[bisq-network/bisq] Add rpc wallet protection endpoints (#4214)

[chimp1984]

@ghubstan 
Regarding wallet encryption (not sure if already resolved, have not read the full thread...):

If wallet is encrypted you need the aesKey (or generate it from the password) for certain wallet methods. Bisq does not decrypt/encrypt but requests from the user the password to get the aesKey. Encrypting and decrypting is only done when setting or removing the wallet password. 
The wallet write operation has a certain risk for disk failure and when setting the  password we delete all the rolling backups (as seed would be visible in unencrypted files), so that could be a critical problem if the write operation fails and causes a corrupted wallet (I read on BitcoinJ mailinglist that this happened sometimes). So the encryption/decryption operations should be done only when absolutely needed IMO.

Side note:
If the wallet is encrypted Bisq keeps the aesKey in memory to be able to sign a tx in case a taker takes an offer (which happenes non-interactive). This might be a bit of a security risk and it would be better if we do that only when absolutely needed (e.g. in case a maker has open offers).

I am not sure about your use cases for the API but passing the wallet password if required for the wallet operation seems to me the right way to deal with it. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/4214#issuecomment-630497511
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20200518/13282c9e/attachment.html>