mint: add seed decrypt (#403)

* mint: add seed decrypt * add mint seed decryoption and migration tool
2026-02-10 11:14:20 +01:00 · 2024-02-05 16:22:53 +01:00
parent 30b6e8aa56
commit e02e4bbf49
11 changed files with 465 additions and 35 deletions
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -38,6 +38,7 @@ settings.mint_database = "./test_data/test_mint"
 settings.mint_derivation_path = "m/0'/0'/0'"
 settings.mint_derivation_path_list = []
 settings.mint_private_key = "TEST_PRIVATE_KEY"
+settings.mint_seed_decryption_key = ""
 settings.mint_max_balance = 0

 assert "test" in settings.cashu_dir
--- a/tests/test_mint_init.py
+++ b/tests/test_mint_init.py
@@ -0,0 +1,98 @@
+from typing import List
+
+import pytest
+
+from cashu.core.base import Proof
+from cashu.core.crypto.aes import AESCipher
+from cashu.core.db import Database
+from cashu.core.settings import settings
+from cashu.mint.crud import LedgerCrudSqlite
+from cashu.mint.ledger import Ledger
+
+SEED = "TEST_PRIVATE_KEY"
+DERIVATION_PATH = "m/0'/0'/0'"
+DECRYPTON_KEY = "testdecryptionkey"
+ENCRYPTED_SEED = "U2FsdGVkX1_7UU_-nVBMBWDy_9yDu4KeYb7MH8cJTYQGD4RWl82PALH8j-HKzTrI"
+
+
+async def assert_err(f, msg):
+    """Compute f() and expect an error message 'msg'."""
+    try:
+        await f
+    except Exception as exc:
+        assert exc.args[0] == msg, Exception(
+            f"Expected error: {msg}, got: {exc.args[0]}"
+        )
+
+
+def assert_amt(proofs: List[Proof], expected: int):
+    """Assert amounts the proofs contain."""
+    assert [p.amount for p in proofs] == expected
+
+
+@pytest.mark.asyncio
+async def test_ledger_encrypt():
+    aes = AESCipher(DECRYPTON_KEY)
+    encrypted = aes.encrypt(SEED.encode())
+    assert aes.decrypt(encrypted) == SEED
+
+
+@pytest.mark.asyncio
+async def test_ledger_decrypt():
+    aes = AESCipher(DECRYPTON_KEY)
+    assert aes.decrypt(ENCRYPTED_SEED) == SEED
+
+
+@pytest.mark.asyncio
+async def test_decrypt_seed():
+    ledger = Ledger(
+        db=Database("mint", settings.mint_database),
+        seed=SEED,
+        seed_decryption_key=None,
+        derivation_path=DERIVATION_PATH,
+        backends={},
+        crud=LedgerCrudSqlite(),
+    )
+    await ledger.init_keysets()
+    assert ledger.keyset.seed == SEED
+    private_key_1 = (
+        ledger.keysets[list(ledger.keysets.keys())[0]].private_keys[1].serialize()
+    )
+    assert (
+        private_key_1
+        == "8300050453f08e6ead1296bb864e905bd46761beed22b81110fae0751d84604d"
+    )
+    pubkeys = ledger.keysets[list(ledger.keysets.keys())[0]].public_keys
+    assert pubkeys
+    assert (
+        pubkeys[1].serialize().hex()
+        == "02194603ffa36356f4a56b7df9371fc3192472351453ec7398b8da8117e7c3e104"
+    )
+
+    ledger_encrypted = Ledger(
+        db=Database("mint", settings.mint_database),
+        seed=ENCRYPTED_SEED,
+        seed_decryption_key=DECRYPTON_KEY,
+        derivation_path=DERIVATION_PATH,
+        backends={},
+        crud=LedgerCrudSqlite(),
+    )
+    await ledger_encrypted.init_keysets()
+    assert ledger_encrypted.keyset.seed == SEED
+    private_key_1 = (
+        ledger_encrypted.keysets[list(ledger_encrypted.keysets.keys())[0]]
+        .private_keys[1]
+        .serialize()
+    )
+    assert (
+        private_key_1
+        == "8300050453f08e6ead1296bb864e905bd46761beed22b81110fae0751d84604d"
+    )
+    pubkeys_encrypted = ledger_encrypted.keysets[
+        list(ledger_encrypted.keysets.keys())[0]
+    ].public_keys
+    assert pubkeys_encrypted
+    assert (
+        pubkeys_encrypted[1].serialize().hex()
+        == "02194603ffa36356f4a56b7df9371fc3192472351453ec7398b8da8117e7c3e104"
+    )
--- a/tests/test_mint_keysets.py
+++ b/tests/test_mint_keysets.py
@@ -2,9 +2,7 @@ import pytest

 from cashu.core.base import MintKeyset
 from cashu.core.settings import settings
-
-SEED = "TEST_PRIVATE_KEY"
-DERIVATION_PATH = "m/0'/0'/0'"
+from tests.test_mint_init import DECRYPTON_KEY, DERIVATION_PATH, ENCRYPTED_SEED, SEED


 async def assert_err(f, msg):
@@ -55,3 +53,21 @@ async def test_keyset_0_11_0():
        == "026b714529f157d4c3de5a93e3a67618475711889b6434a497ae6ad8ace6682120"
    )
    assert keyset.id == "Zkdws9zWxNc4"
+
+
+@pytest.mark.asyncio
+async def test_keyset_0_15_0_encrypted():
+    settings.mint_seed_decryption_key = DECRYPTON_KEY
+    keyset = MintKeyset(
+        encrypted_seed=ENCRYPTED_SEED,
+        derivation_path=DERIVATION_PATH,
+        version="0.15.0",
+    )
+    assert len(keyset.public_keys_hex) == settings.max_order
+    assert keyset.seed == "TEST_PRIVATE_KEY"
+    assert keyset.derivation_path == "m/0'/0'/0'"
+    assert (
+        keyset.public_keys_hex[1]
+        == "02194603ffa36356f4a56b7df9371fc3192472351453ec7398b8da8117e7c3e104"
+    )
+    assert keyset.id == "009a1f293253e41e"