Release 1.7.2

Update import/export usage examples to 1.7.0

.github/workflows/release.yml

@@ -60,19 +60,22 @@ jobs:
       run: |
         xgo -v -x -ldflags="-X github.com/wealdtech/ethdo/cmd.ReleaseVersion=${RELEASE_VERSION} -s -w -extldflags -static" --targets="windows/amd64" github.com/wealdtech/ethdo
 
-    - name: Create windows zip file
+    - name: Create windows release files
       run: |
        mv ethdo-windows-4.0-amd64.exe ethdo.exe
+       sha256sum ethdo.exe >ethdo-${RELEASE_VERSION}-windows.sha256
        zip --junk-paths ethdo-${RELEASE_VERSION}-windows-exe.zip ethdo.exe
 
     - name: Create linux AMD64 tgz file
       run: |
        mv ethdo-linux-amd64 ethdo
+       sha256sum ethdo >ethdo-${RELEASE_VERSION}-linux-amd64.sha256
        tar zcf ethdo-${RELEASE_VERSION}-linux-amd64.tar.gz ethdo
 
     - name: Create linux ARM64 tgz file
       run: |
        mv ethdo-linux-arm64 ethdo
+       sha256sum ethdo >ethdo-${RELEASE_VERSION}-linux-arm64.sha256
        tar zcf ethdo-${RELEASE_VERSION}-linux-arm64.tar.gz ethdo
 
     - name: Create release
@@ -83,9 +86,20 @@ jobs:
       with:
         tag_name: ${{ github.ref }}
         release_name: Release ${{ env.RELEASE_VERSION }}
-        draft: false
+        draft: true
         prerelease: false
-       
+
+    - name: Upload windows checksum file
+      id: upload-release-asset-windows-checksum
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.create_release.outputs.upload_url }}
+        asset_path: ./ethdo-${{ env.RELEASE_VERSION }}-windows.sha256
+        asset_name: ethdo-${{ env.RELEASE_VERSION }}-windows.sha256
+        asset_content_type: text/plain
+
     - name: Upload windows zip file
       id: upload-release-asset-windows
       uses: actions/upload-release-asset@v1
@@ -96,7 +110,18 @@ jobs:
         asset_path: ./ethdo-${{ env.RELEASE_VERSION }}-windows-exe.zip
         asset_name: ethdo-${{ env.RELEASE_VERSION }}-windows-exe.zip
         asset_content_type: application/zip
-       
+
+    - name: Upload linux AMD64 checksum file
+      id: upload-release-asset-linux-amd64-checksum
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.create_release.outputs.upload_url }}
+        asset_path: ./ethdo-${{ env.RELEASE_VERSION }}-linux-amd64.sha256
+        asset_name: ethdo-${{ env.RELEASE_VERSION }}-linux-amd64.sha256
+        asset_content_type: text/plain
+
     - name: Upload linux AMD64 tgz file
       id: upload-release-asset-linux-amd64
       uses: actions/upload-release-asset@v1
@@ -107,7 +132,18 @@ jobs:
         asset_path: ./ethdo-${{ env.RELEASE_VERSION }}-linux-amd64.tar.gz
         asset_name: ethdo-${{ env.RELEASE_VERSION }}-linux-amd64.tar.gz
         asset_content_type: application/gzip
-       
+
+    - name: Upload linux ARM64 checksum file
+      id: upload-release-asset-linux-arm64-checksum
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.create_release.outputs.upload_url }}
+        asset_path: ./ethdo-${{ env.RELEASE_VERSION }}-linux-arm64.sha256
+        asset_name: ethdo-${{ env.RELEASE_VERSION }}-linux-arm64.sha256
+        asset_content_type: text/plain
+
     - name: Upload linux ARM64 tgz file
       id: upload-release-asset-linux-arm64
       uses: actions/upload-release-asset@v1

