tiero
commented
3 years ago I think we shoudl use the same InitWallet so we have a single password for both
Closed sekulicd closed 3 years ago
tiero
commented
3 years ago I think we shoudl use the same InitWallet so we have a single password for both
altafan
commented
3 years ago I think we shoudl use the same InitWallet so we have a single password for both
This is not possible because the generation of the macaroons is done when starting the daemon. Also, the user would need to use the admin or operator macaroon to be able to call wallet's RPCs like InitWallet.
The root key encrypt must be provided at start time. It could even be an ephemeral random one, but not sure if this is the best choice. I'll take a look at how LND designed this, but I guess they might have used the same password they ask the user for locking/unlocking the db.
altafan
commented
3 years ago but I guess they might have used the same password they ask the user for locking/unlocking the db.
It's exactly how I supposed.
By looking at the ChangePassword RPC (which is something similar to our Wallet/ChangePassword), they use the same password for locking/unlocking the DB and for encrypting the macaroons.
Shal we add an env var at this point? We could add something in the readme to suggest cleaning the var once the daemon is up and running, eventually.
tiero
commented
3 years ago This is not possible because the generation of the macaroons is done when starting the daemon. Also, the user would need to use the admin or operator macaroon to be able to call wallet's RPCs like InitWallet.
We can "delay" the creation of the root macaroon after wallet initialization. genseed and initwallet are indeed unprotected, since are needed to be called the first time anyway.
Currently password, used for encryption of macaroon root key, is fetched from config as default value. Create RPC methods to pass password and block calling other RPC methods until user provides key.