[x] Make it build.
[x] Add to CI
[x] Upload to CHaP

• add support ghc 8.0 to 8.4-alpha2
• generate stack.yaml based on it
• Add a target per flags

Here:
https://github.com/input-output-hk/cardano-crypto/blob/master/tests/goldens/cardano/crypto/wallet/BIP39-128#L5

It looks that private key is not correct.

Hi! Would be nice if there was some docs for this lib :)

• We are looking into transpiling cardano-crypto to JavaScript / WASM
• External bindings to C libraries can be an impediment, especially openssl
• Crypto.ECC.P256 depends on OpenSSL
• This module isn't used nor needed anymore and can be removed.

Ib cardano we have next methods

Generate extended public key from private key
toXPub :: HasCallStack => XPrv -> XPub
toXPub (XPrv ekey) = XPub pub (ChainCode cc)
  where (_,r)     = B.splitAt 64 $ convert ekey
        (pub, cc) = B.splitAt 32 r

Return the Ed25519 public key associated with a XPub context
xPubGetPublicKey :: XPub -> Ed25519.PublicKey
xPubGetPublicKey (XPub pub _) =
    throwCryptoError $ Ed25519.publicKey pub

How can we get Ed25519.SecretKey from XPrv ?
Ed25519.SecretKey expects 32 bytes, how to map first XPriv 64 bytes to Ed25519.SecretKey ?

• investigate the right construction: potential candidate already suggested
• make sure it's portable to windows

split into subdirectories with the following:

• prim: ECC, BIP39, BIPXXX
• paper-wallet:
• hdwallet:
• praos

Adapt to Cardano and implement https://eips.ethereum.org/EIPS/eip-3267

It is, by the way, good for the claimed purpose to support science.

Hi, I have a question about implementation of wallet_encrypted_derive_private() in encrypted_sign.c.
https://github.com/input-output-hk/cardano-crypto/blob/04c211d7f9504b04eb6595cab62eb39a573467f1/cbits/encrypted_sign.c#L308-L360

As fas as I know, your code is the implementation of slip-0023. Child key derivation of slip0023 follows BIP32-Ed25519 (ieee, google docs) that have a condition of discarding child "if kL is divisible by the base order n".
But I can't find them in the method. I want to know whether the condition is exist or not.

Setup

stack ghci --test cardano-crypto:cardano-crypto-test

import Cardano.Crypto.Wallet.Encrypted
:set -XOverloadedStrings
import qualified Data.ByteString as BS
bytes = "(\134\242|I\141L\EM\NUL\128\173\252q\191\172\167>f \218\222\167.\136\DC4\216\191\253r8cD8&I\STX;\185&\177\172E\241\185\241\157\226\r\163+\EM\GS\232-\188\250[E^N\129J\158\STX\134\188!\241\DLEzt\222\199\247U\143\ETB\128,\226Q\"\230\234\"\191\177\250\230\167\n\214X\244z\\" :: BS.ByteString
pwd = "" :: BS.ByteString

Oddness 1

BS.take 1 on input does not affect output:

λ> k1 = unEncryptedKey $ encryptedCreateDirectWithTweak bytes pwd
λ> k2 = unEncryptedKey $ encryptedCreateDirectWithTweak (BS.take 1 bytes) pwd
λ> k1 == k2
True -- 🧐

Oddness 2

BS.take 0 on input causes SIGSEGV.

λ> unEncryptedKey $ encryptedCreateDirectWithTweak (BS.take 0 bytes) pwd
"fish: 'stack ghci --test cardano-crypt…' terminated by signal SIGSEGV (Address boundary error)

Comment

It is mentioned in the doc-comment that the input must be 96 bytes long. Are these findings as expected?
https://github.com/input-output-hk/cardano-crypto/blob/3c5db489c71a4d70ee43f5f9b979fcde3c797f2a/src/Cardano/Crypto/Wallet/Encrypted.hs#L95-L96

Hello guys, where can I find these BIP32 data (xpriv, xpub) for Cardano (yoroi wallet)

bitcoin: {
    messagePrefix: '\x18Bitcoin Signed Message:\n',
    bech32: 'bc',
    bip32: {
      public: 0x0488b21e,
      private: 0x0488ade4
    },
    pubKeyHash: 0x00,
    scriptHash: 0x05,
    wif: 0x80
  }

https://github.com/satoshilabs/slips/blob/master/slip-0132.md
https://cardanolaunch.com/assets/Ed25519_BIP.pdf
https://bitcoin.stackexchange.com/questions/28380/i-want-to-generate-a-bip32-version-number-for-namecoin-and-other-altcoins
Thanks

Hello,

Where can I find documentation for how a private key is generated + what it involves?

I tried looking at: https://github.com/input-output-hk/cardano-sl/blob/master/wallet/src/Pos/Wallet/Aeson/WalletBackup.hs

Example:

"In Bitcoin, a private key is a 256-bit number, which can be represented one of several ways. Here is a private key in hexadecimal - 256 bits in hexadecimal is 32 bytes, or 64 characters in the range 0-9 or A-F. " from https://en.bitcoin.it/wiki/Private_key

I want to generate a private key by coin flipping so I need to understand how this works.

This repo has been marked as core tech and is part of initiative of repo preparation, part of this includes adding needed missing documentation.
This repo in particular needs:
-Include a High Level 2 Sentence Description for purpose of Repo
-Explain how to make a contribution (Contributing MD)
-Include the Standard Code of Conduct
-Identify the Core Maintainers

test

Context

We run both cardano-wallet and cardano-explorer on one Ubuntu server. We execute API calls against the wallet to generate new transactions. A few transactions (on daily basis) won't end up in the Blockchain.
Transaction has been generated but stays at:

"confirmations": 0,

We do pay enough fee and we do have enough funds. I used cli-command curl -X GET http://localhost:8090/api/v1/transactions?id={{txid}} | jq . to get the json response which contains the 0 confirmations line.

Steps to Reproduce

1. Executed a new order with the same amount and it'll pass

Expected behavior

The transaction will end up in the Cardano Blockchain

Actual behavior

The confirmations stays at zero.

Resolution Plan

PR

QA

The cryptonite library has a function

generateSecretKey :: MonadRandom m => m SecretKey

https://hackage.haskell.org/package/cryptonite-0.25/docs/Crypto-PubKey-Ed25519.html#v:generateSecretKey

This would be good to have in Crypto.ECC.Ed25519Donna.

allow curve parametrization for point/scalar

• HMAC
• PBKDF2
• Scrypt

I believe many of the encryption operations that are being done in memory could reach the disk if any wallet/node uses any encryption function whilst having a full memory. This would result in passphrases and private keys reaching swap files on disk, making it possible to access them.

Some of the affected functions include: generateNew , xPrvChangePass in Wallet.hs and encryptedKey,encryptedCreate,encryptedCreateDirectWithTweak,encryptedChangePass,encryptedSign in Encrypted.hs

In summary ensuring that encryption functions are done in memory will avoid the posibility of passphrases/keys being leaked into the disk and therefore susceptible to be stolen. A possible solution would be using mlock in unix and VirtualLock in Win32, which locks some memory space and ensures that some operations will always be executed in memory.