1.4 once released