wallet creation: take care not to write plaintext keys to disk

when creating imported privkey wallets the privkeys were written to disk unencrypted first, then overwritten with ciphertext
2025-08-23 17:47:31 +00:00 · 2018-12-03 13:02:14 +01:00 · 2018-12-03 13:02:14 +01:00 · 9350709f13
commit 9350709f13
parent ff454ab29d
3 changed files with 7 additions and 5 deletions
--- a/electrum/base_wizard.py
+++ b/electrum/base_wizard.py
@ -200,7 +200,7 @@ class BaseWizard(object):
            self.storage.put('keystore', k.dump())
            w = Imported_Wallet(self.storage)
            keys = keystore.get_private_keys(text)
-            good_inputs, bad_inputs = w.import_private_keys(keys, None)
+            good_inputs, bad_inputs = w.import_private_keys(keys, None, write_to_disk=False)
            self.keystores.append(w.keystore)
        else:
            return self.terminate()
@ -510,6 +510,7 @@ class BaseWizard(object):

    def on_password(self, password, *, encrypt_storage,
                    storage_enc_version=STO_EV_USER_PW, encrypt_keystore):
+        assert not self.storage.file_exists(), "file was created too soon! plaintext keys might have been written to disk"
        self.storage.set_keystore_encryption(bool(password) and encrypt_keystore)
        if encrypt_storage:
            self.storage.set_password(password, enc_version=storage_enc_version)
--- a/electrum/commands.py
+++ b/electrum/commands.py
@ -176,7 +176,7 @@ class Commands:
            storage.put('keystore', k.dump())
            wallet = Imported_Wallet(storage)
            keys = keystore.get_private_keys(text)
-            good_inputs, bad_inputs = wallet.import_private_keys(keys, None)
+            good_inputs, bad_inputs = wallet.import_private_keys(keys, None, write_to_disk=False)
            # FIXME tell user about bad_inputs
            if not good_inputs:
                raise Exception("None of the given privkeys can be imported")
@ -191,6 +191,7 @@ class Commands:
            storage.put('wallet_type', 'standard')
            wallet = Wallet(storage)

+        assert not storage.file_exists(), "file was created too soon! plaintext keys might have been written to disk"
        wallet.update_password(old_pw=None, new_pw=password, encrypt_storage=encrypt_file)
        wallet.synchronize()

--- a/electrum/wallet.py
+++ b/electrum/wallet.py
@ -1379,8 +1379,8 @@ class Imported_Wallet(Simple_Wallet):
    def get_public_key(self, address):
        return self.addresses[address].get('pubkey')

-    def import_private_keys(self, keys: List[str], password: Optional[str]) -> Tuple[List[str],
-                                                                                     List[Tuple[str, str]]]:
+    def import_private_keys(self, keys: List[str], password: Optional[str],
+                            write_to_disk=True) -> Tuple[List[str], List[Tuple[str, str]]]:
        good_addr = []  # type: List[str]
        bad_keys = []  # type: List[Tuple[str, str]]
        for key in keys:
@ -1398,7 +1398,7 @@ class Imported_Wallet(Simple_Wallet):
            self.add_address(addr)
        self.save_keystore()
        self.save_addresses()
-        self.save_transactions(write=True)
+        self.save_transactions(write=write_to_disk)
        return good_addr, bad_keys

    def import_private_key(self, key: str, password: Optional[str]) -> str: