Skip to content

/ blockstack-browser

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use long derivation paths for App Private Keys (courtesy of blockstack.js) #1496

Open
wants to merge 9 commits into
base: develop
from
Open

Use long derivation paths for App Private Keys (courtesy of blockstack.js) #1496

wants to merge 9 commits into from

Conversation

@kantai
Copy link
Member

kantai commented Jul 3, 2018

This adds support for longer derivation paths for app private keys (#1367)

This maintains quasi-backwards compatibility by

  1. Checking whether or not a legacy public key was used (by checking the profile's apps key
  2. If so, using the legacy key, otherwise, uses the new derivation path.

To test this, you'll need to npm link in the wallet support branch on blockstack.js (or develop once it's merged).
kantai added 3 commits May 18, 2018
@kantai
adding long derivation paths (courtesy of blockstack.js) and test
Loading status checks…
dab863a
@kantai
Merge branch 'develop' into feature/long-app-derivation-paths
Loading status checks…
4151cc1
@kantai
fix syntax error from merge
Loading status checks…
08af48b
@kantai kantai mentioned this pull request Jul 3, 2018
Merged
wbobeirne added 2 commits Jul 10, 2018
@wbobeirne
Replace account-utils functions with BlockstackWallet functions
Verified
This commit was signed with a verified signature.
wbobeirne Will O'Beirne
GPG key ID: CDB0A2D93B99E115 Learn about signing commits
130bd31
@wbobeirne
Remove encryption / decryption code in lieu of blockstack.js, convert…
Verified
This commit was signed with a verified signature.
wbobeirne Will O'Beirne
GPG key ID: CDB0A2D93B99E115 Learn about signing commits
Loading status checks…
2739512 
… as much as possible to BlockstackWallet.
@wbobeirne
Copy link
Contributor

wbobeirne commented Jul 17, 2018

I've expanded this PR to use BlockstackWallet wherever possible.
@wbobeirne wbobeirne mentioned this pull request Jul 30, 2018
Open
@wbobeirne
Copy link
Contributor

wbobeirne commented Aug 1, 2018

Because blockstack.js has upgraded to bitcoinjs-lib@4.x.x, we'll need to do the same in this repo. Unfortunately that's going to be a lot of effort because all HDNode usage was replaced with bip32 usage.
kantai added 2 commits Aug 6, 2018
@kantai
patch account-utils and its dependents to use BlockstackWallet
Loading status checks…
b3c07a0
@kantai
finish refactoring out wallet functions from account-utils
Loading status checks…
9a546cd
@kantai kantai changed the title [WIP] Use long derivation paths for App Private Keys (courtesy of blockstack.js) Use long derivation paths for App Private Keys (courtesy of blockstack.js) Aug 7, 2018
@kantai
add note riot to the legacy app list
Loading status checks…
118cc3a
@kantai kantai changed the title Use long derivation paths for App Private Keys (courtesy of blockstack.js) [WIP] Use long derivation paths for App Private Keys (courtesy of blockstack.js) Aug 7, 2018
@kantai
Merge branch 'develop' into feature/long-app-derivation-paths
Loading status checks…
4059969
@kantai kantai changed the title [WIP] Use long derivation paths for App Private Keys (courtesy of blockstack.js) Use long derivation paths for App Private Keys (courtesy of blockstack.js) Aug 7, 2018
@kantai
Copy link
Member Author

kantai commented Aug 7, 2018

This is updated to work with the latest from this PR: blockstack/blockstack.js#433

I recommend testing this by restoring an old account, logging into multiplayer apps (which should continue to work with the same app private key that you used before if you had previously logged in) and single player apps, and by creating a new user and logging in and out of apps.
@markmhx
Copy link

markmhx commented Mar 19, 2019

@kantai should this issue be considered resolved and closed out based on your PR? #1620
@kantai
Copy link
Member Author

kantai commented Mar 19, 2019

Nope -- as far as I understand, we still are using the short app derivation paths.
@markmhx
Copy link

markmhx commented Mar 19, 2019

@kantai What's the main benefit here? Stronger security or?
@kantai
Copy link
Member Author

kantai commented Mar 19, 2019

@kantai What's the main benefit here? Stronger security or?

Yep -- this would increase the security of the app-derived keys.
@markmhx
Copy link

markmhx commented Mar 20, 2019

@kantai Sounds good – it seems this PR is almost across the finish line and just needs a bit more testing. Is that the case? I'm moving this to the backlog so we can prioritize for the next sprint assuming that's the case.
@hstove
Copy link
Collaborator

hstove commented May 14, 2019

Unless I'm mistaken, this is not backwards compatible with single-player apps, because they aren't in the apps key. So if you login to a single-player app, your data and private key will not be the same.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
Developer Platform Issues
  
Done
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
@kantai @wbobeirne @markmhx @hstove
You can’t perform that action at this time.