项目作者: cfengliu

项目描述 :
vault-hd-wallet is a vault plugin that implements the Hierarchical Deterministic wallet (HD wallet).
高级语言: Go
项目地址: git://github.com/cfengliu/vault-hd-wallet.git
创建时间: 2020-10-22T09:52:48Z
项目社区:https://github.com/cfengliu/vault-hd-wallet

开源协议:MIT License

下载


vault-hd-wallet

vault-hd-wallet is a vault plugin that implements the Hierarchical Deterministic wallet (HD wallet), which support the ethereum mnemonic storage and signing ethereum transaction. The wallet seed and derived key will not be exposed while signing the transaction or creating the account. The mnemonic can be imported to the plugin to restore the account addresses.

Getting Started

The vault server should be installed firstly. If not installed yet, read installation guide.

To learn what is custom plugin and how it works, please read this guide.

To compile this plugin, run the following command. The compiled binary should be placed in vault server’s plugin directory.

  1. go build -a -v -i -o hdwallet *.go

Get the SHA256 hash of binary file before registering the plugin:

  1. sha256=$(sha256sum ./hdwallet | cut -d " " -f1) >/dev/null

Register plugin:

  1. vault write sys/plugins/catalog/secret/hdwallet \
  2. sha_256=$sha256 \
  3. command="hdwallet"

Enable plugin:

  1. vault secrets enable -plugin-name='hdwallet' plugin

Policy

The plugin policy is depended on your auth management. This repo provides two examples: wallet and accounts. Wallet policy is for admin, which enables user to initialize wallet and all accounts. Accounts policy allows user to get account address and sign a transaction.

Usage

Create a HD wallet

If no mnemonic is provided, the HD wallet will randomly generate one.

  1. POST /hdwallet/wallet

Parameters
| Name | Type | In | Description |
| ————— | ——— | —— | ——————————————————————————- |
| mnemonic | string | body | The mnemonic could be imported to restore the wallet. |
| passphrase | string | body | The mnemonic password to protect the wallet. |

Code samples

  1. curl --request POST "http://${ip}:${port}/v1/hdwallet/wallet" \
  2. --header "Authorization: Bearer ${token}" \
  3. --data-raw '{
  4. "mnemonic": "move mask pilot rather lion prevent reform mixture valve appear drop soap section pass jelly capital limb produce enough smooth nature cricket elevator jeans",
  5. "passphrase": ""
  6. }'

Read wallet

Get wallet seed and master key. This function should be for testing ONLY.

Code samples

  1. curl --request GET "http://${ip}:${port}/v1/hdwallet/wallet" \
  2. --header "Authorization: Bearer ${token}"

Create an account

The account address is derived from derivation path.

Parameters
| Name | Type | In | Description |
| ——————— | ——— | —— | ——————————————————————————————————————- |
| name | string | url | Rquired. The path of secrets engines where plugin store the account info. |
| derivationPath | string | body | Rquired. The BIP-44 path for generating the account address. |

Code samples

  1. curl --request POST "http://${ip}:${port}/v1/hdwallet/accounts/${name}" \
  2. --header "Authorization: Bearer ${token}" \
  3. --data-raw '{
  4. "derivationPath": "m/44'\''/60'\''/0'\''/0/0"
  5. }'

Get account address

Parameters
| Name | Type | In | Description |
| —— | ——— | —- | ——————————————————————————————————————- |
| name | string | url | Rquired. The path of secrets engines where plugin store the account info. |

Code samples

  1. curl --request GET "http://${ip}:${port}/v1/hdwallet/accounts/${name}/address" \
  2. --header "Authorization: Bearer ${token}"

Sign a transaction

To learn signing transaction and its parameters, read this document

Parameters
| Name | Type | In | Description |
| ————— | ——— | —— | —————————————————————————————————————————————- |
| name | string | url | Rquired. The path of secrets engines where plugin store the account info. |
| address_to | string | body | The destination address for transaction. Leave empty if it is contract creation transaction |
| amount | string | body | Rquired. The ether send to the destination address (in wei) |
| nonce | string | body | Rquired. The transaction count of this account |
| gas_limit | string | body | Rquired. The estimated gas that transaction may consume |
| gas_price | string | body | Rquired. The price of gas (in wei) |
| chainID | string | body | Rquired. The ID of etheruem network |
| data | string | body | The bytecode of contract creation or function call. ‘0x’ prefix is required. |

Code samples

  1. curl --request POST "http://${ip}:${port}/v1/hdwallet/accounts/${name}/sign-tx" \
  2. --header "Authorization: Bearer ${token}" \
  3. --data-raw "{
  4. \"address_to\": \"\",
  5. \"amount\": \"100000\",
  6. \"nonce\": \"2\",
  7. \"gas_limit\": \"3000000\",
  8. \"gas_price\": \"1000000000\",
  9. \"chainID\": \"4\",
  10. \"data\": \"\"
  11. }"

Sign data

Generate the signature for the input data

Parameters
| Name | Type | In | Description |
| —— | ——— | —— | ————————————————————————————————————————————— |
| name | string | url | Rquired. The path of secrets engines where plugin store the account info. |
| data | string | body | Rquired. The data to be signed. (without \x19Ethereum Signed Message:\n prefix ) |

Code samples

  1. curl --request POST "http://${ip}:${port}/v1/hdwallet/accounts/${name}/sign" \
  2. --header "Authorization: Bearer ${token}" \
  3. --data-raw "{
  4. \"data\": \"hello world\"
  5. }"