Merge remote-tracking branch 'od/od-key-rotation-nits' into rotation-doc

0xzoz · May 3, 2024 · 7d3ed56 · 7d3ed56
2 parents a03afff + 90d61ee
commit 7d3ed56
Show file tree

Hide file tree

Showing 9 changed files with 163 additions and 67 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/docs/key_rotation.md b/docs/key_rotation.md
@@ -1,38 +1,78 @@
 # Key Rotation
 > CAUTION: Please read carefully and ensure you understand these instructions. Rotating the wrong key could lock you out of your account and make funds permanently inaccessible.
 
-## Prepare a New Authentication Key
+There are two cases:
 
-### Create a New Address
-Generate a fresh address to serve as the new Authentication Key. This command may prompt you to overwrite an existing private key file, which might not be suitable depending on your setup. Use the `-o` flag to specify a different output directory.
+1) you are in full control of an account, and would like to
+rotate to a new private key (using a new mnemonic).
 
-```bash
-libra wallet keygen
-```
+This is a single step, and you can simply use the current mnemonic (to sign a
+transaction), and the new mnemonic (to sign a rotation proof).
 
-### Recover Private Key
-To recover a private key using a mnemonic, use:
+2) you are claiming an account from someone else.
 
-```bash
-libra wallet keygen --mnemonic <MNEMONIC> --output-dir <OUTPUT_DIR>
-```
+This requires two steps where the current owner (Alice) will first authorize an existing
+account of the new owner (Bob) to rotate keys for the account being
+claimed. The Bob will have two accounts at the end of the process, and the
+prior owner, Alice, will have none.
 
-Your private key will be stored in a file called `private_keys.yaml` in the directory you specified above. Specifically called `account_private_key`. The private key corresponds with the `account_address` above it.
 
+## CASE 1: Rotate Keys on Your Wallet
+
+You will be prompted for a mnemonic twice. But theses should be DIFFERENT
+mnemonics.
 
+The first mnemonic is for your current credentials which will be decprected. It
+is used to sign and send the rotation transaction to blockchain.
 
-## Rotate Keys on Your Wallet
+In the process you will be prompted for the NEW mnemonic you would like to be using going forward.
 
-### Rotate Authentication Key
-Rotate the authentication key using the new private key for the address associated with the mnemonic you provide upon prompt:
+Additionally, you can expect the CLI tool to ask you to confirm this operation
+twice in the process.
 
 ```bash
-libra txs user rotate-key --new-private-key <NEW_PRIVATE_KEY>
+libra txs user rotate-key
 ```
 
-## Delegate the Ability to Rotate Authentication Key
+Note: If you have an advanced case, and would like to submit the private key itself, see below.
+
+## CASE 2: Claim an account
+
+There are two steps involved to claim another account. First, some definitions:
+- There are two parties Original Owner (Alice for example) and New Owner (Bob).
+
+- Alice is offering Claimed Account (`0x123`) to Bob.
+
+- Bob must already have a separate Delegate Account on chain (`0x456`). The
+only reason for this is that Bob needs to do some sensitive signing of keys and
+submit it to the chain, and there's no way for Alice or really anyone else to do
+this for him.
+
+- Bob will also require a New Mnemonic, which he will use to control Claimed
+  Account in the future.
+
+With all that in place:
+
+#### Original Owner Alice's Job
+
+Alice will send a transaction to "delegate" Bob's
+account `0x456` with
+the power to rotate the keys to `0x123`.
+
+Alice's job ends here.
+
+#### New Owner Bob's Job
+
+Next Bob needs his usual credentials for `0x456`, and also the New Mnemonic he
+plans to use for `0x123`.
+
+He submits a transaction (after a bit of processing of the New Mnemonic private
+keys), which should successfully rotate the keys to `0x123`
 
-### Delegate Rotation Capability
+The job of the Delegate account `0x456` is over (the account could even be disposed of).
+
+
+## Step 1: Original Owner Delegates Rotation Capability
 Grant another user the capability to change the Authentication Key for a specified address. You will be prompted to enter the mnemonic for the address whose authentication key will be changed:
 
 ```bash
@@ -41,10 +81,34 @@ libra txs user rotation-capability --delegate-address <DELEGATE_ADDRESS>
 
 The specified delegate address can now rotate authentication keys on the address for which the mnemonic was provided.
 
-## Rotate Authentication Keys Using a Delegated Address
+## Step 2: New Owner Rotates Authentication Keys Using the Delegated Address
 
-### Use Delegated Authority to Rotate Key
 Enables a delegated user to rotate the Authentication Key for a specified wallet address:
 
 ```bash
-libra txs user rotate-key --new-private-key <NEW_PRIVATE_KEY> --account-address <ACCOUNT_ADDRESS>
+libra txs user rotate-key --claim-address <ACCOUNT_ADDRESS>
+```
+
+# Cheat Sheet
+
+### Create a new mnemonic
+```
+libra wallet keygen
+```
+
+
+# Advanced: Optionally Input the Private Key
+To recover a private key using a mnemonic, use:
+
+```bash
+libra wallet keygen --mnemonic <MNEMONIC> --output-dir <OUTPUT_DIR>
+```
+
+Your private key will be stored in a file called `private_keys.yaml` in the directory you specified above. Specifically called `account_private_key`. The private key corresponds with the `account_address` above it.
+
+Once you have a private key, you can submit the transaction by explicitly
+setting the key. In this case the new mnemonic will not be asked for.
+
+```bash
+libra txs user rotate-key --new-private-key <NEW_PRIVATE_KEY> --claim-address <ACCOUNT_ADDRESS>
+```
diff --git a/tools/config/src/make_yaml_public_fullnode.rs b/tools/config/src/make_yaml_public_fullnode.rs
@@ -55,7 +55,7 @@ pub fn add_peers_to_yaml(
 
     parsed.full_node_networks.iter_mut().for_each(move |e| {
         if e.network_id.is_public_network() {
-            e.seed_addrs = peers.clone();
+            e.seed_addrs.clone_from(&peers);
         }
     });
 

diff --git a/tools/txs/Cargo.toml b/tools/txs/Cargo.toml
@@ -13,6 +13,7 @@ repository = { workspace = true }
 anyhow = { workspace = true }
 bcs = { workspace = true }
 clap = { workspace = true }
+dialoguer = { workspace = true }
 diem = { workspace = true }
 diem-crypto = { workspace = true }
 diem-framework = { workspace = true }

diff --git a/tools/txs/src/submit_transaction.rs b/tools/txs/src/submit_transaction.rs
@@ -112,10 +112,10 @@ impl Sender {
     }
 
     pub fn set_tx_cost(&mut self, cost: &TxCost) {
-        self.tx_cost = cost.to_owned();
+        cost.clone_into(&mut self.tx_cost);
     }
 
-    ///
+    /// load from local app configs
     pub async fn from_app_cfg(app_cfg: &AppCfg, profile: Option<String>) -> anyhow::Result<Self> {
         let profile = app_cfg.get_profile(profile)?;
 

diff --git a/tools/txs/src/txs_cli_community.rs b/tools/txs/src/txs_cli_community.rs
@@ -213,7 +213,7 @@ impl BatchTx {
             if let Some((_, pp)) = pending_or_approved.get_key_value(&addr) {
                 if pp.amount == gas_coin::cast_decimal_to_coin(inst.amount as f64) {
                     inst.proposed = Some(true);
-                    inst.voters = pp.voters.clone();
+                    inst.voters.clone_from(&pp.voters);
                     inst.approved = pp.approved;
                     println!("... found already pending, mark as proposed");
                 }