0

我使用 bitcoinlib 创建了一个钱包。钱包被命名为“my-awesome-wallet55”。当我尝试使用新生成的助记词打开我现有的钱包时,我期望的行为是异常或安全错误,但是钱包无论如何都会打开。我可以手动检查私钥以创建自己的安全检查,但不应该尝试使用错误的密钥打开现有钱包失败吗?否则似乎是一个很大的安全问题。

    from bitcoinlib.wallets import Wallet, wallet_create_or_open
    from bitcoinlib.keys import HDKey
    from bitcoinlib.mnemonic import Mnemonic

    # Creating a new Mnemonic phrase to try and open an existing wallet with
    passphrase=Mnemonic().generate(strength=256, add_checksum=True)

    # Use new phrase to create key
    key = HDKey.from_passphrase(passphrase, witness_type='segwit', network='testnet')

    # In my opinion this should fail because I provided the wrong key, but it returns the wallet
    w = Wallet('my-awesome-wallet55', main_key_object=key)

    # Statement showing that our private keys are different
    print("key.private_hex: " + key.private_hex + "\nw.main_key.key_private.hex(): " + 
    w.main_key.key_private.hex()) 

    if key.private_hex == w.main_key.key_private.hex():
        # We don't make it here because our private keys don't match
        print("Wallet 'my-awesome-wallet55' authenticated")
        w.utxos_update()
        print("Balance: " + str(w.balance()))
        print("Wallet address: " + w.get_key().address)
        w.info()
    else:
        # Instead we make it here and still have access to the wallet
        print("Wallet Authentication failed")
        w.utxos_update()
        print("Balance: " + str(w.balance()))
        print("Wallet address: " + w.get_key().address)
        w.info()

有没有使用 bitcoinlib 验证钱包的标准方法?根据我在这里的情况,似乎有人只需要知道钱包的名称就可以完全访问它。

更新:

在收到 Frank 的问题后,我更新了代码以尝试发送交易:

from bitcoinlib.wallets import Wallet, wallet_create_or_open
from bitcoinlib.keys import HDKey
from bitcoinlib.mnemonic import Mnemonic

passphrase=Mnemonic().generate(strength=256, add_checksum=True)
#passphrase='lumber romance negative child immense grab icon wasp silver essay enjoy jewel mom demise fit moral device hand capable toilet spirit age enforce deny'
print(passphrase)

key = HDKey.from_passphrase(passphrase, witness_type='segwit', network='testnet')
#wallet_create_or_open('my-awesome-wallet55', keys=passphrase, witness_type='segwit', network='testnet')
w = Wallet('my-awesome-wallet55', main_key_object=key)

print("key.private_hex: " + key.private_hex + "\nw.main_key.key_private.hex(): " + w.main_key.key_private.hex()) 

if key.private_hex == w.main_key.key_private.hex():
    print("Wallet 'my-awesome-wallet55' authenticated")
    w.utxos_update()
    print("Balance: " + str(w.balance()))
    t = w.send_to('tb1qprqnf4dqwuphxs9xqpzkjdgled6eeptn389nec', 4000, fee=1000)
    t.info()
else:
    print("Wallet Authentication failed")
    w.utxos_update()
    print("Balance: " + str(w.balance()))
    t = w.send_to('tb1qprqnf4dqwuphxs9xqpzkjdgled6eeptn389nec', 4000, fee=1000)
    t.info()

结果如下:

Sonnys-MBP:TelegramBTCWallet sonnyparlin $ python test.py 
unfold royal atom rule electric ice quote spin fiber quality lady just garment nature secret six garden comic carpet mom endless lamp family arctic
key.private_hex: 23ac38dc5293ee53918c8dfe18abc28975c8fa6963c876302aa4473ddca2f14a
w.main_key.key_private.hex(): 8c11283bf21e9344930ab9519742d6f59cd220528e0be17886d27a21c9c127c7
Wallet Authentication failed
Balance: 95000.0
Transaction 5e729021da81a5e6fc3b3d88b5bf136d09c78b0ac9a08be2cf1c90107e7ae27c
Date: None
Network: testnet
Version: 1
Witness type: segwit
Status: unconfirmed
Verified: True
Inputs
- tb1q7dx79l3maq2cqynpjzxqxsk3v6jhhaggzl07c3 0.00095000 tBTC badb9dbe2b4741310137de774e058aaf6cbba28e2f36c11640b241284f780f86 1
  segwit sig_pubkey; sigs: 1 (1-of-1) valid
Outputs
- tb1qprqnf4dqwuphxs9xqpzkjdgled6eeptn389nec 0.00004000 tBTC p2wpkh U
- tb1q9wg0vnqx63ng39s80gwqqffe2z7c5vvh0f4h3g 0.00090000 tBTC p2wpkh U
Size: 139
Vsize: 139
Fee: 1000
Confirmations: 0
Block: None
Pushed to network: True
Wallet: my-awesome-wallet55
4

1 回答 1

0

我将此作为 bug 发布给了 bitcoinlib 开发人员,他们确认了这一点,您可以在此处关注它:

https://github.com/1200wd/bitcoinlib/issues/206#issuecomment-991265402

于 2021-12-11T19:10:33.337 回答