mint: add seed decrypt (#403)

* mint: add seed decrypt * add mint seed decryoption and migration tool
2025-12-20 10:34:20 +01:00 · 2024-02-05 16:22:53 +01:00
parent 30b6e8aa56
commit e02e4bbf49
11 changed files with 465 additions and 35 deletions
--- a/tests/test_mint_init.py
+++ b/tests/test_mint_init.py
@@ -0,0 +1,98 @@
+from typing import List
+
+import pytest
+
+from cashu.core.base import Proof
+from cashu.core.crypto.aes import AESCipher
+from cashu.core.db import Database
+from cashu.core.settings import settings
+from cashu.mint.crud import LedgerCrudSqlite
+from cashu.mint.ledger import Ledger
+
+SEED = "TEST_PRIVATE_KEY"
+DERIVATION_PATH = "m/0'/0'/0'"
+DECRYPTON_KEY = "testdecryptionkey"
+ENCRYPTED_SEED = "U2FsdGVkX1_7UU_-nVBMBWDy_9yDu4KeYb7MH8cJTYQGD4RWl82PALH8j-HKzTrI"
+
+
+async def assert_err(f, msg):
+    """Compute f() and expect an error message 'msg'."""
+    try:
+        await f
+    except Exception as exc:
+        assert exc.args[0] == msg, Exception(
+            f"Expected error: {msg}, got: {exc.args[0]}"
+        )
+
+
+def assert_amt(proofs: List[Proof], expected: int):
+    """Assert amounts the proofs contain."""
+    assert [p.amount for p in proofs] == expected
+
+
+@pytest.mark.asyncio
+async def test_ledger_encrypt():
+    aes = AESCipher(DECRYPTON_KEY)
+    encrypted = aes.encrypt(SEED.encode())
+    assert aes.decrypt(encrypted) == SEED
+
+
+@pytest.mark.asyncio
+async def test_ledger_decrypt():
+    aes = AESCipher(DECRYPTON_KEY)
+    assert aes.decrypt(ENCRYPTED_SEED) == SEED
+
+
+@pytest.mark.asyncio
+async def test_decrypt_seed():
+    ledger = Ledger(
+        db=Database("mint", settings.mint_database),
+        seed=SEED,
+        seed_decryption_key=None,
+        derivation_path=DERIVATION_PATH,
+        backends={},
+        crud=LedgerCrudSqlite(),
+    )
+    await ledger.init_keysets()
+    assert ledger.keyset.seed == SEED
+    private_key_1 = (
+        ledger.keysets[list(ledger.keysets.keys())[0]].private_keys[1].serialize()
+    )
+    assert (
+        private_key_1
+        == "8300050453f08e6ead1296bb864e905bd46761beed22b81110fae0751d84604d"
+    )
+    pubkeys = ledger.keysets[list(ledger.keysets.keys())[0]].public_keys
+    assert pubkeys
+    assert (
+        pubkeys[1].serialize().hex()
+        == "02194603ffa36356f4a56b7df9371fc3192472351453ec7398b8da8117e7c3e104"
+    )
+
+    ledger_encrypted = Ledger(
+        db=Database("mint", settings.mint_database),
+        seed=ENCRYPTED_SEED,
+        seed_decryption_key=DECRYPTON_KEY,
+        derivation_path=DERIVATION_PATH,
+        backends={},
+        crud=LedgerCrudSqlite(),
+    )
+    await ledger_encrypted.init_keysets()
+    assert ledger_encrypted.keyset.seed == SEED
+    private_key_1 = (
+        ledger_encrypted.keysets[list(ledger_encrypted.keysets.keys())[0]]
+        .private_keys[1]
+        .serialize()
+    )
+    assert (
+        private_key_1
+        == "8300050453f08e6ead1296bb864e905bd46761beed22b81110fae0751d84604d"
+    )
+    pubkeys_encrypted = ledger_encrypted.keysets[
+        list(ledger_encrypted.keysets.keys())[0]
+    ].public_keys
+    assert pubkeys_encrypted
+    assert (
+        pubkeys_encrypted[1].serialize().hex()
+        == "02194603ffa36356f4a56b7df9371fc3192472351453ec7398b8da8117e7c3e104"
+    )