I am interested in how Monero encrypts the wallets. I found some resources and followed the source code of Monero:
I know the encryption scheme is:
key = cryptonight.cn_slow_hash('MyPhrase', 0, 0, 0) // kfd_round = 1
iv = random(8) // 8 Bytes of IV
cipher = ChaCha20(msg, key, IV)
write_bytes('wallet.keys', IV || cipher)
So I tried to decrypt the wallet like this (in Python with pycryptonight and pycryptodome):
>>> import pycryptonight as pycy
>>> from Crypto.Cipher import ChaCha20
>>> with open('wallet.keys', 'rb') as f:
... file = f.read()
...
>>> key = pycy.cn_slow_hash(b'MyWalletPwd')
>>> IV = file[:8]
>>> encrypted = file[8:]
>>> cipher = ChaCha20.new(key=key, nonce=IV)
>>> msg = cipher.decrypt(encrypted)
>>> msg[:20]
b"'\x1fS\xe5\xb0\xb4\xbfZ\x00O\x91\xae^\xd9\x82i*\xa7%6"
This issue said the result should be like {"key_data":"..., so what I got seems incorrect. I checked cryptonight results with examples from Monero test dir and they all matched.
I am using the Monero client (win-x64-v0.18.2.2) downloaded on Aug. 30, 2023, so it should be ChaCha20 not ChaCha8. I also tried ChaCha20-Poly1305, and still couldn't get the correct result.
Could anyone tell me what went wrong? Thanks a lot.
