Skip to content

fix: Refuse to use private keys that are group or world readable#4879

Draft
johnsaigle wants to merge 3 commits into
wormhole-foundation:mainfrom
johnsaigle:fix-readable-keys
Draft

fix: Refuse to use private keys that are group or world readable#4879
johnsaigle wants to merge 3 commits into
wormhole-foundation:mainfrom
johnsaigle:fix-readable-keys

Conversation

@johnsaigle

@johnsaigle johnsaigle commented Jun 19, 2026

Copy link
Copy Markdown
Contributor
  • Added common.ValidatePrivateKeyFilePermissions.
  • LoadArmoredKey now rejects regular private-key files with any group/other permissions: mode.Perm() & 0077 != 0.
  • NewFileSigner now reuses common.LoadArmoredKey, removing duplicated key decoding.
  • LoadWormchainPrivKey now validates permissions before reading.
  • Added tests for unsafe 0644 key files in:
    • node/pkg/common/armoredKey_test.go
    • node/pkg/guardiansigner/guardiansigner_test.go
    • node/pkg/wormconn/wormchain_key_test.go
  • Updated query tests to copy the checked-in dev key into a temp 0600 file before loading.

- Added common.ValidatePrivateKeyFilePermissions.
- LoadArmoredKey now rejects regular private-key files with any group/other permissions: mode.Perm() & 0077 != 0.
- NewFileSigner now reuses common.LoadArmoredKey, removing duplicated key decoding.
- LoadWormchainPrivKey now validates permissions before reading.
- Added tests for unsafe 0644 key files in:
- node/pkg/common/armoredKey_test.go
- node/pkg/guardiansigner/guardiansigner_test.go
- node/pkg/wormconn/wormchain_key_test.go
- Updated query tests to copy the checked-in dev key into a temp 0600 file before loading.
- Add unit test to maintain code coverage that would've dropped due to
  refactoring
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant