Fix: Could not import private key in base32/base64

hoh · hoh · commit 7deb39fbaabe · 2025-03-06T11:26:24.000+01:00
The command `aleph account create` did not permit users to import their private key encoded in base32 or base64.

This adds the `--key-format` argument to the command to specify this.
diff --git a/README.md b/README.md
@@ -62,7 +62,7 @@ or
 
 ### Formatting code
 
-> hatch run linting:format
+> hatch run linting:fmt
 
 ### Checking types
 
diff --git a/src/aleph_client/commands/account.py b/src/aleph_client/commands/account.py
@@ -1,7 +1,9 @@
 from __future__ import annotations
 
 import asyncio
+import base64
 import logging
+from enum import Enum
 from pathlib import Path
 from typing import Annotated, Optional
 
@@ -31,6 +33,7 @@
 from typer.colors import GREEN, RED
 
 from aleph_client.commands import help_strings
+from aleph_client.commands.help_strings import INVALID_KEY_FORMAT
 from aleph_client.commands.utils import (
     input_multiline,
     setup_logging,
@@ -44,6 +47,25 @@
 console = Console()
 
 
+class KeyEncoding(str, Enum):
+    HEXADECIMAL = "hexadecimal"
+    BASE32 = "base32"
+    BASE64 = "base64"
+
+
+def decode_private_key(private_key: str, encoding: KeyEncoding) -> bytes:
+    """Decode a private key from a string via the specified encoding."""
+    if encoding == KeyEncoding.HEXADECIMAL:
+        return bytes_from_hex(private_key)
+    elif encoding == KeyEncoding.BASE32:
+        # Base32 keys are always uppercase
+        return base64.b32decode(private_key.upper())
+    elif encoding == KeyEncoding.BASE64:
+        return base64.b64decode(private_key)
+    else:
+        raise ValueError(INVALID_KEY_FORMAT.format(encoding))
+
+
 @app.command()
 async def create(
     private_key: Annotated[Optional[str], typer.Option(help=help_strings.PRIVATE_KEY)] = None,
@@ -52,6 +74,7 @@ async def create(
     replace: Annotated[bool, typer.Option(help=help_strings.CREATE_REPLACE)] = False,
     active: Annotated[bool, typer.Option(help=help_strings.CREATE_ACTIVE)] = True,
     debug: Annotated[bool, typer.Option()] = False,
+    key_format: Annotated[KeyEncoding, typer.Option(help="Encoding of the private key")] = KeyEncoding.HEXADECIMAL,
 ):
     """Create or import a private key."""
 
@@ -84,7 +107,7 @@ async def create(
         if chain == Chain.SOL:
             private_key_bytes = parse_solana_private_key(private_key)
         else:
-            private_key_bytes = bytes_from_hex(private_key)
+            private_key_bytes = decode_private_key(private_key, key_format)
     else:
         private_key_bytes = generate_key()
     if not private_key_bytes:
diff --git a/src/aleph_client/commands/help_strings.py b/src/aleph_client/commands/help_strings.py
@@ -71,3 +71,4 @@
 AGGREGATE_SECURITY_KEY_PROTECTED = (
     "The aggregate key `security` is protected. Use `aleph aggregate [allow|revoke]` to manage it."
 )
+INVALID_KEY_FORMAT = "Invalid key format: {}"
diff --git a/tests/unit/test_commands.py b/tests/unit/test_commands.py
@@ -67,6 +67,76 @@ def test_account_import_evm(env_files):
     assert new_key != old_key
 
 
+def test_account_import_evm_base32(env_files):
+    settings.CONFIG_FILE = env_files[1]
+    old_key = env_files[0].read_bytes()
+    result = runner.invoke(
+        app,
+        [
+            "account",
+            "create",
+            "--replace",
+            "--private-key-file",
+            str(env_files[0]),
+            "--chain",
+            "ETH",
+            "--private-key",
+            "JXINYIKE2QOUXCZRAFA2FG4AMYYPEOLS4OIGEZ2WK4WCQDWYSAMQ====",
+            "--key-format",
+            "base32",
+        ],
+    )
+    assert result.exit_code == 0, result.stdout
+    new_key = env_files[0].read_bytes()
+    assert new_key != old_key
+
+
+def test_account_import_evm_base64(env_files):
+    settings.CONFIG_FILE = env_files[1]
+    old_key = env_files[0].read_bytes()
+    result = runner.invoke(
+        app,
+        [
+            "account",
+            "create",
+            "--replace",
+            "--private-key-file",
+            str(env_files[0]),
+            "--chain",
+            "ETH",
+            "--private-key",
+            "TdDcIUTUHUuLMQFBopuAZjDyOXLjkGJnVlcsKA7YkBk=",
+            "--key-format",
+            "base64",
+        ],
+    )
+    assert result.exit_code == 0, result.stdout
+    new_key = env_files[0].read_bytes()
+    assert new_key != old_key
+
+
+def test_account_import_evm_format_invalid(env_files):
+    """Test that an invalid key format raises an error."""
+    settings.CONFIG_FILE = env_files[1]
+    result = runner.invoke(
+        app,
+        [
+            "account",
+            "create",
+            "--replace",
+            "--private-key-file",
+            str(env_files[0]),
+            "--chain",
+            "ETH",
+            "--private-key",
+            "TdDcIUTUHUuLMQFBopuAZjDyOXLjkGJnVlcsKA7YkBk=",
+            "--key-format",
+            "invalid",
+        ],
+    )
+    assert result.exit_code != 0, result.stdout
+
+
 def test_account_import_sol(env_files):
     settings.CONFIG_FILE = env_files[1]
     old_key = env_files[0].read_bytes()

Original file line number	Diff line number	Diff line change
`@@ -71,3 +71,4 @@`
`71`	`71`	`AGGREGATE_SECURITY_KEY_PROTECTED = (`
`72`	`72`	"The aggregate key `security` is protected. Use `aleph aggregate [allow\|revoke]` to manage it."
`73`	`73`	`)`
	`74`	`+INVALID_KEY_FORMAT = "Invalid key format: {}"`