feat: add script to reencrypt wallet with v2 encryption#9204
Draft
bdesoky wants to merge 1 commit into
Draft
Conversation
Contributor
00ed82a to
567bcdf
Compare
567bcdf to
a30b584
Compare
vmccarty
previously approved these changes
Jul 9, 2026
vmccarty
reviewed
Jul 9, 2026
| console.log(`Wallet: ${wallet.label()} (${walletId})`); | ||
|
|
||
| // Fetch passcodeEncryptionCode — required to decrypt Box D and to generate Box D in the new keycard. | ||
| // Skipped in dry-run if not provided, since no keycard is produced anyway. |
Contributor
There was a problem hiding this comment.
What's a dry run? Just like a test? Will this be something the client developers already have some frame of reference for, or does this need some kind of explanation somewhere?
Contributor
Author
There was a problem hiding this comment.
I actually updated this so that it isnt skipped in dry-run when boxD is provided but forgot to push the change 😅
A dry run will attempt the decrypt + reencrypt but wont update anything in the backend. Just a way to test that the passphrase/boxD work properly
a30b584 to
db796c3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ticket: WCN-174
This pull request introduces significant enhancements to the wallet encryption upgrade process and improves compatibility for PDF keycard generation in Node.js environments. The main changes include adding a new script to automate wallet keychain re-encryption and updating the keycard drawing utilities to support server-side (Node.js) usage.
Key changes:
1. New Wallet Encryption Upgrade Script
scripts/upgrade-wallet-encryption.ts, a comprehensive CLI tool to upgrade wallet keychains from v1 (SJCL/PBKDF2-SHA256 + AES-256-CCM) to v2 (Argon2id + AES-256-GCM) encryption, with support for regenerating the keycard PDF and handling various edge cases (e.g., changed passphrases, legacy backups).2. Node.js Compatibility for Keycard PDF Generation
drawKeycardand related functions inmodules/key-card/src/drawKeycard.tsto detect Node.js environments and handle image and QR code rendering appropriately (e.g., using base64 data URLs instead of DOM elements). [1] [2] [3]HTMLCanvasElementand base64 string inputs, ensuring PDF generation works in both browser and Node.js contexts. [1] [2]These changes ensure that wallet upgrades and keycard regeneration can be performed reliably in automated or server-side workflows, improving maintainability and operational flexibility.