Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non-Deterministic and Incorrect Key-Pair from Mnemonic when bip39 is pulled in as 3.1.0 #28

Open
fedellen opened this issue Oct 26, 2023 · 0 comments · May be fixed by #29
Open

Non-Deterministic and Incorrect Key-Pair from Mnemonic when bip39 is pulled in as 3.1.0 #28

fedellen opened this issue Oct 26, 2023 · 0 comments · May be fixed by #29

Comments

@fedellen
Copy link

It seems that when this library pulls in bip39 as 3.1.0 we are getting incorrect key pairs from seed phrase to key pair generation.

There is some strange behavior going on here. The seed produced by bip39 remains the same each time we run it. But later on in the generate part of human-crypto-keys we see the results start to differ.

// src/testme.js

import { getKeyPairFromMnemonic } from "./index.js";
import * as bip39 from "bip39";

const mnemonic =
    "slender during cost problem tortoise extra deal walnut great oblige planet kid";

(async () => {
    const seedBuffer = await bip39.mnemonicToSeed(mnemonic);
    const seedBuffer2 = await bip39.mnemonicToSeed(mnemonic);
    console.log(
        "seed buffer to hex string from bip 39 mnemonic to seed are the same?",
        seedBuffer.toString("hex") === seedBuffer2.toString("hex")
    );

    const { privateKey } = await getKeyPairFromMnemonic(
        mnemonic,
        {
            id: "rsa",
            modulusLength: 4096,
        },
        { privateKeyFormat: "pkcs8-pem" }
    );
    const { privateKey: privateKey2 } = await getKeyPairFromMnemonic(
        mnemonic,
        {
            id: "rsa",
            modulusLength: 4096,
        },
        { privateKeyFormat: "pkcs8-pem" }
    );
    console.log(
        "private keys are the same after get key-pair from mnemonic?",
        privateKey === privateKey2
    );
})();

Results on bip39 3.0.2:

> node lib/testme.js
seed buffer to hex string from bip 39 mnemonic to seed are the same? true
private keys are the same after get keypair from mnemonic? true

Results on bip39 3.1.0:

> node lib/testme.js
seed buffer to hex string from bip 39 mnemonic to seed are the same? true
private keys are the same after get keypair from mnemonic? false

In the version 3.1.0, the bip39 package changed their dependencies substantially and added @noble/hashes. This new dependency seems to alter several global cryptos. I still don't yet understand why this would effect the outcome given that the result from bip39 remains the same -- but locking the version of bip39 to 3.0.2 does fix the issue on our end...
@firstfan firstfan mentioned this issue Jun 13, 2024
Closed
firstfan added a commit to firstfan/js-human-crypto-keys that referenced this issue Jun 13, 2024
@firstfan
fix: correct usage of bip39 library
67ff2e3 
The previous implementation used the bip39 library incorrectly. Instead of the current approach, we should directly use the buffer returned by bip39.mnemonicToSeed.

Closes ipfs-shipyard#28
@firstfan firstfan linked a pull request Jun 13, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: correct usage of bip39 library firstfan/js-human-crypto-keys
1 participant
@fedellen