Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wallet menmonic using --interactive flag provides a different wallet in Keplr than in CLI #2674

Closed
4 tasks
mindstyle85 opened this issue Oct 12, 2023 · 13 comments
Closed
4 tasks

wallet menmonic using --interactive flag provides a different wallet in Keplr than in CLI #2674

mindstyle85 opened this issue Oct 12, 2023 · 13 comments
Labels
bug Something isn't working

Comments

@mindstyle85
Copy link

Summary of Bug

see steps below

Version

v1.0.0

Steps to Reproduce

pops@val01-tia-t:~$ celestia-appd keys add testwallet --interactive

Enter your bip39 mnemonic, or hit enter to generate one.
password
Error: invalid mnemonic
pops@val01-tia-t:~$ celestia-appd keys add testwallet --interactive
Enter your bip39 mnemonic, or hit enter to generate one.

Enter your bip39 passphrase. This is combined with the mnemonic to derive the seed. Most users should just hit enter to use the default, ""
password
Repeat the passphrase:
password

  • address: celestia18fm7nzu5caj9wr6f5m020xyqgpptd8s6555j9g
    name: testwallet
    pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A4VmeJdqxmqEJ6fYrtAUeNdpQwQqjpkNxTkqMVq4H3e4"}'
    type: local

Important write this mnemonic phrase in a safe place.
It is the only way to recover your account if you ever forget your password.

polar window arena rigid cable inch wife slide leave segment fortune shift enlist museum garbage spring price better garbage sketch noise harbor kick inhale

Now if you try to import this seed phrase into keplr, the address you get is: celestia16ncc9l58elkce7nlz3msztlc8xvyczrsaevlnf

I am guessing something is different with the derivation path if --interactive flag is used. If you dont use the flag, the address imported into Keplr is the same.

For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged
  • Contributor assigned/self-assigned
@mindstyle85 mindstyle85 added the bug Something isn't working label Oct 12, 2023
@evan-forbes
Copy link
Member

we use the default cosmos-sdk keyring sub command, so I think we might want to bubble this up to the sdk. I also don't know how keplr works, should we expect both to handle mnemonics identically?

@mindstyle85
Copy link
Author

i think so, afaik @rootulp asked me that at some point if i remember correctly

but this is an issue for sure, especially since without the --interactive flag the address is the same on CLI and Keplr, and if youre using the flag, then it isnt, which might confuse people

ideally it should derive the same address on both

@evan-forbes
Copy link
Member

I actually failed to recreate this bug, was there a password added during the interactive portion?

@JB273
Copy link

JB273 commented Oct 12, 2023

Yes, the password is not empty, didn't try that though...

@mindstyle85
Copy link
Author

mindstyle85 commented Oct 12, 2023 via email

@evan-forbes
Copy link
Member

just going off the promp

Enter your bip39 passphrase. This is combined with the mnemonic to derive the seed. Most users should just hit enter to use the default, ""

if its being combined with the mnenomic, then we should actually expect the address to change. For me at least, when I didn't use a passphrase the address was the same using interactive mode and the latest version of keplr

@JB273
Copy link

JB273 commented Oct 12, 2023
edited
Loading

Interesting, but for "normal" users it's not clear what this means I guess...
On the other hand, maybe we should defer "normal" users to the Keplr or Cosmostaion wallets by default and not using the CLI.

we use the default cosmos-sdk keyring sub command, so I think we might want to bubble this up to the sdk. I also don't know how keplr works, should we expect both to handle mnemonics identically?

@evan-forbes Are you expecting changing to the SDK will solve this behavior?

@mindstyle85
Copy link
Author

hmm i guess it makes sense but its still weird.. maybe it has something to do with the keyring test?

reason is, in no other tendermint chain have we come accross this, and we use custom passphrases on all those.. but if we restore that wallet to keplr it just shows the same address as in the CLI always

@evan-forbes
Copy link
Member

Are you expecting changing to the SDK will solve this behavior?

