@anthonymq: How do you check for your “CLI” principal? IIRC you have to pass --no-wallet so that the call goes to the canister directly and not via your “wallet” canister.
dfx identity --network ic get-principal
yep that’s what I did
Alright so I was about to post details and everything but cannot therefore I just gonna say that I face the exact same issue.
When I compare a caller
principal in a query called from a NodeJS script, in which I used my private key, with the self fromActor
principal, I get an error respectively both principals are not the same.
const initIdentity = () => {
const buffer = readFileSync('/Users/daviddalbusco/.config/dfx/identity/default/identity.pem');
const key = buffer.toString('utf-8');
const privateKey = crypto.createHash('sha256').update(key).digest('base64');
return Secp256k1KeyIdentity.fromSecretKey(Buffer.from(privateKey, 'base64'));
};
dfx identity --network ic get-principal
leads to w2bwq-cyvg6...
in nodejs
const identity = initIdentity();
console.log(identity.getPrincipal().toText());
I get another value → cd5mb-c6i5a....
Are you sure your pem
file is corresponding to a Secp256k1 key? and not Ed25519?
I would say probably or yes because if I use the Ed25519KeyIdentity
provider of agent-js instead of the Secp256k1KeyIdentity
with the exact same code I get Error: bad secret key size
Yep same error for me.
Same here too
20chars
I’ve added reproductible identities across dfx and agent-js as an issue for SDK to resolve. It ought to work, and either a defect or lack of documentation is barring that functionality
Do you have a link to the issue?
We’ve shifted to Jira for our board to work with other teams at the foundation more easily, but I could also create an issue in agent-js to track it publicly
Not that I know, I did not try again neither.
Yeah, that’s on me. I haven’t had the time to figure out what’s going on there
I’m also running into this issue as well
We’ve been investigating on and off for a while and haven’t been able to find a simple way to reproduce identities from dfx
in agent-js
. I think it’s going to require re-implementing the full logic of the Rust library that dfx
uses as a new npm
package.
It’s something we want to do, but it’s below a few other more critical features we want to get through first
It might be happening on tweetnacl
, better using try catch and loop the keypair function
Update - @ericswanson helped me unblock this:
seed.txt
early cinnamon crucial teach mobile just toast real rebel around card priority spike aerobic result account marble hero action intact inside elbow wrestle oval
$ keysmith principal
yields
bh66w-ffyze-maien-ejjje-wzhqi-crrjo-rcgs7-twjrh-kf2km-hbtia-eae
seed.js
const Identity = require("@dfinity/identity");
const hdkey = require("hdkey");
const fs = require("fs");
const { Secp256k1KeyIdentity } = Identity;
const bip39 = require("bip39");
const phrase = fs.readFileSync("seed.txt").toString().trim();
export const identityFromSeed = async (phrase) => {
const seed = await bip39.mnemonicToSeed(phrase);
const root = hdkey.fromMasterSeed(seed);
const addrnode = root.derive("m/44'/223'/0'/0/0");
return Secp256k1KeyIdentity.fromSecretKey(addrnode.privateKey);
};
identityFromSeed(phrase).then((identity) => {
console.log(identity.getPrincipal().toString());
});
$ node seed.js
yields
bh66w-ffyze-maien-ejjje-wzhqi-crrjo-rcgs7-twjrh-kf2km-hbtia-eae
We still have to hunt down the implementation used by rust-openssl/pkey.rs at master · sfackler/rust-openssl · GitHub, but this should open up the possibility to use a single identity across JS and dfx
, from a shared seed phrase!
Of course, this comes with some security caveats -
- Do not ever commit a seed phrase to your souce code.
- THIS PATTERN SHOULD NEVER BE USED IN A FRONTEND APPLICATION
- Use a different identity for each project to mitigate risk
- Dfinity does not officially endorse doing this