Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to create a key through the create-key interface". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to create a key through the create-key interface".

In the API.buildHandler method:

Api/api.go#L164-L244

Func (a * API) buildHandler () {/ /... If a.wallet! = nil {/ /... M.Handle ("/ create-key", jsonHandler (a.pseudohsmCreateKey)) / /...

As you can see, the path is / create-key, and the corresponding handler is a.pseudohsmCreateKey (the jsonHandler wrapped around it has been discussed before, not mentioned here):

Api/hsm.go#L23-L32

Func (a * API) pseudohsmCreateKey (ctx context.Context, in struct {Alias string `json: "alias" `Password string `json: "password" `}) Response {xpub, err: = a.wallet.Hsm.XCreate (in.Alias, in.Password) if err! = nil {return NewErrorResponse (err)} return NewSuccessResponse (xpub)}

It mainly calls a.wallet.Hsm.XCreate to let us follow in:

Blockchain/pseudohsm/pseudohsm.go#L50-L66

/ / XCreate produces a new random xprv and stores it in the db.func (h * HSM) XCreate (alias string, auth string) (* XPub, error) {/... / / 1. NormalizedAlias: = strings.ToLower (strings.TrimSpace (alias)) / / 2. If ok: = h.cache.hasAlias (normalizedAlias) Ok {return nil, ErrDuplicateKeyAlias} / / 3.xpub, _, err: = h.createChainKDKey (auth, normalizedAlias, false) if err! = nil {return nil, err} / / 4. H.cache.add (* xpub) return xpub, err}

There is the word HSM, which refers to Hardware-Security-Module, which originally reserved hardware-related modules (not to be discussed for the time being).

The above code is divided into four parts, which are:

First of all, standardize the passed alias parameters, that is, remove the white space and convert it to lowercase.

Check if there is anything in the cache, and if so, return directly and report a corresponding error. It will not be generated repeatedly, because the private key and alias correspond one to one. At the front end, you can remind the user to check or change a new alias according to this error.

Call createChainKDKey to generate the corresponding key and get the returned public key xpub

Put the public key into the cache. It seems that the public key and the alias are not the same thing, so why can you query alias before?

So let's go to h.cache.hasAlias and take a look:

Blockchain/pseudohsm/keycache.go#L76-L84

Func (kc * keyCache) hasAlias (alias string) bool {xpubs: = kc.keys () for _, xpub: = range xpubs {if xpub.Alias = = alias {return true}} return false}

We can learn from xpub.Alias that the alias is bound to the public key, and alias can be seen as an attribute of the public key (and, of course, the corresponding private key). So put the public key in cache, and then you can query the alias.

So how does the createChainKDKey in step 3 generate the key?

Blockchain/pseudohsm/pseudohsm.go#L68-L86

Func (h * HSM) createChainKDKey (auth string, alias string, get bool) (* XPub, bool, error) {/ / 1. Xprv, xpub, err: = chainkd.NewXKeys (nil) if err! = nil {return nil, false, err} / / 2. Id: = uuid.NewRandom () key: = & XKey {ID: id, KeyType: "bytom_kd", XPub: xpub, XPrv: xprv Alias: alias,} / 3. File: = h.keyStore.JoinPath (keyFileName (key.ID.String () if err: = h.keyStore.StoreKey (file, key, auth) Err! = nil {return nil, false, errors.Wrap (err, "storing keys")} / / 4. Return & XPub {XPub: xpub, Alias: alias, File: file}, true, nil}

This piece of code is relatively clear, and we can divide it into four steps, which are:

Call chainkd.NewXKeys to generate the key. Where chainkd corresponds to another package "crypto/ed25519/chainkd" in the original code base, using the ed25519 algorithm in terms of name. If you still remember the previous article, "how to connect a node better than the original node", you will remember that when a new node is connected, the algorithm will be used to generate a pair of keys for encrypted communication in the current connection. It is important to note, however, that although both are ed25519 algorithms, the code used last time came from the third-party library "github.com/tendermint/go-crypto". It is not clear how it differs from this algorithm in detail, leaving it to be studied at a suitable opportunity in the future. Then there is the parameter nil passed in chainkd.NewXKeys (nil), which corresponds to the "random number generator". If nil,NewXKeys is passed, a random number is generated internally using the default random number generator and a key is generated. The content related to the key algorithm is not discussed in this article.

Generate a unique id for the current key, which is later used to generate the file name and save it on the hard disk. Id uses uuid to generate a global unique random number such as 62bc9340-f6a7-4d16-86f0-4be61920a06e.

Save the key as a file on the hard drive. There is a lot of content in this piece, which will be discussed in more detail below.

Combine information related to the public key for use by the caller.

Let's talk more about step 3, saving the key as a file. The first step is to generate the file name. The code for the keyFileName function is as follows:

Blockchain/pseudohsm/key.go#L96-L101

/ / keyFileName implements the naming convention for keyfiles:// UTC---func keyFileName (keyAlias string) string {ts: = time.Now () .UTC () return fmt.Sprintf ("UTC--%s--%s", toISO8601 (ts), keyAlias)}

Note that the parameter keyAlias here should actually be keyID, which is the uuid generated earlier. Writing as alias is a bit misleading and has been submitted to PR#922. The resulting file name, such as: UTC--2018-05-07T06-20-46.270917000Z--62bc9340-f6a7-4d16-86f0-4be61920a06e

After the filename is generated, it will be placed in the appropriate directory through h.keyStore.JoinPath. Generally speaking, this directory is the keystore under the native data directory. If you are an OSX system, it should be in your ~ / Library/Bytom/keystore. If it is anything else, you can determine the DefaultDataDir () through the following code

How to determine the directory in which the key file is saved above is actually a bit of a twist in the code. But if you are interested in this, I believe you should be able to find it yourself, so it will not be listed here. If you can't find it, try the following keywords: pseudohsm.New (config.KeysDir ()), os.ExpandEnv (config.DefaultDataDir ()), DefaultDataDir (), DefaultBaseConfig ()

At the end of step 3, the keyStore.StoreKey method is called to save it to a file. The method code is as follows:

Blockchain/pseudohsm/keystore_passphrase.go#L67-L73

Func (ks keyStorePassphrase) StoreKey (filename string, key * XKey, auth string) error {keyjson, err: = EncryptKey (key, auth, ks.scryptN, ks.scryptP) if err! = nil {return err} return writeKeyFile (filename, keyjson)}

EncryptKey does a lot of things, using the incoming keys and other information to generate information in JSON format, and then saving it to the hard disk through writeKeyFile. So in your keystore directory, you will see your key file. They are very important. Don't delete them by mistake.

Now that a.wallet.Hsm.XCreate is done, let's go back to the last part of the a.pseudohsmCreateKey method. As you can see, when the key is successfully generated, a NewSuccessResponse (xpub) is returned, which returns the information related to the public key to the front end. It is automatically converted to JSON format by jsonHandler and returned to the past through http.

Thank you for your reading. the above is the content of "how to create a key through the create-key interface". After the study of this article, I believe you have a deeper understanding of how to create a key through the create-key interface. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.