I just think the ideal place to fix bugs is upstream, especially when we're using the stock version and would prefer to keep it that way to avoid any other weird bugs.

maybe it has something to do with the keyring test?

could be yeah, we should try.

although I don't think this is a bug any longer, so if you agree, please close this 🙂

having a mnemonic and adding a password does actually have its benefits. Mainly that we can store the mnemonic offline (eg on paper) in a safer way, since we're probably not encrypting it if we're writing it on paper. This way, I only have to remember the password and store themnemonic on paper. If someone gets the mnemonic, they still can't get the privkey without also knowing the password.

@klaus993
Copy link

Hello! I'm the one that reported this on Discord.

I actually happened to put the wallet address that the CLI gave me in the genesis airdrop. Then tried to import this wallet on Keplr/Leap and received a different address (and wasn't prompted for the password when importing). So I thought this was weird and went to Discord.

Thanks to everyone that commented. I admit I went full dumb when going for this airdrop. I googled how to create a Celestia wallet and clicked the first link everything gave me, and ended up on this document https://docs.celestia.org/developers/celestia-app-wallet/. When prompted for a password, I thought "why not?" and set one up. I backed up mnemonic phrase + password of course.

I think I fully qualify as a "normal" user, I actually work on software but I'm pretty new to crypto, so there's a lot of stuff I don't understand completely.

After reading all the comments, let me know if I understood correctly:

  1. Having a mnemonic phrase AND a password actually means that the wallet "recovery key" is the mnemonic phrase encrypted using the password as an encryption passphrase, so the actual "recovery key" is not the mnemonic phrase itself, but the encrypted phrase
  2. When importing the wallet on a wallet service (Keplr/Leap), as I'm not being asked for the password, the wallet is recovered using only the mnemonic phrase, thus the wallet address produced is different

The stuff I don't fully understand:

  • why am I able to import the wallet if the actual "recovery key" is the encrypted mnemonic phrase and not the phrase alone?
  • is the imported wallet on Keplr effectively the same wallet than the one I can manage on the CLI?
  • even if the wallet address is different, if I transfer funds to any of the two addresses, will the coins show up on both CLI and Keplr/Leap?

Also let me know if these questions are to be answered in another channel. Maybe this issue is not the one for it.

Thanks everyone ❤️

@mindstyle85
Copy link
Author

@klaus993 those questions would be better for Discord than this issue, but here you go:

  1. yes the mnemonic is additionally encrypted with a passphrase
  2. you are able to recover A wallet, because each 12 or 24 word length seed will derive some address out
  3. the imported wallet to Keplr in this case is not the same wallet at all, so transferring coins to one wont mean those coins are also on the other
  4. i would imagine there is a way to decrypt it with that passphrase, but im guessing that has to be done in CLI rather than Keplr

@evan-forbes so i did some more testing and the weird thing is, if we go the --interactive rout and we hit enter on first step for mnemonic, then enter again at the step where it asks for a passphrase for mnemonic (not the actualy keyring), it just skips the keyring passphrase, which means the wallet is not protected by a passphrase at all. This seems weird to me, as then there is no way to just protect the keystore with a passphrase without also enrypting the seed, which i have also not seen elsewhere yet..

And yes its not a bug it seems but i guess still better to discuss this here? i am sure people like Klaus above and others will have lots of issues with this.

@JB273
Copy link

JB273 commented Oct 13, 2023

I have test again with the same options and it works as expected, giving a passphrase is adding a 25th word for extra security, but Keplr doesn't support this, so best is to use no password or without the -i or --interactive flag to prevent this.

@mindstyle85
Copy link
Author

Ok so my understanding now is this:

if you use --interactive flag and add password to it (for the account itself, not the keyring), you will have a 25th word for your mnemonic, which Keplr does not support. I havent checked that in detail on other chains, but it seems in this case, you can at least export the address private key and import that one into Keplr to get the right one.

If anyone wants to reopen feel free to do it, closing it for now.

@rootulp rootulp mentioned this issue Feb 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@klaus993 @evan-forbes @JB273 @mindstyle85