- Version:
ipfs-core: 0.12.2
libp2p: 0.33.0
libp2p-crypto: 0.19.7
- Platform:
macOS: 12.4
chrome browser: 104.0.5112.101
Severity: High
Description:
we have forked the js-ipfs repo and have added the functionality to pass an optional secp256k1 private key for creating custom IPNS keypairs. This allows us to create IPNS keypairs that are created from a child derived from a seed phrase giving more control to the seed phrase. The repos modified are ipfs-core, libp2p, libp2p-crypto. We are using a downgraded version since we faced issues using the latest versions then. We have tried using current latest version as well but faced this issue(4148).
the setup has a browser running ipfs-core and is connected to a go-ipfs(kubo) node so that propagation of IPNS publishing works properly. The IPNS name.publish works properly and returns the public key hash but the name does not resolves when resolved via the go-ipfs node and strangely if the same process is repeated twice we are able to resolve the IPNS name. Due to the modifications we can pass the same private key again on the second name.publish call.
expected result: the IPNS name should resolve on the first call itself.
libp2p-crypto/src/keys/secp256k1-class.js(modified)
async function generateKeyPair (bits, optPrivateKey) {
const privateKeyBytes = optPrivateKey || await crypto.generateKey()
return new Secp256k1PrivateKey(privateKeyBytes)
}
creating an IPNS keypair
const keypair = await this.browserIpfsCore.key.gen(name, {
type: 'secp256k1',
optPrivateKey: Buffer.from(privateKey, 'hex'),
});
IPNS publish using the keypair generated above
const resp = await this.browserIpfsCore.name.publish(ipfsCID, {
key: keypair.id,
resolve: false, // since it mostly fails
lifetime: '2400h',
});
resolving via the go-ipfs node running on an instance
for await (const name of this.ipfsHttpClient.name.resolve(ipnsPubKeyHash)) {
cid = name;
}
modified ipfs-core module w/ libp2p and libp2p-crypto changes: https://www.npmjs.com/package/@mdip/ipfs-core
ipfs-core: 0.12.2
libp2p: 0.33.0
libp2p-crypto: 0.19.7
macOS: 12.4
chrome browser: 104.0.5112.101
IPNS
Severity: High
Description:
we have forked the js-ipfs repo and have added the functionality to pass an optional secp256k1 private key for creating custom IPNS keypairs. This allows us to create IPNS keypairs that are created from a child derived from a seed phrase giving more control to the seed phrase. The repos modified are ipfs-core, libp2p, libp2p-crypto. We are using a downgraded version since we faced issues using the latest versions then. We have tried using current latest version as well but faced this issue(4148).
the setup has a browser running ipfs-core and is connected to a go-ipfs(kubo) node so that propagation of IPNS publishing works properly. The IPNS name.publish works properly and returns the public key hash but the name does not resolves when resolved via the go-ipfs node and strangely if the same process is repeated twice we are able to resolve the IPNS name. Due to the modifications we can pass the same private key again on the second name.publish call.
expected result: the IPNS name should resolve on the first call itself.
libp2p-crypto/src/keys/secp256k1-class.js(modified)
creating an IPNS keypair
IPNS publish using the keypair generated above
resolving via the go-ipfs node running on an instance
modified ipfs-core module w/ libp2p and libp2p-crypto changes: https://www.npmjs.com/package/@mdip/ipfs-core