It seems that an error will occur when remittance when importing secret.key without password setting.
I thought it was just me, but there are several.
What can I do to resolve this? ?
I don’t have a recovery phrase.
I have all the files of daedalus0.14.
thank you.
Id recommand to submit a ticket here https://iohk.zendesk.com/hc/en-us
Failing to move funds for a wallet created by an imported secret.key means:
That the derived signing key(s) are not related for the address(es) holding the fund(s).
How can this be happened?
The esk has 3 parts
| 64-byte de/encrypted master/root secret key | 32-byte non-encryted master/root public key | 32-byte non-encryted length chain code |
|---|
The following cases can be assumed:
| esk / passwordHash | empty pw hash | non-empty pw hash |
|---|---|---|
| non-encrypted sk | Valid1 | Invalid2 |
| encrypted sk | Invalid3 | Valid4/Invalid5 |
What do I mean the esk was not altered, I meant if that 3 parts of the esk was not manually modified and the decrypted sk can regenerate the same public key stored in esk.
I know, it seems complicated, but not really.
Check KtoRZ repo, it has some good tools to figure out what has happened.
Thank you. I guess I have to find the password type. I tried to restore wallet from ikar with private key and password hash. The password hash is “null”, but the wallet cannot be restored as it is. By setting it to “”, I was able to restore it to Daedalus, but since Daedalus requires a password, I couldn’t send money. How do I send money using my private key and password hash (“null”)?
It won’t unless you have the password the master secret key was encrypted, because the address your fund is stored, can only be derived from the unencrypted mastercsecret key or the master public key (which is never encrypted) but only unlocked/send if you can decrypt the encrypted master secret key with the password it was encrypted. But why u can see that address and fund in Daedalus?
Becase for the Byron addresses, they are determined buy scanning all UtXOs (because they have random index and the some part of address is encrypted with the root master public key) and they would not be found otherwise) and checking whether the address was encrypted by the root public key).
That is why u can see it but never spend it until u have the proper password to decrypt the encrypted master secret key despite it has an empty password based password hash.
So, do not try to send it without knowing the real password as it would not go through (and that means also that you do not understand/know what you are doing). Also, if you have a situation that you exactly know the password then use the tools I linked above as it wont go through with Daedalus at all (when the esk is encrypted, but the passwordHash is based on an empty password)
Dear _ilap,
Thank you for your reply.
Check KtoRZ repo, it has some good tools to figure out what has happened.
I succeeded in obtaining “encrypted-root-private-key” using the above,
I don’t know what to do next.
In particular,
Using the above tool, I got the following result.
yarn inspect-keystore {$MY_SERCRET.KEY}
[
{
"encrypted-root-private-key": "root_xsk1...",
"root-public-key": "root_xvk...",
"source": "_usKeys",
"is-empty-passphrase": true
}
]
From the above result, you can see that the encrypted private key and transmission password are not set.
I don’t understand the process from here to using the wallet.
Do you have any advice for me?
Also, for reference, I will describe how to restore the wallet that I have been doing so far.
This time, the above “encrypted-root-private-key” and another “encrypted-root-private-key” were displayed.
I knew how to use the following, but I got a signature error when transferring funds.
Based on the above issues, using the following tool
I have restored the wallet.
/export-wallets --mainnet --wallet-db-path ~/.local/share/Daedalus/mainnet/Wallet --keyfile {$MY_SERCRET.KEY}
[
{
"encrypted_root_private_key": "75bea....",
"name": "MY OLD WALLET",
"passphrase_hash": null
}
]
If you restore the “encrypted_root_private_key” obtained above using Backend API(https://input-output-hk.github.io/cardano-wallet/api/edge/), you can create a wallet on Daedalus,
Funds cannot be transferred.
■ How to restore the wallet
curl --cacert "$HOME/Library/Application Support/Daedalus Mainnet/tls/client/ca.crt" \
--cert "$HOME/Library/Application Support/Daedalus Mainnet/tls/client/client.pem" \
https://localhost:$port/v2/byron-wallets -H "Content-Type: application/json" \
-d '{"encrypted_root_private_key":"$encrypted_root_private_key","name":"My Old Byron Wallet","passphrase_hash":"$passphrase_hash","style":"random"}'
It’s probably the same as the Daedalus restoration method, but it seems that there is an error in signing the transaction.
