autosign: new wipe_key operation

2024-02-27 17:17:10 +00:00 · 2024-02-27 17:17:10 +00:00 · 59e112ae4d
commit 59e112ae4d
parent df7e8f0bca
3 changed files with 15 additions and 1 deletions
--- a/mmgen/autosign.py
+++ b/mmgen/autosign.py
@ -319,7 +319,7 @@ class Autosign:
 		if cfg.xmrwallets and not 'XMR' in self.coins:
 			self.coins.append('XMR')

-		if not self.coins and cmd not in ('gen_key',):
+		if not self.coins and cmd not in ('gen_key','wipe_key'):
 			ymsg('Warning: no coins specified, defaulting to BTC')
 			self.coins = ['BTC']

--- a/mmgen/main_autosign.py
+++ b/mmgen/main_autosign.py
@ -65,6 +65,10 @@ xmr_setup - set up temporary Monero signing wallets.  This operation needn’t
            be performed by the user directly in most cases, as Monero setup
            is done by the ‘setup’ command when --xmrwallets is specified
 wait      - start in loop mode: wait-mount-sign-unmount-wait
+wipe_key  - wipe the wallet encryption key on the removable device, making
+            signing transactions or stealing the user’s seed impossible.
+            The operation is intended as a ‘kill switch’ and thus performed
+            without prompting


                               USAGE NOTES
@ -203,6 +207,10 @@ if cmd:
 		asi.do_mount()
 		asi.clean_old_files()
 		asi.do_umount()
+	elif cmd == 'wipe_key':
+		asi.do_mount()
+		asi.wipe_encryption_key()
+		asi.do_umount()
 	else:
 		die(1,f'{cmd!r}: unrecognized command')
 else:
--- a/test/cmdtest_py_d/ct_autosign.py
+++ b/test/cmdtest_py_d/ct_autosign.py
@ -419,6 +419,7 @@ class CmdTestAutosign(CmdTestAutosignBase):
 		('sign_no_unsigned',         'signing transactions and messages (nothing to sign)'),
 		('sign_no_unsigned_xmr',     'signing transactions and messages (nothing to sign, with XMR)'),
 		('sign_no_unsigned_xmronly', 'signing transactions and messages (nothing to sign, XMR-only)'),
+		('wipe_key',                 'wiping the wallet encryption key'),
 		('stop_daemons',             'stopping daemons'),
 	)

@ -687,6 +688,11 @@ class CmdTestAutosign(CmdTestAutosignBase):
 				assert not f'No unsigned {desc}s' in res, f'‘No unsigned {desc}s’ should be absent in output'
 		return t

+	def wipe_key(self):
+		t = self.spawn('mmgen-autosign', ['--quiet', '--no-insert-check', 'wipe_key'])
+		t.expect('Shredding')
+		return t
+
 class CmdTestAutosignBTC(CmdTestAutosign):
 	'autosigning BTC transactions'
 	coins        = ['btc']