CHANGELOG.md

@@ -1,3 +1,8 @@
+1.7.2:
+  - new "account derive" command to derive keys directly from a mnemonic and derivation path
+  - add more output to "deposit verify" to explain operation
+1.7.1:
+  - fix "store not set" issue
 1.7.0:
   - "validator depositdata" now defaults to mainnet, does not silently fetch fork version from chain
   - update deposit data output to version 3, to allow for better deposit checking

cmd/account/derive/input.go

@@ -0,0 +1,58 @@
+// Copyright © 2020 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package accountderive
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+	"github.com/spf13/viper"
+)
+
+type dataIn struct {
+	quiet bool
+	// Derivation information.
+	mnemonic string
+	path     string
+	// Output options.
+	showPrivateKey            bool
+	showWithdrawalCredentials bool
+}
+
+func input(ctx context.Context) (*dataIn, error) {
+	data := &dataIn{}
+
+	// Quiet.
+	data.quiet = viper.GetBool("quiet")
+
+	// Mnemonic.
+	if viper.GetString("mnemonic") == "" {
+		return nil, errors.New("mnemonic is required")
+	}
+	data.mnemonic = viper.GetString("mnemonic")
+
+	// Path.
+	if viper.GetString("path") == "" {
+		return nil, errors.New("path is required")
+	}
+	data.path = viper.GetString("path")
+
+	// Show private key.
+	data.showPrivateKey = viper.GetBool("show-private-key")
+
+	// Show withdrawal credentials.
+	data.showWithdrawalCredentials = viper.GetBool("show-withdrawal-credentials")
+
+	return data, nil
+}

cmd/account/derive/input_internal_test.go

@@ -0,0 +1,78 @@
+// Copyright © 2020 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package accountderive
+
+import (
+	"context"
+	"testing"
+
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/require"
+	e2types "github.com/wealdtech/go-eth2-types/v2"
+)
+
+func TestInput(t *testing.T) {
+	require.NoError(t, e2types.InitBLS())
+
+	tests := []struct {
+		name string
+		vars map[string]interface{}
+		res  *dataIn
+		err  string
+	}{
+		{
+			name: "MnemonicMissing",
+			vars: map[string]interface{}{
+				"path": "m/12381/3600/0/0",
+			},
+			err: "mnemonic is required",
+		},
+		{
+			name: "PathMissing",
+			vars: map[string]interface{}{
+				"mnemonic": "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art",
+			},
+			err: "path is required",
+		},
+		{
+			name: "Good",
+			vars: map[string]interface{}{
+				"mnemonic": "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art",
+				"path":     "m/12381/3600/0/0",
+			},
+			res: &dataIn{
+				mnemonic: "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art",
+				path:     "m/12381/3600/0/0",
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			viper.Reset()
+			for k, v := range test.vars {
+				viper.Set(k, v)
+			}
+			res, err := input(context.Background())
+			if test.err != "" {
+				require.EqualError(t, err, test.err)
+			} else {
+				require.NoError(t, err)
+				// Cannot compare accounts directly, so need to check each element individually.
+				require.Equal(t, test.res.mnemonic, res.mnemonic)
+				require.Equal(t, test.res.path, res.path)
+			}
+		})
+	}
+}

cmd/account/derive/output.go

@@ -0,0 +1,53 @@
+// Copyright © 2020 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package accountderive
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/pkg/errors"
+	e2types "github.com/wealdtech/go-eth2-types/v2"
+	util "github.com/wealdtech/go-eth2-util"
+)
+
+type dataOut struct {
+	showPrivateKey            bool
+	showWithdrawalCredentials bool
+	key                       *e2types.BLSPrivateKey
+}
+
+func output(ctx context.Context, data *dataOut) (string, error) {
+	if data == nil {
+		return "", errors.New("no data")
+	}
+	if data.key == nil {
+		return "", errors.New("no key")
+	}
+
+	builder := strings.Builder{}
+
+	if data.showPrivateKey {
+		builder.WriteString(fmt.Sprintf("Private key: %#x\n", data.key.Marshal()))
+	}
+	builder.WriteString(fmt.Sprintf("Public key: %#x", data.key.PublicKey().Marshal()))
+	if data.showWithdrawalCredentials {
+		withdrawalCredentials := util.SHA256(data.key.PublicKey().Marshal())
+		withdrawalCredentials[0] = byte(0) // BLS_WITHDRAWAL_PREFIX
+		builder.WriteString(fmt.Sprintf("\nWithdrawal credentials: %#x", withdrawalCredentials))
+	}
+
+	return builder.String(), nil
+}

