智子

# Venus wallet

  1. venus-wallet 是一个针对 Filecoin 提供的策略化远程 wallet,支持 JsonRPC2.0 调用,它能动态配置各种待签名数据类型是否被放行。
  2. 项目与 Lotus 以及 Venus 之间独立解耦,可以供 Filecoin 的各种不同实现调用。

# 快速启动

# 1. 下载代码

git clone https://github.com/filecoin-project/venus-wallet.git

# 2. 编译

  • go version ^1.15
# 设置bls编译环境变量
export CGO_CFLAGS_ALLOW="-D__BLST_PORTABLE__"
export CGO_CFLAGS="-D__BLST_PORTABLE__"

# 编译当前平台可执行文件
make

# 如果需要在mac上交叉编译Linux版本
# 需要安装gcc相关(也可以通过Github将文件下载到本地后,本地brew安装)
brew install FiloSottile/musl-cross/musl-cross
make linux

# 3. 启动服务进程

# 默认主网启动(--network=main)
# 地址f开头
$ ./venus-wallet run \
--gateway-api /ip4/10.10.66.141/tcp/45132 \
--gateway-token <SHARED_WRITE_SOPHON_AUTH_TOKEN> \
--support-accounts <SOPHON_AUTH_USERNAME>

# 测试网启动
# 地址t开头
$ ./venus-wallet --nettype=cali run \
--gateway-api /ip4/10.10.66.141/tcp/45132 \
--gateway-token <SHARED_WRITE_SOPHON_AUTH_TOKEN> \
--support-accounts <SOPHON_AUTH_USERNAME>

可以从 sophon-gateway 查看哪些钱包连接,来确认哪些 wallet 连接到了 sophon-gateway

./sophon-gateway wallet list

[
 	{
 		"Account": "venus-test",
 		"SupportAccounts": [
 			"venus-test"
 		],
 		"ConnectStates": [
 			{
 				"Addrs": [
 					"f3sqqttrfpchw6usau4e2lr7cb6jbkvbes2nxudf42kxxxxxxxxglnga",
 					"f3slzp2qdxtw44l6decoutkzyc5l4xxxxxxxxxxxxxxxxxxxxxxxxxxa"
 				],
 				"ChannelId": "0b210b25-d01b-4aa2-ac75-324c8b1815e9",
 				"Ip": "10.10.66.141:44486",
 				"RequestCount": 0,
 				"CreateTime": "2023-07-26T16:55:42.286652971+08:00"
 			}
 		]
 	}
 ]

# 4. 配置介绍

默认配置位置: ~/.venus_wallet/config.toml

[API]
  # 本地进程http监听地址
  ListenAddress = "/ip4/0.0.0.0/tcp/5678/http"

[DB]
  # 默认内嵌存储数据库数据文件
  Conn = "~/.venus_wallet/keystore.sqlit"
  Type = "sqlite"
  DebugMode = true

[JWT]
  # JWT token hex,未配置情况下会随机生成
  Token = "65794a68624763694f694a49557a49314e694973496e523563434936496b705856434a392e65794a42624778766479493657794a795a57466b4969776964334a70644755694c434a7a615764754969776959575274615734695858302e7133787a356f75634f6f543378774d5463743870574d42727668695f67697a4f7a365142674b2d6e4f7763"
  # JWT secret hex,未配置情况下会随机生成
  Secret = "7c40ce66a492e35ac828e8333a5703e38b23add87f29bd8fc7343989e08b3458"

[Factor]
  # keystore私钥对称加密变量; 一般情况下都无需修改
  ScryptN = 262144
  ScryptP = 1

# 签名过滤器
[SignFilter]
  Expr = ""

[APIRegisterHub]
  # gateway的URL,不配置则不连接gateway
  RegisterAPI = ["/ip4/127.0.0.1/tcp/45132"]
  # sphon-auth产生的token
  Token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdG1pbmVyIiwicGVybSI6ImFkbWluIiwiZXh0IjoiIn0.oakIfSg1Iiv1T2F1BtH1bsb_1GeXWuirdPSjvE5wQLs"
  SupportAccounts = ["testminer"]

[SignRecorder]
  # 签名记录器,用于记录签名数据
Enable = true
KeepDuration = "168h"

# Venus wallet 基础操作

# wallet 状态

# 1. 设置私钥对称加密 Key

# ./venus-wallet setpwd (aliase)
$ ./venus-wallet set-password
Password:******
Enter Password again:******

# res
Password set successfully

注意:此密码只暂存于内存中,用于对私钥的对称加密,一旦服务进程以任何形式退出,都无法还原此密码,所以对于此程序管理的私钥,需自行进行额外备份,也可以直接备份此密码。