■ Error details
TxValidationErrorInMode (ShelleyTxValidationError ShelleyBasedEraAlonzo (ApplyTxError [UtxowFailure (WrappedShelleyEraFailure (MissingVKeyWitnessesUTXOW (WitHashes (fromList [KeyHash \"ffe...\"]))))])) AlonzoEraInCardanoMode"}
`
Sorry for my poor English. I would appreciate it if you could confirm
You should use mine repo, as Matthias has not merged my PR into his repo.
My PR has more validation options, see an example here:
{
"encrypted-root-private-key": "root_xsk1...",
"root-public-key": "root_xvk1fv6wc376lxm7h34akurxyfskg5wqqr59h2quw3y6usm23jal824e3ewvwpyh00g3hv9634d42ud8q4cyewfnf5n6qjzn9645nf5cctg4d3elm",
"source": "_usKeys",
"is-empty-passphrase": false,
"has-valid-encryption": false,
"encryption-password": ""
},
This means that the master secret is encrypted despite the passwordHash is null.
In this case I would not bother with the tool above, but I would use the OpenWall’s John the Ripper.
They merged my PR into their beeding-edge branch so you could use it.
An (by-heart) example of using it (based on your expoorted wallet)
#################################################################################
# 1. Download and build john
#################################################################################
$ git clone https://github.com/openwall/john.git
Cloning into 'john'...
...
$ cd john/src/
$ ./configure
$ make -sj4
# If it's build go to the run directory
$ cd ../run
# test it
$ ./john --test --format=cardano
...
# if all good then
#################################################################################
# 2. Use the built john for your exported wallet the MY_SECRET.KEY.
#################################################################################
$ sed '/encr/!d;s/^.*encr.*: *"\(.*\)",.*/$cardano$1$\1/' "/full/path/to/your/$MY_SERCRET.KEY" | tee wallet.john
"$cardano$1$75bea........."
$ cat <<EOF> wordlist.txt
Paswrod1youthinkisright
passw@rd2
anortherpasswordyouthinkgwouldwork
EOF
$ ./john --wordlist=wordlist.txt wallet.john
# If you're lucky you will see whether your password candidates could decrypt the encrypted master secret key.
# If not you are out of luck, and do not try anything else until you could find the proper encryption password.
# As bruteforcing the encryption password without clue what it could have been is only just a waste of time.
# Why? Because if it would work then all financial systems in the earth could be cracked very easily.
So, if you’re lucky then I can give you the instructions how to transfer your fund.
As I do not want to waste my time for writing it down now, when there is no point of it.
Dear _ilap,
Thank you for your reply.
I installed the the OpenWall’s John the Ripper and built the environment, but there is something unclear about the sample when I run it.
$ sed ‘/encr/!d;s/^.encr.: "(.)",.*/$cardano$1$\1/’ “/full/path/to/your/$MY_SERCRET.KEY” | tee wallet.john
“$cardano$1$75bea…”
Which file path should I enter for the part corresponding to $MY_SERCRET.KEY above?
Daedalus’ sercret.key is a binary file, so you can’t pick up the characters with the “sed” command.
$ cat < wordlist.txt
Paswrod1youthinkisright
passw@rd2
anortherpasswordyouthinkgwouldwork
EOF
What should be written in the above list (wordlist.txt)? Would you like to list 3 points as a sample?
I apologize for taking up your precious time.
I would appreciate it if you could answer.
This one the 75bea... is your encrypted master secret key.
Or you just can create a simple file that contains this:
$cardano$1$75bea.....
The password or passwords you think was/were used to encrypt the master secret key. Usually, they referring to it as spending password so all your passwords you could remember you used for spending password in Daedalus in the past.
Dear _ilap,
Thank you for your reply.
I’ll try it later.
I didn’t set a remittance password when I created the wallet. Setting a password was optional.
If so, is the master key encrypted by an empty hash? ?
If i set a transfer password later in the Daedalus update,
I have password suggestions.
It means that the master secret key was encrypted along the updates when you set the spending password.
Also, hopefully it has not been encrypted multiple times (with the same or different spending passwords) along the updates, because in that case your chance is much lower for decrypting it and it needs different method to try.
I got this result when I used your tool.
{
"encrypted-root-private-key": "root_xsk1...",
"root-public-key": "root_xvk1f~~~~~~~~~~~~~~~~”,
"source": "_usKeys",
"is-empty-passphrase": true,
"has-valid-encryption": false,
"encryption-password": ""
},
I see that the remittance password is not set.
"is-empty-passphrase": true,
If secret.key doesn't have a transfer password, what should I write here?