cmd/account/derive/output_internal_test.go

@@ -0,0 +1,98 @@
+// Copyright © 2020 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package accountderive
+
+import (
+	"context"
+	"encoding/hex"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	e2types "github.com/wealdtech/go-eth2-types/v2"
+)
+
+func blsPrivateKey(input string) *e2types.BLSPrivateKey {
+	data, err := hex.DecodeString(strings.TrimPrefix(input, "0x"))
+	key, err := e2types.BLSPrivateKeyFromBytes(data)
+	if err != nil {
+		panic(err)
+	}
+	return key
+}
+
+func TestOutput(t *testing.T) {
+	tests := []struct {
+		name    string
+		dataOut *dataOut
+		needs   []string
+		err     string
+	}{
+		{
+			name: "Nil",
+			err:  "no data",
+		},
+		{
+			name:    "KeyMissing",
+			dataOut: &dataOut{},
+			err:     "no key",
+		},
+		{
+			name: "Good",
+			dataOut: &dataOut{
+				key: blsPrivateKey("0x068dce0c90cb428ab37a74af0191eac49648035f1aaef077734b91e05985ec55"),
+			},
+			needs: []string{"Public key"},
+		},
+		{
+			name: "PrivatKey",
+			dataOut: &dataOut{
+				key:     blsPrivateKey("0x068dce0c90cb428ab37a74af0191eac49648035f1aaef077734b91e05985ec55"),
+				showPrivateKey: true,
+			},
+			needs: []string{"Public key", "Private key"},
+		},
+		{
+			name: "WithdrawalCredentials",
+			dataOut: &dataOut{
+				key:                       blsPrivateKey("0x068dce0c90cb428ab37a74af0191eac49648035f1aaef077734b91e05985ec55"),
+				showWithdrawalCredentials: true,
+			},
+			needs: []string{"Public key", "Withdrawal credentials"},
+		},
+		{
+			name: "All",
+			dataOut: &dataOut{
+				key:                       blsPrivateKey("0x068dce0c90cb428ab37a74af0191eac49648035f1aaef077734b91e05985ec55"),
+				showPrivateKey:                   true,
+				showWithdrawalCredentials: true,
+			},
+			needs: []string{"Public key", "Private key", "Withdrawal credentials"},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			res, err := output(context.Background(), test.dataOut)
+			if test.err != "" {
+				require.EqualError(t, err, test.err)
+			} else {
+				require.NoError(t, err)
+				for _, need := range test.needs {
+					require.Contains(t, res, need)
+				}
+			}
+		})
+	}
+}

cmd/account/derive/process.go

@@ -0,0 +1,72 @@
+// Copyright © 2020 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package accountderive
+
+import (
+	"context"
+	"regexp"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/tyler-smith/go-bip39"
+	util "github.com/wealdtech/go-eth2-util"
+	"golang.org/x/text/unicode/norm"
+)
+
+// pathRegex is the regular expression that matches an HD path.
+var pathRegex = regexp.MustCompile("^m/[0-9]+/[0-9]+(/[0-9+])+")
+
+func process(ctx context.Context, data *dataIn) (*dataOut, error) {
+	if data == nil {
+		return nil, errors.New("no data")
+	}
+
+	// If there are more than 24 words we treat the additional characters as the passphrase.
+	mnemonicParts := strings.Split(data.mnemonic, " ")
+	mnemonicPassphrase := ""
+	if len(mnemonicParts) > 24 {
+		data.mnemonic = strings.Join(mnemonicParts[:24], " ")
+		mnemonicPassphrase = strings.Join(mnemonicParts[24:], " ")
+	}
+	// Normalise the input.
+	data.mnemonic = string(norm.NFKD.Bytes([]byte(data.mnemonic)))
+	mnemonicPassphrase = string(norm.NFKD.Bytes([]byte(mnemonicPassphrase)))
+
+	if !bip39.IsMnemonicValid(data.mnemonic) {
+		return nil, errors.New("mnemonic is invalid")
+	}
+
+	// Create seed from mnemonic and passphrase.
+	seed := bip39.NewSeed(data.mnemonic, mnemonicPassphrase)
+
+	// Ensure the path is valid.
+	match := pathRegex.Match([]byte(data.path))
+	if !match {
+		return nil, errors.New("path does not match expected format m/…")
+	}
+
+	// Derive private key from seed and path.
+	key, err := util.PrivateKeyFromSeedAndPath(seed, data.path)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to generate key")
+	}
+
+	results := &dataOut{
+		showPrivateKey:                   data.showPrivateKey,
+		showWithdrawalCredentials: data.showWithdrawalCredentials,
+		key:                       key,
+	}
+
+	return results, nil
+}

cmd/account/derive/process_internal_test.go

@@ -0,0 +1,97 @@
+// Copyright © 2020 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package accountderive
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/wealdtech/ethdo/testutil"
+	e2types "github.com/wealdtech/go-eth2-types/v2"
+)
+
+func TestProcess(t *testing.T) {
+	require.NoError(t, e2types.InitBLS())
+
+	tests := []struct {
+		name    string
+		dataIn  *dataIn
+		privKey []byte
+		err     string
+	}{
+		{
+			name: "Nil",
+			err:  "no data",
+		},
+		{
+			name: "MnemonicMissing",
+			dataIn: &dataIn{
+				path: "m/12381/3600/0/0",
+			},
+			err: "mnemonic is invalid",
+		},
+		{
+			name: "MnemonicInvalid",
+			dataIn: &dataIn{
+				mnemonic: "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art",
+				path:     "m/12381/3600/0/0",
+			},
+			err: "mnemonic is invalid",
+		},
+		{
+			name: "PathMissing",
+			dataIn: &dataIn{
+				mnemonic: "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art",
+			},
+			err: "path does not match expected format m/…",
+		},
+		{
+			name: "PathInvalid",
+			dataIn: &dataIn{
+				mnemonic: "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art",
+				path:     "n/12381/3600/0/0",
+			},
+			err: "path does not match expected format m/…",
+		},
+		{
+			name: "Good",
+			dataIn: &dataIn{
+				mnemonic: "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art",
+				path:     "m/12381/3600/0/0",
+			},
+			privKey: testutil.HexToBytes("0x068dce0c90cb428ab37a74af0191eac49648035f1aaef077734b91e05985ec55"),
+		},
+		{
+			name: "Extended",
+			dataIn: &dataIn{
+				mnemonic: "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art extended",
+				path:     "m/12381/3600/0/0",
+			},
+			privKey: testutil.HexToBytes("0x58c8b280ae035de0452797b52fb62555f27f78541ea2f04b23e7bb0fcd0fc2d6"),
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			res, err := process(context.Background(), test.dataIn)
+			if test.err != "" {
+				require.EqualError(t, err, test.err)
+			} else {
+				require.NoError(t, err)
+				require.Equal(t, test.privKey, res.key.Marshal())
+			}
+		})
+	}
+}

cmd/account/derive/run.go

@@ -0,0 +1,49 @@
+// Copyright © 2020 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package accountderive
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+)
+
+// Run runs the account create data command.
+func Run(cmd *cobra.Command) (string, error) {
+	ctx := context.Background()
+	dataIn, err := input(ctx)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to obtain input")
+	}
+
+	// Further errors do not need a usage report.
+	cmd.SilenceUsage = true
+
+	dataOut, err := process(ctx, dataIn)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to process")
+	}
+
+	if dataIn.quiet {
+		return "", nil
+	}
+
+	results, err := output(ctx, dataOut)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to obtain output")
+	}
+
+	return results, nil
+}

cmd/accountderive.go

@@ -0,0 +1,69 @@
+// Copyright © 2019, 2020 Weald Technology Trading
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	accountderive "github.com/wealdtech/ethdo/cmd/account/derive"
+)
+
+var accountDeriveCmd = &cobra.Command{
+	Use:   "derive",
+	Short: "Derive an account",
+	Long: `Derive an account from a mnemonic and path.  For example:
+
+    ethdo account derive --mnemonic="..." --path="m/12381/3600/0/0"
+
+In quiet mode this will return 0 if the inputs can derive an account account, otherwise 1.`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		res, err := accountderive.Run(cmd)
+		if err != nil {
+			return err
+		}
+		if viper.GetBool("quiet") {
+			return nil
+		}
+		if res != "" {
+			fmt.Println(res)
+		}
+		return nil
+	},
+}
+
+func init() {
+	accountCmd.AddCommand(accountDeriveCmd)
+	accountFlags(accountDeriveCmd)
+	accountDeriveCmd.Flags().String("mnemonic", "", "mnemonic from which to derive the HD seed")
+	accountDeriveCmd.Flags().String("path", "", "path from which to derive the account")
+	accountDeriveCmd.Flags().Bool("show-private-key", false, "show private key for derived account")
+	accountDeriveCmd.Flags().Bool("show-withdrawal-credentials", false, "show withdrawal credentials for derived account")
+}
+
+func accountDeriveBindings() {
+	if err := viper.BindPFlag("mnemonic", accountDeriveCmd.Flags().Lookup("mnemonic")); err != nil {
+		panic(err)
+	}
+	if err := viper.BindPFlag("path", accountDeriveCmd.Flags().Lookup("path")); err != nil {
+		panic(err)
+	}
+	if err := viper.BindPFlag("show-private-key", accountDeriveCmd.Flags().Lookup("show-private-key")); err != nil {
+		panic(err)
+	}
+	if err := viper.BindPFlag("show-withdrawal-credentials", accountDeriveCmd.Flags().Lookup("show-withdrawal-credentials")); err != nil {
+		panic(err)
+	}
+}

cmd/depositverify.go

@@ -21,8 +21,8 @@ import (
 	"os"
 	"strings"
 
+	spec "github.com/attestantio/go-eth2-client/spec/phase0"
 	"github.com/pkg/errors"
-	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
 	"github.com/spf13/cobra"
 	"github.com/wealdtech/ethdo/util"
 	e2types "github.com/wealdtech/go-eth2-types/v2"
@@ -34,6 +34,7 @@ var depositVerifyData string
 var depositVerifyWithdrawalPubKey string
 var depositVerifyValidatorPubKey string
 var depositVerifyDepositAmount string
+var depositVerifyForkVersion string
 
 var depositVerifyCmd = &cobra.Command{
 	Use:   "verify",
@@ -98,17 +99,21 @@ In quiet mode this will return 0 if the the data is verified correctly, otherwis
 		}
 
 		failures := false
-		for i, deposit := range deposits {
+		for _, deposit := range deposits {
 			if deposit.Amount == 0 {
 				deposit.Amount = depositAmount
 			}
 			verified, err := verifyDeposit(deposit, withdrawalCredentials, validatorPubKeys, depositAmount)
-			errCheck(err, fmt.Sprintf("Error attempting to verify deposit %d", i))
+			errCheck(err, fmt.Sprintf("Error attempting to verify deposit %q", deposit.Name))
+			depositName := deposit.Name
+			if depositName == "" {
+				depositName = "Deposit"
+			}
 			if !verified {
 				failures = true
-				outputIf(!quiet, fmt.Sprintf("Deposit %q failed verification", deposit.Name))
+				outputIf(!quiet, fmt.Sprintf("%s failed verification", depositName))
 			} else {
-				outputIf(quiet, fmt.Sprintf("Deposit %q verified", deposit.Name))
+				outputIf(!quiet, fmt.Sprintf("%s verified", depositName))
 			}
 		}
 
