search

patractlabs / redspot

Redspot is an Substrate pallet-contracts (ink!) development environment. Compile your contracts and run them on a different networks. Redspot's core forks from Hardhat but changed a lot to suit substrate.
https://redspot.patract.io/
Other
67 stars 22 forks source link

add a getRandomSignerWithMnemonic function #72

Closed RoyTimes closed 3 years ago

RoyTimes commented 3 years ago

Hi,

I came into a use case that needs to grab both the signer and the mnemonic by getRandomSigner.

I hope this function naming fits your convention.

ii-ii-ii commented 3 years ago

hi, it is necessary to add the interface to get mnemonic. But it should not provide two getRandomSigner functions. I think we can add a getUri(): string | null method to Signer. The signer created by the uri can get its uri from getUri. The reason why we don't use mnemonic is because uri(https://polkadot.js.org/docs/keyring/start/suri/) is more generic in substrate.

RoyTimes commented 3 years ago

I'm open to that. Feel free to close.

To my defense: I have been digging into the source code of Polkadot.js and one thing to consider is that they seems to be reluctant to give access to privateKey in their Keypair API. They only give an encoded field when performing a toJson() by an unlocked keypair instance, which is not really documented how they performed the encryption on the privateKey to produce this field. I'm not sure if this is intentionally or not. To make it more messy, or if I'm understanding it wrong, keyring.addFromUri takes both a 256bits private key (which seems to be called MiniSecret by Parity) starting with an 0x or a mnemonic phrase but I have not figured out how the default derived path they use on a mnemonic phrase. Overall, a getUri is nice, but I'm worried if there are more nuance to it that's gonna complicate things and that's why I tried to add another getRandomSigner to pass on a one time seed phrase without having Signer class handling it.

ii-ii-ii commented 3 years ago

Yes, so it's a pain to get the private key.

I think polkadot.js does this for private key security. But redspot doesn't have to, because redspot is mostly tested and debugged locally, and only when it's deployed does it involve private key security.

At user deployment time, they can choose to generate their own keyringpair to pass to the config.networks.[production].accounts option. In this case, we do not know the user's uri and getUriwill return null.

RoyTimes commented 3 years ago

Yes, so it's a pain to get the private key.

I think polkadot.js does this for private key security. But redspot doesn't have to, because redspot is mostly tested and debugged locally, and only when it's deployed does it involve private key security.

Good point.

At user deployment time, they can choose to generate their own keyringpair to pass to the config.networks.[production].accounts option. In this case, we do not know the user's uri and getUriwill return null.

Talking about config.network. I wonder if you can add in more examples.

Generally, I'm backing getUri. Closing this now.