feat: add script to reencrypt wallet with v2 encryption#9204
Conversation
00ed82a to
567bcdf
Compare
567bcdf to
a30b584
Compare
| console.log(`Wallet: ${wallet.label()} (${walletId})`); | ||
|
|
||
| // Fetch passcodeEncryptionCode — required to decrypt Box D and to generate Box D in the new keycard. | ||
| // Skipped in dry-run if not provided, since no keycard is produced anyway. |
There was a problem hiding this comment.
What's a dry run? Just like a test? Will this be something the client developers already have some frame of reference for, or does this need some kind of explanation somewhere?
There was a problem hiding this comment.
I actually updated this so that it isnt skipped in dry-run when boxD is provided but forgot to push the change 😅
A dry run will attempt the decrypt + reencrypt but wont update anything in the backend. Just a way to test that the passphrase/boxD work properly
a30b584 to
db796c3
Compare
db796c3 to
4d55f08
Compare
4d55f08 to
ab75384
Compare
There was a problem hiding this comment.
this belongs in a different PR
| // SJCL envelopes have no "v" field or v=1 | ||
| if (!envelope.v || envelope.v === 1) return 1; | ||
| } catch { | ||
| // not JSON |
There was a problem hiding this comment.
don't we want to about this condition?
| 'passcoderecovery endpoint did not return a passcodeEncryptionCode — pass --passcodeEncryptionCode manually' | ||
| ); | ||
| } | ||
| return recoveryInfo.passcodeEncryptionCode as string; |
There was a problem hiding this comment.
don't cast, validate
| * jsPDF reads `.src` in Node.js; computeKeyCardImageDimensions reads `.width`/`.height`. | ||
| * This replicates what the BitGo UI does before calling drawKeycard. | ||
| */ | ||
| async function loadKeycardImage(url: string): Promise<HTMLImageElement | undefined> { |
There was a problem hiding this comment.
why are you silently suppressing all errors?
| const args = process.argv.slice(2); | ||
| const get = (flag: string): string | undefined => { | ||
| const idx = args.indexOf(flag); | ||
| return idx !== -1 ? args[idx + 1] : undefined; | ||
| }; | ||
|
|
||
| const env = (get('--env') ?? 'test') as EnvironmentName; | ||
| const coin = get('--coin'); | ||
| const walletId = get('--walletId'); | ||
| const passphrase = get('--passphrase'); | ||
| const accessToken = get('--accessToken'); | ||
| const otp = get('--otp'); | ||
| const boxD = get('--boxD'); | ||
| const boxA = get('--boxA'); | ||
| const boxB = get('--boxB'); | ||
| const passcodeEncryptionCode = get('--passcodeEncryptionCode'); | ||
| const dryRun = args.includes('--dry-run'); |
There was a problem hiding this comment.
use a real option parser, I believe we typically use yargs
| // Main | ||
| // --------------------------------------------------------------------------- | ||
|
|
||
| async function main() { |
There was a problem hiding this comment.
this is long and complicated enough that it deserves to be in modules/ properly, with a test
maybe even in modules/key-card/
Ticket: WCN-174
This pull request introduces significant enhancements to the wallet encryption upgrade process and improves compatibility for PDF keycard generation in Node.js environments. The main changes include adding a new script to automate wallet keychain re-encryption and updating the keycard drawing utilities to support server-side (Node.js) usage.
Key changes:
1. New Wallet Encryption Upgrade Script
scripts/upgrade-wallet-encryption.ts, a comprehensive CLI tool to upgrade wallet keychains from v1 (SJCL/PBKDF2-SHA256 + AES-256-CCM) to v2 (Argon2id + AES-256-GCM) encryption, with support for regenerating the keycard PDF and handling various edge cases (e.g., changed passphrases, legacy backups).2. Node.js Compatibility for Keycard PDF Generation
drawKeycardand related functions inmodules/key-card/src/drawKeycard.tsto detect Node.js environments and handle image and QR code rendering appropriately (e.g., using base64 data URLs instead of DOM elements). [1] [2] [3]HTMLCanvasElementand base64 string inputs, ensuring PDF generation works in both browser and Node.js contexts. [1] [2]These changes ensure that wallet upgrades and keycard regeneration can be performed reliably in automated or server-side workflows, improving maintainability and operational flexibility.