From 9350709f13bc7e3d79b8e0f1515a3fdba4f2cbff Mon Sep 17 00:00:00 2001 From: SomberNight Date: Mon, 3 Dec 2018 13:02:14 +0100 Subject: [PATCH] wallet creation: take care not to write plaintext keys to disk when creating imported privkey wallets the privkeys were written to disk unencrypted first, then overwritten with ciphertext --- electrum/base_wizard.py | 3 ++- electrum/commands.py | 3 ++- electrum/wallet.py | 6 +++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/electrum/base_wizard.py b/electrum/base_wizard.py index 4f3909794..7efd82297 100644 --- a/electrum/base_wizard.py +++ b/electrum/base_wizard.py @@ -200,7 +200,7 @@ class BaseWizard(object): self.storage.put('keystore', k.dump()) w = Imported_Wallet(self.storage) keys = keystore.get_private_keys(text) - good_inputs, bad_inputs = w.import_private_keys(keys, None) + good_inputs, bad_inputs = w.import_private_keys(keys, None, write_to_disk=False) self.keystores.append(w.keystore) else: return self.terminate() @@ -510,6 +510,7 @@ class BaseWizard(object): def on_password(self, password, *, encrypt_storage, storage_enc_version=STO_EV_USER_PW, encrypt_keystore): + assert not self.storage.file_exists(), "file was created too soon! plaintext keys might have been written to disk" self.storage.set_keystore_encryption(bool(password) and encrypt_keystore) if encrypt_storage: self.storage.set_password(password, enc_version=storage_enc_version) diff --git a/electrum/commands.py b/electrum/commands.py index 3acf79528..2192d992a 100644 --- a/electrum/commands.py +++ b/electrum/commands.py @@ -176,7 +176,7 @@ class Commands: storage.put('keystore', k.dump()) wallet = Imported_Wallet(storage) keys = keystore.get_private_keys(text) - good_inputs, bad_inputs = wallet.import_private_keys(keys, None) + good_inputs, bad_inputs = wallet.import_private_keys(keys, None, write_to_disk=False) # FIXME tell user about bad_inputs if not good_inputs: raise Exception("None of the given privkeys can be imported") @@ -191,6 +191,7 @@ class Commands: storage.put('wallet_type', 'standard') wallet = Wallet(storage) + assert not storage.file_exists(), "file was created too soon! plaintext keys might have been written to disk" wallet.update_password(old_pw=None, new_pw=password, encrypt_storage=encrypt_file) wallet.synchronize() diff --git a/electrum/wallet.py b/electrum/wallet.py index a14bf4f92..b38f441da 100644 --- a/electrum/wallet.py +++ b/electrum/wallet.py @@ -1379,8 +1379,8 @@ class Imported_Wallet(Simple_Wallet): def get_public_key(self, address): return self.addresses[address].get('pubkey') - def import_private_keys(self, keys: List[str], password: Optional[str]) -> Tuple[List[str], - List[Tuple[str, str]]]: + def import_private_keys(self, keys: List[str], password: Optional[str], + write_to_disk=True) -> Tuple[List[str], List[Tuple[str, str]]]: good_addr = [] # type: List[str] bad_keys = [] # type: List[Tuple[str, str]] for key in keys: @@ -1398,7 +1398,7 @@ class Imported_Wallet(Simple_Wallet): self.add_address(addr) self.save_keystore() self.save_addresses() - self.save_transactions(write=True) + self.save_transactions(write=write_to_disk) return good_addr, bad_keys def import_private_key(self, key: str, password: Optional[str]) -> str: