keyring's encrypted file backend integration

CHANGELOG.md

@@ -84,6 +84,7 @@ if the provided arguments are invalid.
 * (x/auth) [\#5006](https://github.com/cosmos/cosmos-sdk/pull/5006) The gas required to pass the `AnteHandler` has
 increased significantly due to modular `AnteHandler` support. Increase GasLimit accordingly.
 * (rest) [\#5336](https://github.com/cosmos/cosmos-sdk/issues/5336) `MsgEditValidator` uses `description` instead of `Description` as a JSON key.
+* (keys) [\#5097](https://github.com/cosmos/cosmos-sdk/pull/5097) Due to the keybase -> keyring transition, keys need to be migrated. See `keys migrate` command for more info.
 
 ### Features
 

client/config.go

@@ -75,7 +75,7 @@ func runConfigCmd(cmd *cobra.Command, args []string) error {
 	// get config value for a given key
 	if getAction {
 		switch key {
-		case "trace", "trust-node", "indent":
+		case "trace", "trust-node", "indent", "keyring-file":
 			fmt.Println(tree.GetDefault(key, false).(bool))
 
 		default:
@@ -101,7 +101,7 @@ func runConfigCmd(cmd *cobra.Command, args []string) error {
 	case "chain-id", "output", "node", "broadcast-mode":
 		tree.Set(key, value)
 
-	case "trace", "trust-node", "indent":
+	case "trace", "trust-node", "indent", "keyring-file":
 		boolVal, err := strconv.ParseBool(value)
 		if err != nil {
 			return err

client/flags/flags.go

@@ -54,6 +54,7 @@ const (
 	FlagRPCWriteTimeout    = "write-timeout"
 	FlagOutputDocument     = "output-document" // inspired by wget -O
 	FlagSkipConfirmation   = "yes"
+	FlagKeyringFile        = "keyring-file"
 )
 
 // LineBreak can be included in a command list to provide a blank line
@@ -99,6 +100,7 @@ func PostCommands(cmds ...*cobra.Command) []*cobra.Command {
 		c.Flags().Bool(FlagDryRun, false, "ignore the --gas flag and perform a simulation of a transaction, but don't broadcast it")
 		c.Flags().Bool(FlagGenerateOnly, false, "Build an unsigned transaction and write it to STDOUT (when enabled, the local Keybase is not accessible and the node operates offline)")
 		c.Flags().BoolP(FlagSkipConfirmation, "y", false, "Skip tx broadcasting prompt confirmation")
+		c.Flags().Bool(FlagKeyringFile, false, "Use the keyring's encrypted file backend")
 
 		// --gas can accept integers and "simulate"
 		c.Flags().Var(&GasFlagVar, "gas", fmt.Sprintf(
@@ -109,6 +111,7 @@ func PostCommands(cmds ...*cobra.Command) []*cobra.Command {
 		viper.BindPFlag(FlagTrustNode, c.Flags().Lookup(FlagTrustNode))
 		viper.BindPFlag(FlagUseLedger, c.Flags().Lookup(FlagUseLedger))
 		viper.BindPFlag(FlagNode, c.Flags().Lookup(FlagNode))
+		viper.BindPFlag(FlagKeyringFile, c.Flags().Lookup(FlagKeyringFile))
 
 		c.MarkFlagRequired(FlagChainID)
 	}

client/keys/add.go

@@ -72,6 +72,7 @@ the flag --nosort is set.
 	cmd.Flags().Uint32(flagAccount, 0, "Account number for HD derivation")
 	cmd.Flags().Uint32(flagIndex, 0, "Address index number for HD derivation")
 	cmd.Flags().Bool(flags.FlagIndentResponse, false, "Add indent to JSON response")
+	cmd.Flags().Bool(flags.FlagKeyringFile, false, "Use the keyring's encrypted file backend")
 	return cmd
 }
 

client/keys/delete.go

@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"errors"
 
+	"github.com/cosmos/cosmos-sdk/client/flags"
 	"github.com/cosmos/cosmos-sdk/client/input"
 	"github.com/cosmos/cosmos-sdk/crypto/keys"
 
@@ -34,6 +35,8 @@ private keys stored in a ledger device cannot be deleted with the CLI.
 		"Skip confirmation prompt when deleting offline or ledger key references")
 	cmd.Flags().BoolP(flagForce, "f", false,
 		"Remove the key unconditionally without asking for the passphrase")
+	cmd.Flags().Bool(flags.FlagKeyringFile, false,
+		"Use the keyring's encrypted file backend")
 	return cmd
 }
 

client/keys/export.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/spf13/cobra"
 
+	"github.com/cosmos/cosmos-sdk/client/flags"
 	"github.com/cosmos/cosmos-sdk/client/input"
 )
 
@@ -16,6 +17,7 @@ func exportKeyCommand() *cobra.Command {
 		Args:  cobra.ExactArgs(1),
 		RunE:  runExportCmd,
 	}
+	cmd.Flags().Bool(flags.FlagKeyringFile, false, "Use the keyring's encrypted file backend")
 	return cmd
 }
 

client/keys/import.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/spf13/cobra"
 
+	"github.com/cosmos/cosmos-sdk/client/flags"
 	"github.com/cosmos/cosmos-sdk/client/input"
 )
 
@@ -17,6 +18,7 @@ func importKeyCommand() *cobra.Command {
 		Args:  cobra.ExactArgs(2),
 		RunE:  runImportCmd,
 	}
+	cmd.Flags().Bool(flags.FlagKeyringFile, false, "Use the keyring's encrypted file backend")
 	return cmd
 }
 

client/keys/list.go

@@ -15,6 +15,7 @@ along with their associated name and address.`,
 		RunE: runListCmd,
 	}
 	cmd.Flags().Bool(flags.FlagIndentResponse, false, "Add indent to JSON response")
+	cmd.Flags().Bool(flags.FlagKeyringFile, false, "Use the keyring's encrypted file backend")
 	return cmd
 }
 

client/keys/migrate.go

@@ -29,6 +29,7 @@ The command asks for every passphrase. If the passphrase is incorrect, it skips
 		RunE: runMigrateCmd,
 	}
 
+	cmd.Flags().Bool(flags.FlagKeyringFile, false, "Use the keyring's encrypted file backend")
 	cmd.Flags().Bool(flags.FlagDryRun, false, "Do everything which is supposed to be done, but don't write any changes to the keyring.")
 	return cmd
 }

client/keys/show.go

@@ -49,6 +49,7 @@ consisting of all the keys provided by name and multisig threshold.`,
 	cmd.Flags().BoolP(FlagDevice, "d", false, "Output the address in a ledger device")
 	cmd.Flags().Uint(flagMultiSigThreshold, 1, "K out of N required signatures")
 	cmd.Flags().Bool(flags.FlagIndentResponse, false, "Add indent to JSON response")
+	cmd.Flags().Bool(flags.FlagKeyringFile, false, "Use the keyring's encrypted file backend")
 
 	return cmd
 }

client/keys/utils.go

@@ -53,6 +53,11 @@ func NewKeyringFromDir(rootDir string, input io.Reader) (keys.Keybase, error) {
 	if os.Getenv("COSMOS_SDK_TEST_KEYRING") != "" {
 		return keys.NewTestKeyring(sdk.GetConfig().GetKeyringServiceName(), rootDir)
 	}
+
+	if viper.GetBool(flags.FlagKeyringFile) {
+		return keys.NewKeyringFile(sdk.GetConfig().GetKeyringServiceName(), rootDir, input)
+	}
+
 	return keys.NewKeyring(sdk.GetConfig().GetKeyringServiceName(), rootDir, input)
 }
 

crypto/keys/keyring.go

@@ -26,6 +26,11 @@ import (
 	"github.com/cosmos/cosmos-sdk/types"
 )
 
+const (
+	keyringDirName     = "keyring"
+	testKeyringDirName = "keyring-test"
+)
+
 var _ Keybase = keyringKeybase{}
 
 // keyringKeybase implements the Keybase interface by using the Keyring library
@@ -47,6 +52,16 @@ func NewKeyring(name string, dir string, userInput io.Reader) (Keybase, error) {
 	return newKeyringKeybase(db), nil
 }
 
+// NewKeyringFile creates a new instance of an encrypted file-backed keyring.
+func NewKeyringFile(name string, dir string, userInput io.Reader) (Keybase, error) {
+	db, err := keyring.Open(newFileBackendKeyringConfig(name, dir, userInput))
+	if err != nil {
+		return nil, err
+	}
+
+	return newKeyringKeybase(db), nil
+}
+
 // NewTestKeyring creates a new instance of an on-disk keyring for
 // testing purposes that does not prompt users for password.
 func NewTestKeyring(name string, dir string) (Keybase, error) {
@@ -458,12 +473,30 @@ func lkbToKeyringConfig(name, dir string, buf io.Reader, test bool) keyring.Conf
 		return keyring.Config{
 			AllowedBackends:  []keyring.BackendType{"file"},
 			ServiceName:      name,
-			FileDir:          dir,
+			FileDir:          filepath.Join(dir, testKeyringDirName),
 			FilePasswordFunc: fakePrompt,
 		}
 	}
 
-	realPrompt := func(prompt string) (string, error) {
+	return keyring.Config{
+		ServiceName:      name,
+		FileDir:          dir,
+		FilePasswordFunc: newRealPrompt(dir, buf),
+	}
+}
+
+func newFileBackendKeyringConfig(name, dir string, buf io.Reader) keyring.Config {
+	fileDir := filepath.Join(dir, keyringDirName)
+	return keyring.Config{
+		AllowedBackends:  []keyring.BackendType{"file"},
+		ServiceName:      name,
+		FileDir:          fileDir,
+		FilePasswordFunc: newRealPrompt(fileDir, buf),
+	}
+}
+
+func newRealPrompt(dir string, buf io.Reader) func(string) (string, error) {
+	return func(prompt string) (string, error) {
 		keyhashStored := false
 		keyhashFilePath := filepath.Join(dir, "keyhash")
 
@@ -532,12 +565,6 @@ func lkbToKeyringConfig(name, dir string, buf io.Reader, test bool) keyring.Conf
 			return pass, nil
 		}
 	}
-
-	return keyring.Config{
-		ServiceName:      name,
-		FileDir:          dir,
-		FilePasswordFunc: realPrompt,
-	}
 }
 
 func fakePrompt(prompt string) (string, error) {