Make wallet encryption optional again

Author: pjkundert

.github/workflows/main.yml

@@ -32,7 +32,7 @@ jobs:
       run: |
         python3 -m pip install -r requirements.txt
         python3 -m pip install -r requirements-serial.txt
-        python3 -m pip install -r requirements-test.txt
+        python3 -m pip install -r requirements-tests.txt
     - name: Lint with flake8
       run: |
         make analyze || true

requirements-wallet.py

@@ -0,0 +1,2 @@
+eth-account		>=0.6.0, <1
+scrypt			>=0.8.17

requirements.txt

@@ -4,5 +4,4 @@ fpdf2			>=2.5,	<3
 hdwallet		>=2.1,	<3
 mnemonic		>=0.19,	<1
 qrcode			>=7.3
-scrypt			>=0.8.17
 shamir-mnemonic		>=0.2,	<1

setup.py

@@ -32,8 +32,9 @@
     option: open( os.path.join( HERE, f"requirements-{option}.txt" )).readlines()
     for option in [
         'gui',		# slip39[gui]:    Support PySimpleGUI/tkinter Graphical UI App
-        'serial',	# slip39[serial]: Support serial I/O of generated wallet data
         'dev',		# slip39[dev]:    All modules to support development
+        'serial',	# slip39[serial]: Support serial I/O of generated wallet data
+        'wallet',	# slip39[wallet]: Paper Wallet and BIP-38/Ethereum wallet encryption
     ]
 }
 

slip39/api.py

@@ -15,7 +15,10 @@
 from shamir_mnemonic	import generate_mnemonics
 
 import hdwallet
-import scrypt
+try:
+    import scrypt
+except ImportError:
+    scrypt			= None
 try:
     import eth_account
 except ImportError:
@@ -78,7 +81,7 @@ class Account( hdwallet.HDWallet ):
     CRYPTOCURRENCIES		= set( CRYPTO_NAMES.values() )
 
     ETHJS_ENCRYPT		= set( ('ETH',) )			# Can be encrypted w/ Ethereum JSON wallet
-    BIP38_ENCRYPT		= CRYPTOCURRENCIES - ETHJS_ENCRYPT	# Can be encrypted w/ BIP-38
+    BIP38_ENCRYPT		= CRYPTOCURRENCIES - ETHJS_ENCRYPT      # Can be encrypted w/ BIP-38
 
     CRYPTO_FORMAT		= dict(
         ETH		= "legacy",
@@ -225,7 +228,7 @@ def encrypted( self, passphrase ):
         encrypted JSON wallet standard, Bitcoin et.al. use BIP-38 encrypted private keys."""
         if self.crypto in self.ETHJS_ENCRYPT:
             if not eth_account:
-                raise NotImplementedError( "The eth-account package is required to support Ethereum JSON wallet encryption" )
+                raise NotImplementedError( "The eth-account module is required to support Ethereum JSON wallet encryption; pip install slip39[wallet]" )
             wallet_dict		= eth_account.Account.encrypt( self.key, passphrase )
             return json.dumps( wallet_dict, separators=(',',':') )
         return self.bip38( passphrase )
@@ -234,14 +237,16 @@ def from_encrypted( self, encrypted_privkey, passphrase, strict=True ):
         """Import the appropriately decrypted private key for this cryptocurrency."""
         if self.crypto in self.ETHJS_ENCRYPT:
             if not eth_account:
-                raise NotImplementedError( "The eth-account package is required to support Ethereum JSON wallet decryption" )
+                raise NotImplementedError( "The eth-account module is required to support Ethereum JSON wallet decryption; pip install slip39[wallet]" )
             private_hex		= bytes( eth_account.Account.decrypt( encrypted_privkey, passphrase )).hex()
             self.from_private_key( private_hex )
             return self
         return self.from_bip38( encrypted_privkey, passphrase=passphrase, strict=strict )
 
     def bip38( self, passphrase, flagbyte=b'\xe0' ):
         """BIP-38 encrypt the private key"""
+        if not scrypt:
+            raise NotImplementedError( "The scrypt module is required to support BIP-38 encryption; pip install slip39[wallet]" )
         if self.crypto not in self.BIP38_ENCRYPT:
             raise NotImplementedError( f"{self.crypto} does not support BIP-38 private key encryption" )
         private_hex		= self.key
@@ -262,6 +267,8 @@ def bip38( self, passphrase, flagbyte=b'\xe0' ):
 
     def from_bip38( self, encrypted_privkey, passphrase, strict=True ):
         """Bip-38 decrypt and import the private key."""
+        if not scrypt:
+            raise NotImplementedError( "The scrypt module is required to support BIP-38 decryption; pip install slip39[wallet]" )
         if self.crypto not in self.BIP38_ENCRYPT:
             raise NotImplementedError( f"{self.crypto} does not support BIP-38 private key decryption" )
         # Decode the encrypted private key from base58, discarding the 4-byte base58 check suffix
@@ -290,7 +297,7 @@ def from_bip38( self, encrypted_privkey, passphrase, strict=True ):
         addr			= self.legacy_address().encode( 'UTF-8' )  # Eg. b"184xW5g..."
         ahash_confirm		= hashlib.sha256( hashlib.sha256( addr ).digest() ).digest()[0:4]
         if ahash_confirm != ahash:
-            warning		= f"BIP-38 address hash verification failed ({ahash_confirm.hex()} != {ahash.hex()}); password may be incorrect." 
+            warning		= f"BIP-38 address hash verification failed ({ahash_confirm.hex()} != {ahash.hex()}); password may be incorrect."
             if strict:
                 raise AssertionError( warning )
             else:

slip39/api_test.py

@@ -1,5 +1,15 @@
 # -*- mode: python ; coding: utf-8 -*-
 import json
+import pytest
+
+try:
+    import eth_account
+except ImportError:
+    eth_account			= None
+try:
+    import scrypt
+except ImportError:
+    scrypt			= None
 
 import shamir_mnemonic
 
@@ -48,6 +58,8 @@ def test_account():
     assert acct.path == "m/44'/3'/0'/0/0"
 
