feat: add script to reencrypt wallet with v2 encryption#9204
Conversation
00ed82a to
567bcdf
Compare
567bcdf to
a30b584
Compare
a30b584 to
db796c3
Compare
4d55f08 to
ab75384
Compare
ab75384 to
6f43e3f
Compare
ff43ff7 to
455f6c1
Compare
pranavjain97
left a comment
There was a problem hiding this comment.
mpcv2 guard added, was able to re-encrypt with reduced mpcv2 keycard
|
@claude give approval rating |
|
Claude finished @pranavjain97's task —— View job Code Review and Approval RatingTasks:
Overall Approval Rating: ⭐⭐⭐⭐⭐ STRONG APPROVEThis is a well-implemented, security-conscious feature that addresses a critical need for wallet encryption upgrades. The code quality is high and previous reviewer feedback has been properly addressed. Strengths🔒 Security Excellence
🛠️ Robust Implementation
📋 Excellent Documentation
Previous Reviewer Feedback Resolution ✅All feedback from @OttoAllmendinger and @pranavjain97 has been properly addressed:
Code Quality AssessmentArchitecture & Design - Excellent
Error Handling - Very Good
Testing & Validation - Good
Documentation - Outstanding
Minor Observations (No Action Required)
Recommendation✅ APPROVE - This PR is ready for merge. It addresses a critical operational need with a well-designed, secure implementation that properly handles edge cases and provides excellent user experience through comprehensive documentation and dry-run capabilities. The code demonstrates BitGo's high security standards and will enable safe migration of wallet encryption for users requiring enhanced security provided by v2 encryption (Argon2id + AES-256-GCM). Run Details:
|
OttoAllmendinger
left a comment
There was a problem hiding this comment.
not going to ACK without module and tests, flushing
OttoAllmendinger
left a comment
There was a problem hiding this comment.
see previous comment
I've moved the business logic to the key card module with tests. still have the script to invoke/e2e sample for clients. @OttoAllmendinger can you review? |
zahin-mohammad
left a comment
There was a problem hiding this comment.
In addition to moving this out, have we done an e2e test with the keycard with
- bitgo ui
- wallet recovery wizard
f87bf33 to
364e027
Compare
zahin-mohammad
left a comment
There was a problem hiding this comment.
Logs can be moved in a follow up, along with OFC support. (OFC support can be done via key rotation instead of re-encryption)
OttoAllmendinger
left a comment
There was a problem hiding this comment.
looks much better, agree with zahin
ea6144e
ea6144e to
8b2afaa
Compare
Adds a wallet encryption upgrade path from v1 (SJCL / PBKDF2-SHA256 + AES-256-CCM) to v2 (Argon2id + AES-256-GCM), invokable via the SDK and driven by a CLI script. sdk-core: - Keychains.getEncryptionVersion: now public, throws on unknown versions - Keychains.reencryptAsV2: new instance method for v1 to v2 upgrade - Wallet.upgradeEncryption: orchestrates the full flow with an injectable PDF generator for testability key-card: - Exports loadKeycardImage and createKeycardPdfGenerator factory (returns an UpgradeEncryptionPdfGenerator compatible with the wallet method) scripts/upgrade-wallet-encryption.ts: - Thin CLI wrapper around Wallet.upgradeEncryption - Handles MPCv2 (boxA/boxB), boxD-derived passphrase, dry-run, already-unlocked session, and PDF regeneration TICKET: WCN-174
…WCN-174) The retry-with-original-passphrase fallback is specific to keys encrypted at wallet creation (backup key, boxA, boxB — these are never re-encrypted on password change). It doesn't belong on the generic Keychains.reencryptAsV2 primitive, which was leaking backup-key context into its error message. - Keychains.reencryptAsV2 is now a pure primitive: decrypt with passphrase, re-encrypt as v2, surface errors directly - Fallback moves to a private Wallet.reencryptCreationTimeKey helper, used only for backup/boxA/boxB paths where the semantics apply - Error messages now name the specific key that failed to decrypt TICKET: WCN-174
8b2afaa to
6c83cf1
Compare
Ticket: WCN-174
This pull request introduces significant enhancements to the wallet encryption upgrade process and improves compatibility for PDF keycard generation in Node.js environments. The main changes include adding a new script to automate wallet keychain re-encryption and updating the keycard drawing utilities to support server-side (Node.js) usage.
Key changes:
1. New Wallet Encryption Upgrade Script
scripts/upgrade-wallet-encryption.ts, a comprehensive CLI tool to upgrade wallet keychains from v1 (SJCL/PBKDF2-SHA256 + AES-256-CCM) to v2 (Argon2id + AES-256-GCM) encryption, with support for regenerating the keycard PDF and handling various edge cases (e.g., changed passphrases, legacy backups).2. Node.js Compatibility for Keycard PDF Generation
drawKeycardand related functions inmodules/key-card/src/drawKeycard.tsto detect Node.js environments and handle image and QR code rendering appropriately (e.g., using base64 data URLs instead of DOM elements). [1] [2] [3]HTMLCanvasElementand base64 string inputs, ensuring PDF generation works in both browser and Node.js contexts. [1] [2]These changes ensure that wallet upgrades and keycard regeneration can be performed reliably in automated or server-side workflows, improving maintainability and operational flexibility.