Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This release brings a comprehensive overhaul to the wallet client and
introduces a wide range of new features such as transaction support,
balance checking, choosing a Denaro node, the ability to import wallet
entries, multi-address generation, Wallet Annihilation, and new CLI
options. This release also introduces numerous improvements and
additions to core features, organizational restructuring of the
internal code-base, and changes to the JSON data structure of wallet
files.
Changelog for Denaro Wallet Client v0.0.5-beta:
Organizational Changes:
- Restructured `cryptographic_util.py`:
- Divided various classes into separate utility modules for
enhanced optimization and organization.
- Renamed 'TOTP_Utils' to 'TOTP'.
- Renamed 'CryptoWallet' to 'EncryptDecryptUtils'.
- Merged 'EncryptionUtils' class methods into
'EncryptDecryptUtils'.
- Renamed 'VerificationUtils' to 'Verification' and relocated
to a new module `verification_utils.py`.
- Moved 'DataManipulation' class to a new module
`data_manipulation_util.py`.
- Retained 'ProofOfWork', 'TOTP', and 'EncryptDecryptUtils'
classes in `cryptographic_util.py`.
- Renamed 'key_generation.py' to 'wallet_generation_util.py'.
- Relocated all utility modules to `denaro/wallet/utils`
directory.
Transaction Support:
- New modules have been added to facilitate transaction support.
- These new modules include: `transaction.py`,
`transaction_input.py`, `transaction_output.py`, and
`coinbase_transaction.py`.
- Various functions have been added to `wallet_client.py` to
facilitate transaction and balance management.
- These new functions include: `prepareTransaction`,
`create_transaction`, `get_address_info`, `checkBalance`,
`get_balance_info`, `validate_and_select_node`, and
`initialize_wallet`.
CLI changes:
Note: This changelog dose not include full usage documentation.
Documentation will be made availible at a later time to reflect
these changes.
- A `send` sub-command with multiple options has been added,
allowing users to initiate transactions.
- A `balance` sub-command with multiple options has been added,
allowing users to check the balance of addresses associated
with their wallet.
- An `-import` sub-command has been added to facilitate the
import of wallet entries based on the private key associated
with an address.
- Introduced a `-show` option to the `decryptwallet` and
`balance` sub-commands, allowing users to selectively filter
wallet entries based on their origin (See the 'Changes to
Wallet JSON Data' section for more infornation).
This option includes two choices:
- `-show generated`: Retrieves only wallet entries that have
been internally generated.
- `-show imported`: Retrieves only wallet entries that have
been imported by the user.
- Introduced a `-node` option for the `send` and `balance`
sub-commands, allowing users to choose a preferred Denaro
node for conducting transactions or checking balances. This
option requires a valid IP or URL string. If a node is not
specified by the user, then the wallet client will use the
default Denaro node (https://denaro-node.gaetano.eu.org)
- Introduced an `-amount` option to the `generateaddress`
sub-command, enabling users to generate multiple addresses in
a single command, with a maximum limit of 256 addresses
(subject to change).
Improvements and Additions:
- Conducted a thorough refactoring of verbose logging mechanisms
within the `generateAddressHelper` function for improved
clarity and efficiency.
- Enhanced the `generateAddressHelper` function to support
multi-address generation and to streamline the process of
importing wallet entries.
- After wallet data has been generated, a warning about the
risks of disclosing mnemonic phrases or private keys will be
shown to the user.
- After wallet data has been generated, the cryptographic keys
along with the Denaro address associated with the data will be
shown to the user. For non-deterministic wallet data, the
mnemonic phrase, private key, and address are displayed, while
for deterministic wallet data, only the private key and
address are shown. The master mnemonic is also displayed but
only when a new wallet is generated.
- Added a `generate_from_private_key` function to
`wallet_generation_util.py` for generating wallet data
directly from a private key.
- Refactored the `decryptWalletEntries` function to allow for
both the output of unencrypted wallet data and the capability
to filter and process wallet entries based on their origin
(See the 'Changes to Wallet JSON Data' section and the new
`-show` option for more information).
- Incorporated various messages within the `decryptWalletEntries`
function to accommodate the newly introduced transaction and
balance checking features.
- Integrated a feature in the wallet decryption process to
display a count of decrypted entries out of the total number
of entries (e.g. "Decrypting wallet entry 3 of 15").
- Implemented validation of wallet addresses and private keys
using regular expression patterns.
- Modified the `sort_arguments_based_on_input` and `check_args`
functions to ensure proper usage of CLI arguments and to
prevent erroneous combinations that could lead to errors.
- Addressed and corrected various typos throughout the codebase.
- Slightly optimized some functions for enhanced efficiency and
performance.
