This will prompt for keyring migration as necessary. Setting or updating a passphrase for keyring.yaml. Command Line Reference Setting/Updating/Removing Passphrases
#BLOCKCHAIN WALLET WIKI WINDOWS#
When you remove a passphrase, that passphrase will also be removed from the macOS Keychain or Windows Credential Manager (if saved there by the user). In this case, the keyring.yaml file will remain encrypted with a fixed key. Note, it is possible to migrate keys to the new key storage and not set a passphrase. When performing keyring migration from the command line, the user will have the option of deleting those old keys that were found and successfully migrated. In a future release, we will include a prompt in the GUI to purge keys found in the old locations so that key material isn’t left lingering once migrated.įrom the command line interface, keyring migration can be initiated by setting a passphrase for the new keyring, or by adding or deleting a key. If necessary, it’s possible to skip the migration step and continue using Chia as before, however, any attempts to add or delete a key will first require completion of the migration process. It’s strongly encouraged that users perform the migration step right away to move to the new keyring. The GUI migration process is nearly instantaneous and will not delete or modify those keys that were found. When launching the Chia GUI application, a migration prompt will automatically appear if existing keys are detected. On macOS and Windows, users will have the option to save their passphrase to the macOS Keychain or Windows Credential Manager respectively, allowing for Chia to run unattended (such as after a reboot due to a power failure). We recommend all users create a strong passphrase. IMPORTANT: We STRONGLY recommend that users create backups of their 24-word mnemonic before migrating their keys.Įxisting users with keys will want to migrate their keys from the previous location to the new keyring.yaml file, and optionally protect those keys with a passphrase. The encryption key is derived from the user’s passphrase using PBKDF2 with SHA-256 (RFC 2898 - ) Migration Keys in this new keyring file are encrypted using ChaCha20-Poly1305 (RFC 7539, Section 2.8 - ) which provides encryption and authentication (AEAD). Note that in this release, any new keys created or imported will be stored in the new keyring.yaml file and not in the previous location. ~/.chia_keys/keyring.yaml (macOS and Linux) %HOMEDRIVE%%HOMEPATH%/.chia_keys/keyring.yaml (Windows) Upon launch, Chia will automatically create an empty “keyring.yaml” file residing at: The new keyring file is a YAML document named “keyring.yaml”. Our primary goals with this passphrase feature have been to grant more control to our users, uniformly secure Chia keys, and to simplify the task of moving keys from one installation to another. This resulted in a system where keys were considered to be secure on systems, but that level of security was subjective to individual use cases and OS configuration, and not suitable for everyone’s needs. On macOS, the Keychain is used to securely store each key, sometimes requiring one or more system prompts to authorize access to the key material. On Linux, the cryptfile keyring Python module has been used with a fixed key. In addition, these platform dependent solutions for storing sensitive data did not provide a mechanism for the user to passphrase-protect Chia keys outside of whatever protection the OS already provided. MotivationĬhia’s supported platforms each provide different solutions for storing sensitive data, with varying levels of security and different user experiences per platform. If you forget your passphrase, you will be able to recover by importing your keys from their 24-word mnemonic. Be sure to backup the 24-word mnemonic for each of your keys. ImportantĬhia is unable to assist with the recovery of a forgotten passphrase. Any keys stored in the new keyring will be encrypted using a key derived from the specified passphrase. By implementing a common key storage format, moving Chia keys between installations is greatly simplified, eliminating the need to re-enter each key’s 24-word mnemonic. Along with passphrase protection, this feature also introduces a new keyring file for storing those keys. We are introducing a new feature that allows users to specify a passphrase to protect their Chia keys across all currently supported platforms. Passphrase Protected Chia Keys and Key Storage Migration Overview