@@ -175,44 +180,80 @@ func validatorPubKeysFromInput(input string) (map[[48]byte]bool, error) {
 }
 
 func verifyDeposit(deposit *util.DepositInfo, withdrawalCredentials []byte, validatorPubKeys map[[48]byte]bool, amount uint64) (bool, error) {
-	if withdrawalCredentials != nil {
+	if withdrawalCredentials == nil {
+		outputIf(!quiet, "Withdrawal public key not supplied; withdrawal credentials NOT checked")
+	} else {
 		if !bytes.Equal(deposit.WithdrawalCredentials, withdrawalCredentials) {
-			return false, errors.New("withdrawal credentials incorrect")
+			outputIf(!quiet, "Withdrawal public key incorrect")
+			return false, nil
 		}
-		outputIf(verbose, "Withdrawal credentials verified")
+		outputIf(!quiet, "Withdrawal credentials verified")
 	}
-	if amount != 0 {
+	if amount == 0 {
+		outputIf(!quiet, "Amount not supplied; NOT checked")
+	} else {
 		if deposit.Amount != amount {
-			return false, errors.New("deposit value incorrect")
+			outputIf(!quiet, "Amount incorrect")
+			return false, nil
 		}
-		outputIf(verbose, "Amount verified")
+		outputIf(!quiet, "Amount verified")
 	}
 
-	if len(validatorPubKeys) != 0 {
+	if len(validatorPubKeys) == 0 {
+		outputIf(!quiet, "Validator public key not suppled; NOT checked")
+	} else {
 		var key [48]byte
 		copy(key[:], deposit.PublicKey)
 		if _, exists := validatorPubKeys[key]; !exists {
-			return false, errors.New("validator public key incorrect")
+			outputIf(!quiet, "Validator public key incorrect")
+			return false, nil
 		}
-		outputIf(verbose, "Validator public key verified")
+		outputIf(!quiet, "Validator public key verified")
 	}
 
-	depositData := &ethpb.Deposit_Data{
-		PublicKey:             deposit.PublicKey,
+	var pubKey spec.BLSPubKey
+	copy(pubKey[:], deposit.PublicKey)
+	var signature spec.BLSSignature
+	copy(signature[:], deposit.Signature)
+
+	depositData := &spec.DepositData{
+		PublicKey:             pubKey,
 		WithdrawalCredentials: deposit.WithdrawalCredentials,
-		Amount:                deposit.Amount,
-		Signature:             deposit.Signature,
+		Amount:                spec.Gwei(deposit.Amount),
+		Signature:             signature,
 	}
 	depositDataRoot, err := depositData.HashTreeRoot()
 	if err != nil {
 		return false, errors.Wrap(err, "failed to generate deposit data root")
 	}
-	if !bytes.Equal(deposit.DepositDataRoot, depositDataRoot[:]) {
-		return false, errors.New("deposit data root incorrect")
-	}
-	outputIf(debug, "Deposit data root verified")
 