↓↓
$ cat <
wordlist.txt Paswrod1youthinkisright
passw@rd2
anotherpasswordyouthinkgwouldwork
I told use this
End you do not use the exact syntax, there should be two files:
Pls read carefully what I wrote already in the past posts.
Dear _ilap,
I used john. I didn’t set a password, so I tried with “null” and didn’t get good results.
I didn’t set a remittance password when I created the wallet. Is the master key encrypted?
If i have not set a transfer password, an empty password hash is created. Is it possible to know that hash?
As a consequence, the hash of an “empty passphrase” is in reality the hash of an empty CBOR bytestring (i.e. 40 in base16).
Can the hash be used to decrypt the master key?
You did not understand what I was saying.
The master secret key is encrypted despite the fact that the password hash is based on an empty passwordHash.
The two things are very different, you need a non empty encryption (spending) password to decrypt, because if an empty password is/was used, the underlying master secret encryption function just simply copies the whole key and not encrypting it.
That means there was some non-empty password that encrypted it, as an empty password cannot encrypt/decrypt but simply copy it.
Because, that encryption tool the cardano-crypto has not changed since mid of 2017. So some non-empty password must have been used to encrypt it.
Dear _ilap,
I may have been asked for a password when the Daedalus wallet was updated. I tried every password I could think of, but john the ripper couldn’t come up with an answer. I will try the dictionary attack.
Thank you for your response. It became clear what I should do.
Dear _ilap
I tried John to see if it works.
I used john with the private key(256 characters) and password of my current wallet. but it didn’t work. I tried it with Sherry and the Byron wallet I was riding.
run % ./john --wordlist=wordlist.txt wallet.john
Using default input encoding: UTF-8
Loaded 1 password hash (cardano, Cardano Encrypted 128-byte Secret Key (a.k.a XPrv) [PBKDF2-SHA512/BLAKE2b/ChaCha20 128/128 SSE4.1 2x])
Press ‘q’ or Ctrl-C to abort, ‘h’ for help, almost any other key for status
0g 0:00:00:00 DONE (2022-09-15 19:20) 0g/s 122.2p/s 122.2c/s 122.2C/s
Session completed.
Please investigate the function.
If you ever find out your password. I assume you generate a password hash, please tell me how to generate it.
I am always grateful for your help.
[image]
The command works as it’s expected, which means that the passwords you provided are not those what encrypted the master secret key.
So, when the valid password is used then you will have similar output:
$ ./john --wordlist=wordlist.txt wallet.john
...
Loaded 1 password hash (cardano, Cardano Encrypted 128-byte Secret Key (a.k.a XPrv) [PBKDF2-SHA512/BLAKE2b/ChaCha20 256/256 AVX2 4x])
...
Secret1234 (?)
1g 0:00:00:00 DONE (2022-09-16 11:05) 20.00g/s 60.00p/s 60.00c/s 60.00C/s wordlist..Secret1234
...
It will say what was the password, in the case baove it was Secret1234.
No, you do not need any scrypt based password hash.
When you are able to decrypt your master key with john, then you just need to use the
thank you for your reply.
I also tried a private key that can be decrypted with “Seacret.key1234”. Is this the encrypted master key?
b76536a4b065812aab71a472bbdd60c593c145d969a3466568ae24dab0b608b3b1b535769da29ffda313abac1bfd8309a51aa47c76799cd4df175db12744d097055b42d4a95f19cb34b516a160a306c0eaef398e70ea91da450ccb2a7819e95b8c000436b43d5de6b0dd189cbfb0fc9ff954809abcb574d994cb5fafaf56b781
Did you mean decrypted or encrypted?
it was this below, which is in the original IOG’s secret.key file. But yours has the same chaincode and publickey.
b57361ebe335fa171a260fea7d3277579c212dc74fc2a408d6cbd8a6e7a847cab3c44c5fb190705ddd2698f2d5390798893349b4321e7474b1ce06c9d410b3d6055b42d4a95f19cb34b516a160a306c0eaef398e70ea91da450ccb2a7819e95b8c000436b43d5de6b0dd189cbfb0fc9ff954809abcb574d994cb5fafaf56b781
Update
This is the 64-byte (126-chars) decrypted part of the encrypted master secret key above:
403e4a55591c9f0665437a13dda3d6ca698cb28f3ff3cfdf79d62c7156900546d963ef6126d62f71f6073d159da9e419413c5627705513f2ac645efa3171be85