diff --git a/rfc/0013_Duniter_Encrypted_Wallet_Import_Format.md b/rfc/0013_Duniter_Encrypted_Wallet_Import_Format.md index 996a6d06c26779d62688e57827bbb2544ce6d559..43bf10af43f6b10bf4ae5b768c4c7e8f4e198cf1 100644 --- a/rfc/0013_Duniter_Encrypted_Wallet_Import_Format.md +++ b/rfc/0013_Duniter_Encrypted_Wallet_Import_Format.md @@ -60,7 +60,7 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco | log N | Algorithm | Encrypted data | |:---------:|:-----------:|:---------------:| -| 1 byte | 1 byte | 64 bytes | +| 1 byte | 1 byte | Any bytes | #### Algorithm @@ -70,16 +70,10 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco | [BIP32-Ed25519] | 0x01 | | Unknown* | 0x02 | -* Future algorithms can be added to DEWIF v1 if their seed and public key are the same size. +*\* Future algorithms can be added to DEWIF v1.* #### Encrypted data -| Seed | Public key | -|:-------------:|:-------------:| -| 32 bytes | 32 bytes | - -The public key serves as a checksum. To check that the DEWIF base64 string is not corrupted, simply generate a keypair with the seed and check that the obtained public key matches. - **Symmetric encryption algorithm:** aes256 **AES256 key** = scrypt of user passphrase with the following parameters: @@ -92,13 +86,21 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no |**r** |16 | |**p** |1 | +##### Algorithm Ed25519 + +| Seed | Public key | +|:-------------:|:-------------:| +| 32 bytes | 32 bytes | + +The public key serves as a checksum. To check that the DEWIF base64 string is not corrupted, simply generate a keypair with the seed and check that the obtained public key matches. + **Example 1:** | Parameter | Value | |:-----------------:|:----------------------------:| -|**Log N** | 15| -|**Algorithm** |Ed25519| -|**Keypair seed** | 0xbfa3f6e322cf21d0e652f79a69df9498fdf5347665e5646d9041f756496a1143 | +|**Log N** | 15 | +|**Algorithm** | Ed25519 | +|**Keypair seed** | 0xbfa3f6e322cf21d0e652f79a69df9498fdf5347665e5646d9041f756496a1143 | ```txt 0x000000001 #v1 @@ -111,47 +113,73 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no **AES256 key generated from scrypt with the following parameters:** -| Parameter | Value | -|:-----------------:|:----------------------------:| -|**N** | `2^12 = 4096` | -|**r** |16| -|**p** | 1 | - +| Parameter | Value | +|:-----------------:|:-------------:| +| **N** | `2^12 = 4096` | +| **r** | 16 | +| **p** | 1 | DEWIF base 64 string (with aes key `"toto titi tata"`): `AAAAARAAAAEMAJ8UMCz6NVliR+EGUdlnZ8RAi8GqcbXqDn7TZxjXzBI6NbRxSDYlXdJRMlg3YKttB5EPAZrNafNIUGmFyEyaIvQ=` +##### Algorithm Bip32-Ed25519 + +| Language code | Entropy length | Mnemonic entropy | Checksum | padding | +|:--------------:|:--------------:|:----------------:|:--------:|:------------:| +| Uint8 (1 byte) | Uint8 (1 byte) | Any bytes | 8 bytes | Zeroed bytes | + +The padding is used so that the size of the encrypted data is a multiple of 16 (necessary for aes256). + +Language code: + +| Language code | Language | +|:--------------:|:-------------------:| +| 0 | English | +| 1 | Chinese simplified | +| 2 | Chinese traditional | +| 3 | French | +| 4 | Italian | +| 5 | Japanese | +| 6 | Korean | +| 7 | Spanish | + +Mnemonic entropy is defined on [BIP39] + +To check that the DEWIF base64 string is not corrupted, compute the hash sha256 of `Language code || Entropy length || Mnemonic entropy`. The first eight bytes of the sha256 hash constitute the checksum. + **Example 2:** | parameter | value | |:-----------------:|:----------------------------:| -|**Log N** | 15| -|**Algorithm** |Bip32-Ed25519| -|**Keypair seed** | 0xb7d3a54e1c20172cd38e0d803776a3bacf11f895ef8ef846043a0d628431c872 | - +| **Log N** | 14 | +| **Algorithm** | Bip32-Ed25519 | +| **mnemonic** | `"crop cash unable insane eight faith inflict route frame loud box vibrant"` | ```txt 0x000000001 #v1 0x100000001 #g1-test 0x0F # log N 0x01 # Algorithm Bip32-Ed25519 -0xb7d3a54e1c20172cd38e0d803776a3bacf11f895ef8ef846043a0d628431c872 # keypair seed -0xd1fec6ddf6e887e40bd77d459131ee5a6bec1194341b9393ead606363bb7b060 # public key +0x00 # Language english +0x10 # Entropy length +0x33E46BB13A746EA41CDDE45C90846A79 # Mnemonic entropy +0x???? # checksum ``` -**AES256 key generated from scrypt with the following parameters:** +**AES256 key generated from scrypt with the following parameters:** -| Parameter | Value | -|:-----------------:|:----------------------------:| -|**N** | `2^15 = 32768` | -|**r** |16| -|**p** | 1 | +| Parameter | Value | +|:--------------:|:--------------:| +| **N** | `2^14 = 16384` | +| **r** | 16 | +| **p** | 1 | DEWIF base 64 string (with aes key `"toto titi tata"`): -`AAAAARAAAAEPAXBN8l4QNE9IhJV0f7w22U0UpnXnNupVruNplirmnM88WdtmyBlXy5pYX1VvTVplmO5vz/49FukruEGRIhEXvLw=` +`???` -[Ed25519]: https://tools.ietf.org/html/rfc8032 [BIP32-Ed25519]: https://drive.google.com/file/d/0ByMtMw2hul0EMFJuNnZORDR2NDA/view +[Ed25519]: https://tools.ietf.org/html/rfc8032 +[BIP39]: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic [DUBP]: https://git.duniter.org/nodes/common/doc/blob/master/rfc/0010_Duniter_Blockchain_Protocol_V12.md