diff --git a/crates/apps/src/lib/cli.rs b/crates/apps/src/lib/cli.rs index 602351781d..12c6450850 100644 --- a/crates/apps/src/lib/cli.rs +++ b/crates/apps/src/lib/cli.rs @@ -2979,6 +2979,7 @@ pub mod args { arg_default("hd-path", DefaultFn(|| "default".to_string())); pub const HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH: ArgFlag = flag("allow-non-compliant"); + pub const HD_PROMPT_BIP39_PASSPHRASE: ArgFlag = flag("bip39-passphrase"); pub const HISTORIC: ArgFlag = flag("historic"); pub const IBC_TRANSFER_MEMO_PATH: ArgOpt = arg_opt("memo-path"); pub const INPUT_OPT: ArgOpt = arg_opt("input"); @@ -6201,6 +6202,8 @@ pub mod args { let derivation_path = HD_DERIVATION_PATH.parse(matches); let allow_non_compliant = HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.parse(matches); + let prompt_bip39_passphrase = + HD_PROMPT_BIP39_PASSPHRASE.parse(matches); Self { scheme, shielded, @@ -6210,6 +6213,7 @@ pub mod args { use_device, derivation_path, allow_non_compliant, + prompt_bip39_passphrase, } } @@ -6262,6 +6266,11 @@ pub mod args { .args([HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.name]) .requires(HD_DERIVATION_PATH.name), ) + .arg( + HD_PROMPT_BIP39_PASSPHRASE.def().help( + "Use an additional passphrase for HD-key generation.", + ), + ) } } @@ -6276,6 +6285,8 @@ pub mod args { let derivation_path = HD_DERIVATION_PATH.parse(matches); let allow_non_compliant = HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.parse(matches); + let prompt_bip39_passphrase = + HD_PROMPT_BIP39_PASSPHRASE.parse(matches); Self { scheme, shielded, @@ -6285,6 +6296,7 @@ pub mod args { unsafe_dont_encrypt, derivation_path, allow_non_compliant, + prompt_bip39_passphrase, } } @@ -6340,6 +6352,11 @@ pub mod args { .args([HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.name]) .requires(HD_DERIVATION_PATH.name), ) + .arg( + HD_PROMPT_BIP39_PASSPHRASE.def().help( + "Use an additional passphrase for HD-key generation.", + ), + ) } } diff --git a/crates/apps/src/lib/cli/wallet.rs b/crates/apps/src/lib/cli/wallet.rs index 9551152b3c..4e05a2d2b3 100644 --- a/crates/apps/src/lib/cli/wallet.rs +++ b/crates/apps/src/lib/cli/wallet.rs @@ -239,6 +239,7 @@ fn shielded_key_gen( unsafe_dont_encrypt, derivation_path, allow_non_compliant, + prompt_bip39_passphrase, .. }: args::KeyGen, ) { @@ -261,8 +262,11 @@ fn shielded_key_gen( display_line!(io, "No changes are persisted. Exiting."); cli::safe_exit(1) } - let (_mnemonic, seed) = - Wallet::::gen_hd_seed(None, &mut OsRng); + let (_mnemonic, seed) = Wallet::::gen_hd_seed( + None, + &mut OsRng, + prompt_bip39_passphrase, + ); wallet.derive_store_hd_spendind_key( alias, alias_force, @@ -535,6 +539,7 @@ fn transparent_key_and_address_gen( unsafe_dont_encrypt, derivation_path, allow_non_compliant, + prompt_bip39_passphrase, .. }: args::KeyGen, ) { @@ -565,8 +570,11 @@ fn transparent_key_and_address_gen( display_line!(io, "No changes are persisted. Exiting."); cli::safe_exit(1) } - let (_mnemonic, seed) = - Wallet::::gen_hd_seed(None, &mut OsRng); + let (_mnemonic, seed) = Wallet::::gen_hd_seed( + None, + &mut OsRng, + prompt_bip39_passphrase, + ); wallet.derive_store_hd_secret_key( scheme, Some(alias), diff --git a/crates/sdk/src/args.rs b/crates/sdk/src/args.rs index 9b2a2bed8b..ed94a327b3 100644 --- a/crates/sdk/src/args.rs +++ b/crates/sdk/src/args.rs @@ -2112,6 +2112,8 @@ pub struct KeyGen { pub unsafe_dont_encrypt: bool, /// BIP44 / ZIP32 derivation path pub derivation_path: String, + /// Prompt for BIP39 passphrase + pub prompt_bip39_passphrase: bool, /// Allow non-compliant derivation path pub allow_non_compliant: bool, } @@ -2133,6 +2135,8 @@ pub struct KeyDerive { pub derivation_path: String, /// Allow non-compliant derivation path pub allow_non_compliant: bool, + /// Prompt for BIP39 passphrase + pub prompt_bip39_passphrase: bool, /// Use device to generate key and address pub use_device: bool, } diff --git a/crates/sdk/src/wallet/mod.rs b/crates/sdk/src/wallet/mod.rs index e47cb5b0cb..5fae3db2ad 100644 --- a/crates/sdk/src/wallet/mod.rs +++ b/crates/sdk/src/wallet/mod.rs @@ -621,10 +621,12 @@ impl Wallet { } /// Generate a BIP39 mnemonic code, and derive HD wallet seed from it using - /// the given passphrase. + /// the given passphrase. If no passphrase is provided, optionally prompt + /// for a passphrase. pub fn gen_hd_seed( passphrase: Option>, rng: &mut U::Rng, + prompt_bip39_passphrase: bool, ) -> (Mnemonic, Seed) { const MNEMONIC_TYPE: MnemonicType = MnemonicType::Words24; let mnemonic = U::generate_mnemonic_code(MNEMONIC_TYPE, rng); @@ -634,8 +636,13 @@ impl Wallet { ); println!("{}", mnemonic.clone().into_phrase()); - let passphrase = - passphrase.unwrap_or_else(|| U::read_mnemonic_passphrase(true)); + let passphrase = passphrase.unwrap_or_else(|| { + if prompt_bip39_passphrase { + U::read_mnemonic_passphrase(true) + } else { + Zeroizing::default() + } + }); let seed = Seed::new(&mnemonic, &passphrase); (mnemonic, seed) }