 
+@pytest.mark.skipif( not scrypt or not eth_account,
+                     reason="pip install slip39[wallet] to support private key encryption" )
 def test_account_encrypt():
     """Ensure BIP-38 and Ethereum JSON wallet encryption and recovery works."""
 
@@ -66,15 +78,14 @@ def test_account_encrypt():
     assert acct.path == "m/84'/0'/0'/0/0"  # The default; assumed...
     assert acct_reco.legacy_address() == "134t1ktyF6e4fNrJR8L6nXtaTENJx9oGcF"
 
-
     acct			= account( SEED_XMAS, crypto='Ethereum' )
     assert acct.address == '0x336cBeAB83aCCdb2541e43D514B62DC6C53675f4'
     assert acct.crypto == 'ETH'
     assert acct.path == "m/44'/60'/0'/0/0"
 
     json_encrypted		= acct.encrypted( 'password' )
     assert json.loads( json_encrypted ).get( 'address' ) == '336cbeab83accdb2541e43d514b62dc6c53675f4'
-        
+
     acct_reco			= Account( crypto='ETH' ).from_encrypted( json_encrypted, 'password' )
     assert acct_reco.address == '0x336cBeAB83aCCdb2541e43D514B62DC6C53675f4'
     assert acct.crypto == 'ETH'
@@ -97,7 +108,7 @@ def test_account_encrypt():
     ).key.upper() == '09C2686880095B1A4C249EE3AC4EEA8A014F11E6F986D0B5025AC1F39AFBD9AE'
 
     # This weird UTF-8 test I cannot get to pass, regardless of what format I supply the passphrase in..
-    
+
     # acct_reco			= Account( crypto='BTC' ).from_encrypted(
     #     '6PRW5o9FLp4gJDDVqJQKJFTpMvdsSGJxMYHtHaQBF3ooa8mwD69bapcDQn',
     #      bytes.fromhex('cf9300f0909080f09f92a9'), # '\u03D2\u0301\u0000\U00010400\U0001F4A9'

slip39/layout.py

@@ -354,8 +354,8 @@ def layout_wallet(
     # We'll use the right side of the private region, each line rotated 90 degrees down and right.
     # So, we need the upper-left corner of the private-bg anchored at the upper-right corner of
     # private.
-    private_length		= private.y2 - private.y1	# line length is y-height
-    private_fontsize		= 6.8   # points == 1/72 inch
+    private_length		= private.y2 - private.y1       # line length is y-height
+    private_fontsize		= 6.8				# points == 1/72 inch
     private_height		= private.x2 - private_qr.x2 - .05
     private_lineheight		= private_fontsize / 72 / Text.SIZE_RATIO * .9  # in.
 
@@ -370,12 +370,12 @@ def layout_wallet(
         )
     )
     # Now, add private key lines down the edge from right to left, rotating each into place
-    for l in range( int( private_height // private_lineheight )):
+    for ln in range( int( private_height // private_lineheight )):
         private.add_region(
             Text(
-                f"private-{l}",
+                f"private-{ln}",
                 font	= 'mono',
-                x1	= private.x2 - private_lineheight * l,
+                x1	= private.x2 - private_lineheight * ln,
                 y1	= private.y1,
                 x2	= private.x2 + private_length,
                 y2	= private.y1 + private_lineheight,
@@ -686,7 +686,6 @@ def write_pdfs(
                     wall_tpl['address-qr']	= public_qr.make_image( back_color="transparent" ).get_image()
                     wall_tpl['address-qr-b']	= 'DEPOSIT/VERIFY'
 
-
                     private_qr	= qrcode.QRCode(
                         version		= None,
                         error_correction = qrcode.constants.ERROR_CORRECT_M,
@@ -696,15 +695,16 @@ def write_pdfs(
                     private_qr.add_data( private_enc )
 
                     wall_tpl['private-bg']	= os.path.join( images, '1x1-ffffff7f.png' )
+
                     def chunker( sequence, size ):
                         while sequence:
                             yield sequence[:size]
                             sequence		= sequence[size:]
 
                     # If not enough lines, will throw Exception, as it should!  We don't want
                     # to emit a Paper Wallet without the entire encrypted private key present.
-                    for l,line in enumerate( chunker( private_enc, 40 )):
-                        wall_tpl[f"private-{l}"]= line
+                    for ln,line in enumerate( chunker( private_enc, 40 )):
+                        wall_tpl[f"private-{ln}"] = line
                     wall_tpl['private-hint-t']	= 'PASSPHRASE HINT:'
                     wall_tpl['private-hint-bg']	= os.path.join( images, '1x1-ffffff7f.png' )
                     wall_tpl['private-hint']	= wallet_pwd_hint