From 59e112ae4d28ddb7fe053a56be2e06a8966b55dc Mon Sep 17 00:00:00 2001
From: The MMGen Project <mmgen@tuta.io>
Date: Tue, 27 Feb 2024 17:17:10 +0000
Subject: [PATCH] autosign: new `wipe_key` operation

---
 mmgen/autosign.py                | 2 +-
 mmgen/main_autosign.py           | 8 ++++++++
 test/cmdtest_py_d/ct_autosign.py | 6 ++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/mmgen/autosign.py b/mmgen/autosign.py
index 5614d470..daf0da01 100755
--- a/mmgen/autosign.py
+++ b/mmgen/autosign.py
@@ -319,7 +319,7 @@ class Autosign:
 		if cfg.xmrwallets and not 'XMR' in self.coins:
 			self.coins.append('XMR')
 
-		if not self.coins and cmd not in ('gen_key',):
+		if not self.coins and cmd not in ('gen_key','wipe_key'):
 			ymsg('Warning: no coins specified, defaulting to BTC')
 			self.coins = ['BTC']
 
diff --git a/mmgen/main_autosign.py b/mmgen/main_autosign.py
index a423851b..7f335833 100755
--- a/mmgen/main_autosign.py
+++ b/mmgen/main_autosign.py
@@ -65,6 +65,10 @@ xmr_setup - set up temporary Monero signing wallets.  This operation needn’t
             be performed by the user directly in most cases, as Monero setup
             is done by the ‘setup’ command when --xmrwallets is specified
 wait      - start in loop mode: wait-mount-sign-unmount-wait
+wipe_key  - wipe the wallet encryption key on the removable device, making
+            signing transactions or stealing the user’s seed impossible.
+            The operation is intended as a ‘kill switch’ and thus performed
+            without prompting
 
 
                                USAGE NOTES
@@ -203,6 +207,10 @@ if cmd:
 		asi.do_mount()
 		asi.clean_old_files()
 		asi.do_umount()
+	elif cmd == 'wipe_key':
+		asi.do_mount()
+		asi.wipe_encryption_key()
+		asi.do_umount()
 	else:
 		die(1,f'{cmd!r}: unrecognized command')
 else:
diff --git a/test/cmdtest_py_d/ct_autosign.py b/test/cmdtest_py_d/ct_autosign.py
index 25644885..c4f21551 100755
--- a/test/cmdtest_py_d/ct_autosign.py
+++ b/test/cmdtest_py_d/ct_autosign.py
@@ -419,6 +419,7 @@ class CmdTestAutosign(CmdTestAutosignBase):
 		('sign_no_unsigned',         'signing transactions and messages (nothing to sign)'),
 		('sign_no_unsigned_xmr',     'signing transactions and messages (nothing to sign, with XMR)'),
 		('sign_no_unsigned_xmronly', 'signing transactions and messages (nothing to sign, XMR-only)'),
+		('wipe_key',                 'wiping the wallet encryption key'),
 		('stop_daemons',             'stopping daemons'),
 	)
 
@@ -687,6 +688,11 @@ class CmdTestAutosign(CmdTestAutosignBase):
 				assert not f'No unsigned {desc}s' in res, f'‘No unsigned {desc}s’ should be absent in output'
 		return t
 
+	def wipe_key(self):
+		t = self.spawn('mmgen-autosign', ['--quiet', '--no-insert-check', 'wipe_key'])
+		t.expect('Shredding')
+		return t
+
 class CmdTestAutosignBTC(CmdTestAutosign):
 	'autosigning BTC transactions'
 	coins        = ['btc']