CLI/keys: Make gaiad keys list on mac os not ask for the password for every key

[ValarDragon]

Summary

On mac os, gaiad keys list --keyring-backend os asks you for the login password for every key before it prints anything out. This is really bad UX

Problem Definition

Gaiacli keys are currently unsuitable for usage by users on mac os with several keys. They are liable to unsafely enable "always allow" on the permissions settings for the keyring, which then harms the security of the private key for signing.

Proposal

Change how keys are stored in the system keyring, so that the key name and address can be publicly viewed, with no keychain login password needing to be entered.

---

For Admin Use

• Not duplicate issue
• Appropriate labels applied
• Appropriate contributors tagged
• Contributor assigned/self-assigned

[clevinson]

Yes... this can be quite a pain. Thanks for filing.

[alexanderbez]

@alessio the Keyring-backed Keybase uses a passphrase per key. Really, we need to explore if we can instead store the entire keybase under a single passphrase.

[alessio]

@alessio the Keyring-backed Keybase uses a passphrase per key. Really, we need to explore if we can instead store the entire keybase under a single passphrase.

This is completely new to me. On macOS, keychain should create a separate namespace for the application that is unlocked once during the session and locked again when the session or a certain timeout expires.

@ValarDragon @alexanderbez @gsora do you guys please confirm this is what happens with the gaia`s latest release?

And if so, can you please attach here as much information as possible regarding the operating system version you're running.
Plus, can you also confirm that there is a gaia entry in your Keychain Access app

?

Thanks

[gsora]

I have gaia named entries in my Keychain, an application password is created for XYZ.address and XYZ.info.

[gsora]

This might be due to notarization issues, which has been locked down further by Apple in macOS 10.15.

I'm investigating this issue.

[ValarDragon]

I use Mojave (10.14.6)

I have many gaia entries in my keychain, some of the form $NAME.info and some of the form $ADDRESS.address, $NAME and $ADDRESS being the key's name and address in hex respectively

[ValarDragon]

@alessio the Keyring-backed Keybase uses a passphrase per key. Really, we need to explore if we can instead store the entire keybase under a single passphrase.

I think it'd suffice if we could just have all the "metadata" like key name / address under one key. I personally think having each private key under its own entry is actually fine. It helps limit whats get leaked into RAM for instance.

[zmanian]

Interesting. I was able to get rid of this by self-signing my gaiad. This required joining the MacOs developer program that cost $99 and required KYC with apple.

[amaury1093]

Is this really solved? I just tried simd keys list --keyring-backend os on master 7ac436d, and it prompted my the password for every key, even if I did "Always Allows".

Would love to have someone with macos try this to confirm, if yes, we should re-open the issue.

Note: if I re-run the command right after, no more password prompt, there might be some kind of session going on.

[amaury1093]

I'm re-opening this, because it's imo not solved on 179c819

(38s long video, because I have ~12 keys. Note that I sometimes click "Allow", sometimes "Always Allow", but it doesn't seem to change a thing).

multiple_prompts.mov

[alessio]

stored in "" in your keychain suggests that something in the keyring initialization went wrong