hsm_secret encryption #3129
Merged
hsm_secret encryption #3129
Commits on Oct 10, 2019
-
daemons: initialize libsodium at setup
According to the doc (https://download.libsodium.org/doc): "sodium_init() initializes the library and should be called before any other function provided by Sodium. [...] the function ensures that the system's random number generator has been properly seeded.".
-
lightningd: '--encrypted-hsm', a new startup option
Add a new startup option which will, if set, prompt the user for a password to derive a key from. This key will later be used to encrypt and/or decrypt `hsm_secret`. This was made a noarg option even if it would have been preferable to let the user the choice of how to specify the password. Since we have to chose, better to not let the password in the commands history.
-
-
hsmd: encrypt hsm_secret if 'lightningd' pass an encryption key
This splits maybe_create_hsm_secret() in two parts (either encrypted or in clear) for clarity, and adds an encryption detection in load_hsm(). There are actually three cases if an encryption key is passed: - There is no hsm_secret => just create it and store the encrypted seed - There is an encrypted hsm_secret => the provided key should be able to decrypt the seed, if the wrong key is passed libsodium will nicely error and hsmd will exit() to not throw a backtrace (using status_failed() as for other errors) at the face of an user who mistyped its password. - There is a non-encrypted hsm_secret => load the seed, delete the hsm_secret, create the hsm_secret, store the encrypted seed.
-
lightningd: prevent hsmd from interpretating an encrypted hsm_secret …
…as not encrypted
-
pytest: allow to set stdin, stdout and stderr at lightningd startup
And also allow to not wait for it to be started. Passing stderr=subprocess.STDOUT can be useful to wait_for_log() also on stderr messages.
-
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.