- The Wallet Annihilation feature now only performs a single
deletion pass instead of two, reducing operational overhead.
- Eliminated repetitive code in the `update_failed_attempts` and
`reset_failed_attempts` methods by consolidating common
functionalities into a singular `get_failed_attempts` method,
thereby reducing code redundancy.
- Implemented robust validation using regular expressions for IP
addresses, URLs, and port numbers. This specifically applies
when utilizing the `-node` option. The validation process
rigorously checks the format of the entered values, ensuring
they conform to standard IP, URL, and port number patterns.
This also ensures secure and error-free connections for
subsequent web requests.
- Node verification has also been implemented to check if the
user-provided IP or URL might be associated with actual
Denaro node (See the 'Denaro Node Verification' section for
more information).
Changes to Wallet JSON Data Structure:
- The `imported_entries` object array is a new addition to the
wallet architecture, and has been implemented to accomidate the
new import feature. This array is used specifically for storing
wallet entries that have been imported by the user, and will be
added to the JSON structure of a wallet file whenever a user
first performs an import. The `imported_entries` array is distinct
from the `entries` array which holds internally generated wallet
entries. The introduction of `imported_entries` serves several
purposes:
1. Data Segregation: It provides a clear seperatation
between entries originating from what has been internally
generated by the wallet client (stored in `entries`) and
those imported by the user (stored in `imported_entries`).
This segregation is vital for maintaining data organization
and clarity within wallet JSON data.
2. Deterministic Wallet Data Generation: The deterministic
generation of wallet data relies on the total number of
objects stored in the `entries` array. Specifically, this
count (+1) is used as an index in the address derivation path
for generating child keys and their corresponding addresses.
Introducing data from external sources into the `entries`
array would disrupt this deterministic process. The
separation of `imported_entries` ensures the integrity and
consistency of the deterministic generation of wallet data by
isolating imported data from the internal generation process.
3. Operational Integrity: By keeping imported entries in a
separate array, the wallet system avoids potential conflicts
and errors that could arise from mixing externally sourced
data with internally generated data. This separation is
fundamental to the reliable and secure operation of the
wallet.
In summary, `imported_entries` enhances the wallet's functionality
by providing a dedicated space for user-imported entries, thereby
protecting the integrity of the deterministic generation process
and ensuring the wallet's overall operational efficiency and
security.
Denaro Node Verification:
- A verification procedure has been introduced to confirm the
authenticity of a Denaro node specified by the user. This
specifically applies when utilizing the `-node` option. This
process is critical for ensuring secure and accurate network
connections. However, this process is not 100% foolproof (See
'Potential Security Implication').
- Initial Verification Step:
- The process begins by retrieving the latest block number from a
trusted Denaro node (e.g., `https://denaro-node.gaetano.eu.org/
get_mining_info`). This block number serves as a reference
point for the validation process.
- Random Block Number Generation:
- A random block number is generated, ranging between 0 and the
latest block number retrieved. This step introduces a layer of
unpredictability, enhancing the robustness of the verification
process.
- Block Hash Retrieval and Comparison:
- The trusted Denaro node is queried to obtain the block hash
corresponding to the randomly generated block number (e.g.
`https://denaro-node.gaetano.eu.org/get_block?block=123456`).
- A subsequent request is made to the user-provided IP or URL to
retrieve the block hash for the same block number.
- The hashes obtained from both the trusted and user-provided
nodes are then compared.
- Final Verification:
- If the block hash from the user-provided node is the same as
that from the trusted node, then it is a strong indicator that
the user-provided node is a legitimate Denaro node. Assuming
that it's blockchain is in-sync.
- After the process is complete then all subsequent requests for
transactions or balance checking will be made using the
user-provided node.
- If verification fails then the wallet client will use the
default Denaro node (https://denaro-node.gaetano.eu.org).
- Potential Security Implication – Proxy/Relay Nodes:
- It's crucial to recognize that this method is not 100%
foolproof. A server could function as a proxy or relay,
forwarding requests to the trusted node. This behavior could
mask the server's identity, making it appear as a legitimate
Denaro node.
- This means that even if the block hashes match, there is a
possibility that the user-provided node might not be an actual
Denaro node, but rather a malicious server relaying information
from a genuine node. This can deceive users into believing they
are interacting with a trusted node.
- While the relayed data might be accurate, the intermediary
server (proxy/relay) could potentially intercept, log, or even
manipulate the data being transmitted between the user and the
Denaro blockchain. This could lead to sensitive information
being compromised, incorrect balance information, or even the
execution of malicious transactions.
- In light of the potential security implication it is imperative
for users to protect their assets and security by being
well-informed, vigilant, and to use trusted Denaro Nodes.- Loading branch information
1 parent
e347b66
commit b10a9af