  • 设定密码后,wallet 默认为 unlock 状态

# 2. 锁定 wallet

wallet 锁定后,签名,生成新地址,导入,导出私钥等功能都将禁用,会影响到远程调用链,所以请慎用。

$ ./venus-wallet lock
Password:******

# res
wallet lock successfully

# 3. 解锁 wallet

与锁定 wallet 相反,解锁后将放行 wallet 所有功能。

$ ./venus-wallet unlock
Password:******

# res
wallet unlock successfully

# 4. 查看 wallet 状态

$ ./venus-wallet lockstate

#res
wallet state: unlocked

# 私钥管理

# 1. 生成新随机私钥

venus-wallet new [command options] [bls|secp256k1 (default secp256k1)]

$ ./venus-wallet new

#res
t12mchblwgi243re5i2pg2harmnqvm6q3rwb2cnpy
  • 默认 secp256k1 类型,也可./venus-wallet new bls生成 bls 类型私钥

# 2. 导入私钥

venus-wallet import [command options] [<path> (optional, will read from stdin if omitted)]

$ ./venus-wallet import
Enter private key:7b2254797065223a22736563703235366b31222c22507269766174654b6579223a22626e765665386d53587171346173384633654c647a7438794a6d68764e434c377132795a6c6657784341303d227d

#res
imported key t12mchblwgi243re5i2pg2harmnqvm6q3rwb2cnpy successfully!

# 3. 导出私钥

venus-wallet export [command options] [address]

$ ./venus-wallet export t12mchblwgi243re5i2pg2harmnqvm6q3rwb2cnpy

# res
7b2254797065223a22736563703235366b31222c22507269766174654b6579223a22626e765665386d53587171346173384633654c647a7438794a6d68764e434c377132795a6c6657784341303d227d

# 4. 查看地址列表

$ ./venus-wallet list

t3uktqgxtagiyk5cxrjn5h4wq4v247saxtfukfi6zsvt4sek2q2ufkg27biasg7247zhdpm2kpotukwsapr7pa
t3rcgmzisnusxvwrwvi7l5hcuissvmluvkrzfuehjdfawba75qlv3mxl6rtnxitt33z5fuwds76rbcyafhxrua
t12mchblwgi243re5i2pg2harmnqvm6q3rwb2cnpy

显示全部私钥对应地址,这里有 spec 和 bls 两种地址存在

# 5. 删除指定私钥

venus-wallet del [command options] <address>

$ ./venus-wallet del t12mchblwgi243re5i2pg2harmnqvm6q3rwb2cnpy

#res
success

# JWT 权限管理

用于远程访问接口授权

# 1. 获取远程连接字符串

venus-wallet auth api-info [command options] [arguments...]

$ ./venus-wallet auth api-info --perm admin

#res
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIiwiYWRtaW4iXX0.q3xz5oucOoT3xwMTct8pWMBrvhi_gizOz6QBgK-nOwc:/ip4/0.0.0.0/tcp/5678/http
  • perm 有 read,write,sign,admin 由低到高 4 种权限,它们由配置文件中对应的JWT配置生成,不会发生动态改变。

# Config in venus

格式:token:muitiaddr

{
        "walletModule": {
                "defaultAddress": "f3ueri27yppflsxodo66r2u4jajw5d4lhrzlcv4ncx7efrrxyivnrsufi7wuvdjmpbepwb2npvj7wglla6gtcq",
                "passphraseConfig": {
                        "scryptN": 2097152,
                        "scryptP": 1
                },
                "remoteEnable": true,
                "remoteBackend": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIl19.gCLPHlI5r9lyxfbPoeU8nSGQI9CpUBaBGA54EzgZ9vE_e78f9e6c-9033-4144-8992-a1890ad76ead:/ip4/192.168.5.64/tcp/5678/http"
        }
}

# Config in lotus

格式: token:muitiaddr

[Wallet]
  RemoteBackend = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIl19.gCLPHlI5r9lyxfbPoeU8nSGQI9CpUBaBGA54EzgZ9vE_e78f9e6c-9033-4144-8992-a1890ad76ead:/ip4/192.168.5.64/tcp/5678/http"
  #EnableLedger = false
  #DisableLocal = false

venus-wallet 签名过滤器