-	outputIf(verbose, "Deposit verified")
+	if bytes.Equal(deposit.DepositDataRoot, depositDataRoot[:]) {
+		outputIf(!quiet, "Deposit data root verified")
+	} else {
+		outputIf(!quiet, "Deposit data root incorrect")
+		return false, nil
+	}
+
+	if len(deposit.ForkVersion) == 0 {
+		if depositVerifyForkVersion != "" {
+			outputIf(!quiet, "Data format does not contain fork version for verification; NOT verified")
+		}
+	} else {
+		if depositVerifyForkVersion == "" {
+			outputIf(!quiet, "fork version not supplied; NOT checked")
+		} else {
+			forkVersion, err := hex.DecodeString(strings.TrimPrefix(depositVerifyForkVersion, "0x"))
+			if err != nil {
+				return false, errors.Wrap(err, "failed to decode fork version")
+			}
+			if bytes.Equal(deposit.ForkVersion, forkVersion[:]) {
+				outputIf(!quiet, "Fork version verified")
+			} else {
+				outputIf(!quiet, "Fork version incorrect")
+				return false, nil
+			}
+		}
+	}
 
 	return true, nil
 }
@@ -222,6 +263,7 @@ func init() {
 	depositFlags(depositVerifyCmd)
 	depositVerifyCmd.Flags().StringVar(&depositVerifyData, "data", "", "JSON data, or path to JSON data")
 	depositVerifyCmd.Flags().StringVar(&depositVerifyWithdrawalPubKey, "withdrawalpubkey", "", "Public key of the account to which the validator funds will be withdrawn")
-	depositVerifyCmd.Flags().StringVar(&depositVerifyDepositAmount, "depositvalue", "", "Value of the amount to be deposited")
+	depositVerifyCmd.Flags().StringVar(&depositVerifyDepositAmount, "depositvalue", "32 Ether", "Value of the amount to be deposited")
 	depositVerifyCmd.Flags().StringVar(&depositVerifyValidatorPubKey, "validatorpubkey", "", "Public key(s) of the account(s) that will be carrying out validation")
+	depositVerifyCmd.Flags().StringVar(&depositVerifyForkVersion, "forkversion", "0x00000000", "Fork version of the chain of the deposit")
 }

cmd/root.go

@@ -65,6 +65,8 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
 	switch fmt.Sprintf("%s/%s", cmd.Parent().Name(), cmd.Name()) {
 	case "account/create":
 		accountCreateBindings()
+	case "account/derive":
+		accountDeriveBindings()
 	case "account/import":
 		accountImportBindings()
 	case "attester/inclusion":

cmd/version.go

@@ -24,7 +24,7 @@ import (
 
 // ReleaseVersion is the release version of the codebase.
 // Usually overrideen by tag names when building binaries.
-var ReleaseVersion = "local build from v1.7.0"
+var ReleaseVersion = "local build (latest release 1.7.2)"
 
 // versionCmd represents the version command
 var versionCmd = &cobra.Command{

docs/conversions.md

@@ -6,7 +6,7 @@ Converting from mnemonics to keys can be confusing.  Below are commands that all
 
 A seed is a 24-word phrase that is used as the start point of a process called hierarchical derivation.  It can be used, in combination with a path, to generate any number of keys.
 
-### I want to be able to create keys from the mnemonic
+### I want to be able to create accounts from the mnemonic
 
 The first thing you need to do is to create a wallet.  To do this run the command below with the following changes:
 
@@ -18,9 +18,9 @@ The first thing you need to do is to create a wallet.  To do this run the comman
 $ ethdo wallet create --type=hd --mnemonic='abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art' --wallet=Wallet --wallet-passphrase=secret
 ```
 
-### I want a specific public key.
+### I want an account with a specific public key.
 
-To create a specific public key you need to have both the mnemonic and the derivation path.  A derivation path looks something like `m/12381/3600/0/0` and is used by `ethdo` to generate a specific private key (from which the public key is in turn derived).
+To create an account with a specific public key you need to have both the mnemonic and the derivation path.  A derivation path looks something like `m/12381/3600/0/0` and is used by `ethdo` to generate a specific private key (from which the public key is in turn derived).
 
 You should first create a wallet as per the previous step.  To then create an account run the command below with the following changes:
 
@@ -42,7 +42,7 @@ Path: m/12381/3600/0/0
 
 This process can be repated for any number of paths by changing the `path` and providing a different account name each time.
 
-### I want the private key.
+### I want an account's private key.
 
 To obtain the private key of an account follow the steps above, then run:
 
@@ -81,3 +81,11 @@ $ ethdo validator depositdata --withdrawalaccount=Wallet/Withdrawal_i_ --validat
 If you wish to be able to provide this information to the launchpad you can add `--launchpad` to the end of the command.
 
 If you wish to have this data for a particular test network you will need to supply the fork version with `--forkversion`.  Details on the fork versions of various testnets can be found in the subdirectories of the [testnet site](https://github.com/goerli/medalla).
+
+### I want keys without creating wallets and accounts
+
+It is possible to derive keys directly from a mnemonic and path without going through the interim steps.  Note that this will _not_ create accounts, and cannot be used to then sign data or requests.  This may or not be desirable, depending on your requirements.
+
+```
+$ ethdo account derive --mnemonic='abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art' --path=m/12381/3600/0/0
+```

docs/usage.md

@@ -54,14 +54,14 @@ $ ethdo wallet delete --wallet="Old wallet"
   - `passphrase`: the passphrase with which to encrypt the wallet backup
 
