I try: curl -0 -X POST -u grin:`cat ~/.grin/main/.api_secret` --data '{"jsonrpc":"2.0","method":"retrieve_summary_info","params":[true, 10],"id":1}' http://127.0.0.1:3415/v2/owner
and get no response. If I try port 3420 it says connection refused. halp?
(some specs: ubuntu 18, grin 4.0.2, grin-wallet 4.0.0)
Output after starting grin-wallet listen (removed addresses):
20200827 02:28:30.015 WARN grin_wallet_controller::controller - Starting TOR Hidden Service for API listener at address <tor-address>, binding to 0.0.0.0:3415
20200827 02:28:32.225 WARN grin_wallet_controller::controller - Starting HTTP Foreign listener API server at 0.0.0.0:3415.
20200827 02:28:32.226 WARN grin_wallet_controller::controller - HTTP Foreign listener started.
20200827 02:28:32.226 WARN grin_wallet_controller::controller - Slatepack Address is: <slatepack_addr>
Here is my config: /home/me/.grin/main/grin-wallet.toml
#########################################
### WALLET CONFIGURATION ###
#########################################
[wallet]
chain_type = "Mainnet"
#host IP for wallet listener, change to "0.0.0.0" to receive grins
api_listen_interface = "0.0.0.0"
#path of TLS certificate file, self-signed certificates are not supported
#tls_certificate_file = "/home/me/fullchain.pem"
#private key for the TLS certificate
#tls_certificate_key = "/home/me/privkey.pem"
#port for wallet listener
api_listen_port = 3415
#port for wallet owner api
owner_api_listen_port = 3420
#path of the secret token used by the API to authenticate the calls
#comment it to disable basic auth
api_secret_path = "/home/me/.grin/main/.owner_api_secret"
#location of the node api secret for basic auth on the Grin API
node_api_secret_path = "/home/me/.grin/main/.api_secret"
#where the wallet should find a running node
check_node_api_http_addr = "http://127.0.0.1:3413"
#include the foreign API endpoints on the same port as the owner
#API. Useful for networking environments like AWS ECS that make
#it difficult to access multiple ports on a single service.
owner_api_include_foreign = false
#where to find wallet files (seed, data, etc)
data_file_dir = "/home/me/.grin/main/wallet_data"
#If true, don't store calculated commits in the database
#better privacy, but at a performance cost of having to
#re-calculate commits every time they're used
no_commit_cache = false
#Whether to use the black background color scheme for command line
dark_background_color_scheme = true
#The exploding lifetime for keybase notification on coins received.
#Unit: Minute. Default value 1440 minutes for one day.
#Refer to https://keybase.io/blog/keybase-exploding-messages for detail.
#To disable this notification, set it as 0.
keybase_notify_ttl = 1440
#########################################
### TOR CONFIGURATION (Experimental) ###
#########################################
[tor]
skip_send_attempt = false
#Whether to start tor listener on listener startup (default true)
use_tor_listener = true
# TOR (SOCKS) proxy server address
socks_proxy_addr = "0.0.0.0:59050"
#Directory to output TOR configuration to when sending
send_config_dir = "/home/me/.grin/main"
#########################################
### LOGGING CONFIGURATION ###
#########################################
[logging]
#whether to log to stdout
log_to_stdout = true
#log level for stdout: Error, Warning, Info, Debug, Trace
stdout_log_level = "Info"
#whether to log to a file
log_to_file = true
#log level for file: Error, Warning, Info, Debug, Trace
file_log_level = "Info"
#log file path
log_file_path = "/home/me/.grin/main/grin-wallet.log"
#whether to append to the log file (true), or replace it on every run (false)
log_file_append = true
#maximum log file size in bytes before performing log rotation
#comment it to disable log rotation
log_max_size = 16777216
log_max_files = 32
Still no response. I’m using the same config as shown in op. I run the owner_api via grin-wallet owner_api
getting:
20200827 06:53:12.893 WARN grin_wallet_controller::controller - Starting HTTP Owner API server at 127.0.0.1:3420.
20200827 06:53:12.893 WARN grin_wallet_controller::controller - HTTP Owner listener started.
I keep that in a screen, and then run: curl -0 -X POST -u grin:`echo ~/.grin/main/.api_secret` --data '{jsonrpc":"2.0","method":"retrieve_summary_info","params":[true, 10],"id":1}' http://127.0.0.1:3420/v2/owner
Thanks, still no response. I am trying on 2 different machines, both ubuntu 18 and same grin/grin-wallet version. I’m getting no response to the unauthenticated calls.
So interestingly when I try api v3, I get a response. Says I must enable encryption via “init_secure_api”. I don’t see this anywhere in the docs, the docs show only v2 methods.
Well I’m still unsure what’s going on, does this mean I compiled a wrong version of grin-wallet… or v3 is also somewhat supported?
Okay, I read the documentation you linked and trying to figure this out. I’m not sure how to 1) make the shared key, and 2) encrypt the api call with that key,
What data exactly is encrypted that goes in the body_enc field in the request:
The first request to init_secure_api method is unencrypted with an ECDH public key as parameter.
Then, the wallet-api sends back some data, I think its the result of some EC math with a different key generated by the wallet api, you take that data and the private key of the key you provided previously to generate the shared secret.
Then, you encrypt all further requests with this shared secret key and place the encrypted data of the request in the body_enc field. The wallet api can securely decrypt these requests based on the shared key.
It is a bit too complex to be done on the command line if you are not familiar with the crypto concepts.
Thanks for the link and explanation. There should be an option to do unencrypted API calls if your only running locally (as would be most cases?) but I’ll look through it and see. I’m almost tempted to just cheat and interface using stdout lol…
I’m almost tempted to just cheat and interface using stdout lol
lol yeah, I think this is what the grin-wallet command line wallet is for.
This is not secure, even on local host, since some malware on your host could easily intercept your keys and steal your money. I believe the only exception to this is if your client is directly linked to the wallet-api binary in the same process as the command line wallet is.
Alright, so I’ve been working on this. Now I have gotten what I need to attempt a init_secure_api call, however I’m not sure what to send for “ecdh public key”. I have a ECDH public key struct in golang, and it looks like: {curveType, X, Y, big.int}
and I’m not sure how to format that into ecdh_pubkey which is a parameter for the init_secure_api call…
