Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Piping password for masterseed errors OEF #24352

Closed
waifro opened this issue Feb 7, 2022 · 5 comments
Closed

Piping password for masterseed errors OEF #24352

waifro opened this issue Feb 7, 2022 · 5 comments
Labels
status:triage type:bug

Comments

@waifro
Copy link

waifro commented Feb 7, 2022
edited
Loading

similar issue of #21086 referencing to pull request #20960

System information

Ubuntu Server 20.04.3 LTS | amd64
geth version: 1.10.15-stable

Expected behaviour

When piping with different ways the password, it should start operating and decrypt the Master seed.

Actual behaviour

When piping with different ways the password, it prompts error Failed to read password error: EOF

Steps to reproduce the behaviour

for sake of request here's few of the multiple ways i tried but without success.

  • { echo "ok"; echo "password123"; } | clef
  • echo "ok\npassword123" | clef
  • { echo "ok"; echo "password123"; } | clef
  • echo "password123" | clef --stdio-ui
    ( about the stdio-ui lacks of documentation, so i dont know how it should work. )
@waifro waifro added the type:bug label Feb 7, 2022
@holiman
Copy link
Contributor

holiman commented Feb 10, 2022

You should not use stdio-ui, unless you want to speak json-rpc with it. Try echo "password123" | clef --suppress-bootwarn for your usecase. I think the case where you pipe two things like that doesn't work like you expect it to

@waifro
Copy link
Author

waifro commented Feb 10, 2022

Testing now with echo "password123" | clef --suppress-bootwarn as you requested, seems to be working.
Correct me if im wrong, but from a totally not-an-expert view, suppressing warnings isn't a fix, isn't it?

@holiman
Copy link
Contributor

holiman commented Feb 10, 2022

It's not suppressing warnings in general, it just squelches the initial boot-up message/warning.
From a security PoW though, it's piping passwords is usually not great, and typically means you're doing something that might not be very secure.
For programmatical interactions, e.g. if someone wants to build a nice UI for clef, it's better to use stdio-ui than trying to do interactions with json instead of the cli meant for humans.

@holiman
Copy link
Contributor

holiman commented Feb 10, 2022

about the stdio-ui lacks of documentation

Docs here:
https://github.com/ethereum/go-ethereum/tree/master/cmd/clef#ui-api

Changelog here:
https://github.com/ethereum/go-ethereum/blob/master/cmd/clef/intapi_changelog.md

@waifro
Copy link
Author

waifro commented Feb 10, 2022

thankyou very much for the explanation. Since i couldn't find any source redirecting to the JSON-RPC (specially for the stdio-ui), i was looking for alternatives or more specifically, a secure way to unlock the masterseed. With the JSON-RPC looks good for my needs.

Thankyou again ^^

@holiman holiman closed this as completed Feb 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status:triage type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ligi @holiman @waifro