feat(cli): add show encrypted key cli

Author: 0xHansLee

.secrets.baseline

@@ -179,7 +179,7 @@
         "filename": "client/cmd/flags.go",
         "hashed_secret": "6924110cde4fa051bfdc600a60620dc7aa9d3c6a",
         "is_verified": false,
-        "line_number": 511
+        "line_number": 516
       }
     ],
     "client/config/config.go": [
@@ -958,5 +958,5 @@
       }
     ]
   },
-  "generated_at": "2025-02-28T05:12:18Z"
+  "generated_at": "2025-02-28T08:18:38Z"
 }

client/cmd/flags.go

@@ -160,6 +160,11 @@ func bindKeyGenPrivKeyJSONFlags(cmd *cobra.Command, cfg *genPrivKeyJSONConfig) {
 	bindValidatorBaseFlags(cmd, &cfg.baseConfig)
 }
 
+func bindKeyShowEncryptedFlags(cmd *cobra.Command, cfg *showEncryptedConfig) {
+	bindValidatorBaseFlags(cmd, &cfg.baseConfig)
+	cmd.Flags().BoolVar(&cfg.ShowPrivate, "show-private", false, "Show private key")
+}
+
 func bindValidatorKeyFlags(cmd *cobra.Command, keyFilePath *string) {
 	defaultKeyFilePath := filepath.Join(config.DefaultHomeDir(), "config", "priv_validator_key.json")
 	cmd.Flags().StringVar(keyFilePath, "keyfile", defaultKeyFilePath, "Path to the Tendermint key file")
@@ -513,6 +518,14 @@ func validateEncryptFlags(cfg *baseConfig) error {
 	return nil
 }
 
+func validateShowEncryptedFlags(cfg *showEncryptedConfig) error {
+	if !cmtos.FileExists(cfg.EncPrivKeyFile()) {
+		return errors.New("no encrypted private key file")
+	}
+
+	return nil
+}
+
 func validateValidatorUnjailFlags(ctx context.Context, cmd *cobra.Command, cfg *unjailConfig) error {
 	if err := validateFlags(cmd, []string{}); err != nil {
 		return err

client/cmd/keys.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/hex"
+	"fmt"
 	"strings"
 
 	k1 "github.com/cometbft/cometbft/crypto/secp256k1"
@@ -35,6 +36,7 @@ func newKeyCmds() *cobra.Command {
 		newKeyConvertCmd(),
 		newKeyGenPrivKeyJSONCmd(),
 		newKeyEncryptCmd(),
+		newKeyShowEncryptedCmd(),
 	)
 
 	return cmd
@@ -104,6 +106,29 @@ func newKeyEncryptCmd() *cobra.Command {
 	return cmd
 }
 
+func newKeyShowEncryptedCmd() *cobra.Command {
+	var cfg showEncryptedConfig
+
+	cmd := &cobra.Command{
+		Use:   "show-encrypted",
+		Short: "Show the encrypted private key after decryption",
+		Args:  cobra.NoArgs,
+		PreRunE: func(_ *cobra.Command, _ []string) error {
+			return nil
+		},
+		RunE: runValidatorCommand(
+			func(_ *cobra.Command) error {
+				return validateShowEncryptedFlags(&cfg)
+			},
+			func(_ context.Context) error { return showEncryptedKey(cfg) },
+		),
+	}
+
+	bindKeyShowEncryptedFlags(cmd, &cfg)
+
+	return cmd
+}
+
 func convertKey(_ context.Context, cfg keyConfig) error {
 	var compressedPubKeyBytes []byte
 	var err error
@@ -191,3 +216,26 @@ func encryptPrivKey(cfg baseConfig) error {
 
 	return nil
 }
+
+func showEncryptedKey(cfg showEncryptedConfig) error {
+	encPrivKeyFile := cfg.EncPrivKeyFile()
+	pv, err := app.LoadEncryptedPrivKey(encPrivKeyFile)
+	if err != nil {
+		return errors.Wrap(err, "failed to load encrypted private key")
+	}
+
+	cmpPubKeyBytes, err := privKeyToCmpPubKey(pv.PrivKey.Bytes())
+	if err != nil {
+		return errors.Wrap(err, "failed to get compressed public key from private key")
+	}
+
+	if err := printKeyFormats(cmpPubKeyBytes); err != nil {
+		return errors.Wrap(err, "failed to print key formats")
+	}
+
+	if cfg.ShowPrivate {
+		fmt.Println("Private Key (hex):", hex.EncodeToString(pv.PrivKey.Bytes()))
+	}
+
+	return nil
+}

client/cmd/validator.go

@@ -157,6 +157,11 @@ type genPrivKeyJSONConfig struct {
 	ValidatorKeyFile string
 }
 
+type showEncryptedConfig struct {
+	baseConfig
+	ShowPrivate bool
+}
+
 func loadEnv() {
 	if err := godotenv.Load(); err != nil {
 		fmt.Println("Warning: No .env file found")