Remove salt from private keys armor

cosmos · Mar 14, 2019 · e34045b · e34045b
1 parent 7058917
commit e34045b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 9 deletions.
diff --git a/crypto/keys/mintkey/mintkey.go b/crypto/keys/mintkey/mintkey.go
@@ -92,10 +92,9 @@ func unarmorBytes(armorStr, blockType string) (bz []byte, err error) {
 
 // Encrypt and armor the private key.
 func EncryptArmorPrivKey(privKey crypto.PrivKey, passphrase string) string {
-	saltBytes, encBytes := encryptPrivKey(privKey, passphrase)
+	encBytes := encryptPrivKey(privKey, passphrase)
 	header := map[string]string{
-		"kdf":  "bcrypt",
-		"salt": fmt.Sprintf("%X", saltBytes),
+		"kdf": "bcrypt",
 	}
 	armorStr := armor.EncodeArmor(blockTypePrivKey, header, encBytes)
 	return armorStr
@@ -104,15 +103,14 @@ func EncryptArmorPrivKey(privKey crypto.PrivKey, passphrase string) string {
 // encrypt the given privKey with the passphrase using a randomly
 // generated salt and the xsalsa20 cipher. returns the salt and the
 // encrypted priv key.
-func encryptPrivKey(privKey crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte) {
-	saltBytes = crypto.CRandBytes(16)
+func encryptPrivKey(privKey crypto.PrivKey, passphrase string) (encBytes []byte) {
 	key, err := bcrypt.GenerateFromPassword([]byte(passphrase), BcryptSecurityParameter)
 	if err != nil {
 		cmn.Exit("Error generating bcrypt key from passphrase: " + err.Error())
 	}
 	key = crypto.Sha256(key) // get 32 bytes
 	privKeyBytes := privKey.Bytes()
-	return saltBytes, xsalsa20symmetric.EncryptSymmetric(privKeyBytes, key)
+	return xsalsa20symmetric.EncryptSymmetric(privKeyBytes, key)
 }
 
 // Unarmor and decrypt the private key.

diff --git a/crypto/keys/mintkey/mintkey_bench_test.go b/crypto/keys/mintkey/mintkey_bench_test.go
@@ -6,16 +6,13 @@ import (
 
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/bcrypt"
-
-	"github.com/tendermint/tendermint/crypto"
 )
 
 func BenchmarkBcryptGenerateFromPassword(b *testing.B) {
 	passphrase := []byte("passphrase")
 	for securityParam := 9; securityParam < 16; securityParam++ {
 		param := securityParam
 		b.Run(fmt.Sprintf("benchmark-security-param-%d", param), func(b *testing.B) {
-			saltBytes := crypto.CRandBytes(16)
 			b.ResetTimer()
 			for i := 0; i < b.N; i++ {
 				_, err := bcrypt.GenerateFromPassword(passphrase, param)