Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Use long derivation paths for App Private Keys (courtesy of blockstack.js) #1496

Open
wants to merge 9 commits into
base: develop
Choose a base branch
from

Conversation

kantai
Copy link
Collaborator

@kantai kantai commented Jul 3, 2018

This adds support for longer derivation paths for app private keys (#1367)

This maintains quasi-backwards compatibility by

  1. Checking whether or not a legacy public key was used (by checking the profile's apps key
  2. If so, using the legacy key, otherwise, uses the new derivation path.

To test this, you'll need to npm link in the wallet support branch on blockstack.js (or develop once it's merged).

@wbobeirne
Copy link
Contributor

I've expanded this PR to use BlockstackWallet wherever possible.

@wbobeirne
Copy link
Contributor

Because blockstack.js has upgraded to [email protected], we'll need to do the same in this repo. Unfortunately that's going to be a lot of effort because all HDNode usage was replaced with bip32 usage.

@kantai kantai changed the title [WIP] Use long derivation paths for App Private Keys (courtesy of blockstack.js) Use long derivation paths for App Private Keys (courtesy of blockstack.js) Aug 7, 2018
@kantai kantai changed the title Use long derivation paths for App Private Keys (courtesy of blockstack.js) [WIP] Use long derivation paths for App Private Keys (courtesy of blockstack.js) Aug 7, 2018
@kantai kantai changed the title [WIP] Use long derivation paths for App Private Keys (courtesy of blockstack.js) Use long derivation paths for App Private Keys (courtesy of blockstack.js) Aug 7, 2018
@kantai
Copy link
Collaborator Author

kantai commented Aug 7, 2018

This is updated to work with the latest from this PR: hirosystems/stacks.js#433

I recommend testing this by restoring an old account, logging into multiplayer apps (which should continue to work with the same app private key that you used before if you had previously logged in) and single player apps, and by creating a new user and logging in and out of apps.

@markmhendrickson
Copy link

@kantai should this issue be considered resolved and closed out based on your PR? #1620

@kantai
Copy link
Collaborator Author

kantai commented Mar 19, 2019

Nope -- as far as I understand, we still are using the short app derivation paths.

@markmhendrickson
Copy link

@kantai What's the main benefit here? Stronger security or?

@kantai
Copy link
Collaborator Author

kantai commented Mar 19, 2019

@kantai What's the main benefit here? Stronger security or?

Yep -- this would increase the security of the app-derived keys.

@markmhendrickson
Copy link

@kantai Sounds good – it seems this PR is almost across the finish line and just needs a bit more testing. Is that the case? I'm moving this to the backlog so we can prioritize for the next sprint assuming that's the case.

@hstove
Copy link
Collaborator

hstove commented May 14, 2019

Unless I'm mistaken, this is not backwards compatible with single-player apps, because they aren't in the apps key. So if you login to a single-player app, your data and private key will not be the same.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants