Skip to content

RPC: Better safety with newkeypool command and wallet backups #23341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 20, 2021
Merged

RPC: Better safety with newkeypool command and wallet backups #23341

merged 1 commit into from
Dec 20, 2021

Conversation

meshcollider
Copy link
Contributor

@meshcollider meshcollider commented Oct 23, 2021
edited
Loading

This PR prevents newkeypool from being run on non-HD wallets, because this would require a new backup every time, so it isn't very safe.

David Harding also suggested here that the RPC help text should include a warning to the users about the interaction between newkeypool.

@meshcollider meshcollider mentioned this pull request Oct 23, 2021
Merged
lsilva01
lsilva01 approved these changes Oct 25, 2021
View reviewed changes
Copy link
Contributor

@lsilva01 lsilva01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review ACK 04153bc

stratospher
stratospher reviewed Oct 28, 2021
View reviewed changes
Copy link
Contributor

@stratospher stratospher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested ACK 04153bc on a non HD wallet. The warning is really helpful.

$ src/bitcoin-cli --testnet -rpcwallet=mynonHD newkeypool
error code: -4
error message:
Error: Cannot use newkeypool on non-HD wallets.

luke-jr
luke-jr suggested changes Oct 29, 2021
View reviewed changes
Copy link
Member

@luke-jr luke-jr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concept NACK. Users of non-HD wallets expect to make new backups regularly. No reason to deny them this RPC method...

@meshcollider
Copy link
Contributor Author

meshcollider commented Oct 29, 2021
edited
Loading

@luke-jr can you provide a reason for its usefulness? It was only just added, so I can't imagine anyone relying on it...

@luke-jr
Copy link
Member

luke-jr commented Oct 29, 2021

Maybe I'm missing the point of it entirely? I'm just saying artificially blocking non-HD wallets from using it seems unreasonable. I can't think of a use case for this with a HD wallet (won't the new keypool just end up with the same keys?), but it seems useful for non-HD wallets to intentionally avoid new funds from being accessible with old (compromised?) backups.

@meshcollider
Copy link
Contributor Author

meshcollider commented Oct 30, 2021
edited
Loading

HD wallets will be restocked with entirely new keys. That's an interesting use-case, I mainly had in mind people who have upgraded non-HD to HD and want to clear out all their non-HD keys in one go. But I can just add some large warnings in the non-HD case.

In that case though @luke-jr why not just make a new wallet?

@DrahtBot DrahtBot mentioned this pull request Dec 2, 2021
Closed
@DrahtBot
Copy link
Contributor

DrahtBot commented Dec 2, 2021
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

No conflicts as of last run.

@DrahtBot DrahtBot mentioned this pull request Dec 4, 2021
Merged
@meshcollider
Copy link
Contributor Author

Rebased.

@achow101
Copy link
Member

I agree with @luke-jr. This RPC is useful for non-HD wallets too. It just need to come with large warnings about backups.

@meshcollider
Copy link
Contributor Author

Done 👍

@meshcollider meshcollider added this to the 23.0 milestone Dec 20, 2021
@achow101
Copy link
Member

ACK a2a9231

@achow101 achow101 merged commit 887796a into bitcoin:master Dec 20, 2021
@meshcollider meshcollider deleted the 202110_newkeypool_documentation branch December 20, 2021 20:53
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Dec 20, 2021
@achow101
Merge bitcoin#23341: RPC: Better safety with newkeypool command and w…
673b1dc 
…allet backups

a2a9231 rpc: Add warning to user about newkeypool command (Samuel Dobson)

Pull request description:

  This PR prevents `newkeypool` from being run on non-HD wallets, because this would require a new backup every time, so it isn't very safe.

  David Harding also suggested [here](bitcoin#23093 (comment)) that the RPC help text should include a warning to the users about the interaction between newkeypool.

ACKs for top commit:
  achow101:
    ACK a2a9231

Tree-SHA512: 0aa497900f1d179764bce13ffce0bb081ba2ca354492bf2e04b21d0212e960b3ed13a386fbf65602b6b50461f4056a0285752ef707d312da28e82449cd8ea048
@bitcoin bitcoin locked and limited conversation to collaborators Dec 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
3 more reviewers

@stratospher stratospher stratospher left review comments

@luke-jr luke-jr luke-jr requested changes

@lsilva01 lsilva01 lsilva01 approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
RPC/REST/ZMQ Wallet
Projects
None yet
Milestone
23.0
Development

Successfully merging this pull request may close these issues.
6 participants
@meshcollider @luke-jr @DrahtBot @achow101 @stratospher @lsilva01