 ```sh
-$ ethdo wallet export --wallet="Personal wallet" --exportpassphrase="my export secret"
+$ ethdo wallet export --wallet="Personal wallet" --passphrase="my export secret"
 0x01c7a27ad40d45b4ae5be5f...
 ```
 
 The encrypted wallet export is written to the console; it can be redirected to store it in a file.
 
 ```sh
-$ ethdo wallet export --wallet="Personal wallet" --exportpassphrase="my export secret" >export.dat
+$ ethdo wallet export --wallet="Personal wallet" --passphrase="my export secret" >export.dat
 ```
 
 #### `import`
@@ -72,13 +72,13 @@ $ ethdo wallet export --wallet="Personal wallet" --exportpassphrase="my export s
   - `verify`: confirm information about the wallet import without importing it
 
 ```sh
-$ ethdo wallet import --importdata="0x01c7a27ad40d45b4ae5be5f..." --passphrase="my export secret"
+$ ethdo wallet import --data="0x01c7a27ad40d45b4ae5be5f..." --passphrase="my export secret"
 ```
 
 The encrypted wallet export can be read from a file.  For example with Unix systems:
 
 ```sh
-$ ethdo wallet import --importdata=`cat export.dat` --passphrase="my export secret"
+$ ethdo wallet import --data=`cat export.dat` --passphrase="my export secret"
 ```
 
 #### `info`
@@ -121,6 +121,21 @@ For distributed accounts you will also need to supply `--participants` and `--si
 ```sh
 $ ethdo account create --account="Personal wallet/Operations" --wallet-passphrase="my wallet secret" --passphrase="my account secret"
 ```
+
+#### `derive`
+
+`ethdo account derive` provides the ability to derive an account's keys without creating either the wallet or the account.  This allows users to quickly obtain or confirm keys without going through a relatively long process, and has the added security benefit of not writing any information to disk.  Options for deriving the account include:
+
+  - `mnemonic`: a pre-defined 24-word [BIP-39 seed phrase](https://en.bitcoin.it/wiki/Seed_phrase) to derive the account, along with an additional "seed extension" phrase if required supplied as the 25th word
+  - `path`: the HD path used to derive the account
+  - `show-private-key`: show the private of the derived account.  **Warning** displaying private keys, especially those derived from seeds held on hardware wallets, can expose your Ether to risk of being stolen.  Only use this option if you are sure you understand the risks involved
+  - `show-withdrawal-credentials`: show the withdrawal credentials of the derived account
+
+```sh
+$ ethdo account derive --mnemonic="abandon ... abandon art" --path="m/12381/3600/0/0"
+Public key: 0x99b1f1d84d76185466d86c34bde1101316afddae76217aa86cd066979b19858c2c9d9e56eebc1e067ac54277a61790db
+```
+
 #### `import`
 
 `ethdo account import` creates a new account by importing its private key.  Options for creating the account include: