Skip to content

[wallet] allow adding pubkeys from imported private keys to keypool #15414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Sjors wants to merge 1 commit into from
Closed

[wallet] allow adding pubkeys from imported private keys to keypool #15414

Sjors wants to merge 1 commit into from

Conversation

@Sjors
Copy link
Member

@Sjors Sjors commented Feb 15, 2019

#14075 added a keypool param to importmulti which imports public keys into the keypool, but this was restricted to watch-only wallets (wallets created with disable_private_keys).

This PR relaxes that constraint to also allow private keys.

This is a step towards #14449, being able to import any BIP44/49/84 compatible external wallet. Once imported it's not safe to go back though, because the getnewaddress command is unaware of the intended address type. For that to really work we either need descriptor based wallets, or import could descriptors as metadata to individual keys in the wallet and make the wallet enforce those when generating a new (change) address.

This also enables me to write a test in #14912 which creates an unsigned PSBT in a wallet without private keys and then signs it in a wallet with those private keys (which simulates an external hardware wallet). There are probably other ways I can build that test though.

@Sjors
Copy link
Member Author

Sjors commented Feb 15, 2019

This might interact with #15024.

@Sjors Sjors mentioned this pull request Feb 15, 2019
Closed
@meshcollider
Copy link
Contributor

meshcollider commented Feb 15, 2019

Concept ACK

@DrahtBot
Copy link
Contributor

DrahtBot commented Feb 16, 2019
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #16341 (WIP: Introduce ScriptPubKeyMan interface and use it for key and script management (aka wallet boxes) by achow101)
  • #16301 (Use CWallet::Import* functions in all import* RPCs by achow101)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@Sjors Sjors force-pushed the 2019/02/keypool_import_private_keys branch from cacf2f3 to 9f63410 Compare February 22, 2019 13:11
@Sjors Sjors force-pushed the 2019/02/keypool_import_private_keys branch from 9f63410 to 7f23872 Compare March 8, 2019 11:10
@achow101
Copy link
Member

achow101 commented Mar 14, 2019

NACK. I don't think that any imported private keys should be added to the keypool. A key that has been imported is one which has been exposed in plaintext and should thus be considered compromised. It would be unsafe to continue to use such a private key. Furthermore, private keys which are imported are often ones that have already been used. If a used key were imported to the keypool, it will lead to accidental address reuse which we should avoid.

creates an unsigned PSBT in a wallet without private keys and then signs it in a wallet with those private keys (which simulates an external hardware wallet). There are probably other ways I can build that test though.

Why can't you create the wallet with the private keys and then import the pubkeys into another wallet?

@Sjors
Copy link
Member Author

Sjors commented Mar 14, 2019

The test needs a signed PSBT, which is easiest with a keypool. It might be possible to sign without having a keypool by manually passing in the private keys to a PSBT method.

@luke-jr
Copy link
Member

luke-jr commented Apr 17, 2019

@achow101 A compromised key is never safe to import, so the assumption that an imported key is compromised doesn't really hold. The only time I think it really makes sense to import private keys are restoring a wallet backup, converting a foreign wallet, or vanitygen. The latter case definitely could benefit from adding to the keypool: someone could leave a vanitygen process constantly filling their keypool with a given prefix, for example.

@Sjors Sjors force-pushed the 2019/02/keypool_import_private_keys branch from 7f23872 to dc44b45 Compare April 24, 2019 13:19
@Sjors Sjors force-pushed the 2019/02/keypool_import_private_keys branch from dc44b45 to 524f76a Compare June 6, 2019 09:41
@Sjors
Copy link
Member Author

Sjors commented Jun 6, 2019

I'm tempted to close this in order to allow more focus on descriptor based wallets (e.g. #15764). First I'm going to see if I can make my test work without this.

@DrahtBot
Copy link
Contributor

DrahtBot commented Jul 26, 2019

Needs rebase

@Sjors Sjors closed this Aug 2, 2019
@BrannonKing BrannonKing mentioned this pull request Sep 11, 2019
Open
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Dec 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

Wallet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@Sjors @meshcollider @DrahtBot @achow101 @luke-jr @laanwj @fanquake