highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-08-29 23:21:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

multi: Add --tor.encryptkey flag functionality to encrypt the Tor private key on disk

Browse Source 
It's possible that a user might not want the Tor private key to sit on the disk in plaintext (it is a private key after all). So this commit adds a new flag to encrypt the Tor private key on disk using the wallet's seed. When the --tor.encryptkey flag is used, LND will still write the Tor key to the same file, however it will now be encrypted intead of plaintext. This essentially uses the same method to encrypt the Tor private key as is used to encrypt the Static Channel Backup file.
This commit is contained in:
Orbital
2022-05-10 20:11:19 -05:00
parent e0fc5bb234
commit 073c990c75
7 changed files with 33 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
watchtower/config.go
View File

@@ -98,6 +98,12 @@ type Config struct {
// for a watchtower hidden service should be stored.
WatchtowerKeyPath string
// EncryptKey will encrypt the Tor private key on disk.
EncryptKey bool
// KeyRing is the KeyRing to use when encrypting the Tor private key.
KeyRing keychain.KeyRing
// Type specifies the hidden service type (V2 or V3) that the watchtower
// will create.
Type tor.OnionType

13
watchtower/standalone.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/btcsuite/btcd/btcec/v2"
"github.com/lightningnetwork/lnd/brontide"
"github.com/lightningnetwork/lnd/lnencrypt"
"github.com/lightningnetwork/lnd/tor"
"github.com/lightningnetwork/lnd/watchtower/lookout"
"github.com/lightningnetwork/lnd/watchtower/wtserver"
@@ -163,14 +164,22 @@ func (w *Standalone) createNewHiddenService() error {
listenPorts = append(listenPorts, port)
}
encrypter, err := lnencrypt.KeyRingEncrypter(w.cfg.KeyRing)
if err != nil {
return err
}
// Once we've created the port mapping, we can automatically create the
// hidden service. The service's private key will be saved on disk in order
// to persistently have access to this hidden service across restarts.
onionCfg := tor.AddOnionConfig{
VirtualPort: DefaultPeerPort,
TargetPorts: listenPorts,
Store: tor.NewOnionFile(w.cfg.WatchtowerKeyPath, 0600),
Type: w.cfg.Type,
Store: tor.NewOnionFile(
w.cfg.WatchtowerKeyPath, 0600, w.cfg.EncryptKey,
encrypter,
),
Type: w.cfg.Type,
}
addr, err := w.cfg.TorController.AddOnion(onionCfg)