// create offline wallet... (full message at libera.ems.host/_matrix/media/r0/do…339c9d7461b4be44d120e09a81d61e9a433)

I run this snippet of code twice, each time prints out a different primaryAddress. This doc -moneroecosystem.org/monero-javascript/global.html#createWalletKeys- says `primary address of the wallet to create (only provide if restoring from keys)`. Why can't I restore a wallet from just the private spend key?

I believe the address is comprised of both the "spend" and "view" keys. Further, IIRC, I believe you need both of those keys to actually spend the funds.

will.yijinin: I'll see if i can validate what I said

will.yijinin: The address of a user is the pair of public keys [spend and view]. Her private keys will be the correspond-

ing pair [of private keys]. <- from an old copy of "zero to monero"

> <@jetsteel:matrix.org> will.yijinin: The address of a user is the pair of public keys [spend and view]. Her private keys will be the correspond-

> ing pair [of private keys]. <- from an old copy of "zero to monero"

Thank you. I started to understand it. What I am wondering is why I cannot infer the public keys from the set of private keys? Why in this case is the public keys needed to restore the wallet?

will.yijinin: I've been gone for a few years (so my knowledge may be dated). But I rewrote code for generating monero addresses back then. Give me a few to find and review my notes and I'll be able to answer.

will.yijinin: So, if I am reading my old notes correctly, the main address is just the base58 encoding of the prefix, public spend key, public view key, and checksum.

will.yijinin: the public spend and view keys are just the private keys × G

will.yijinin: and the private view key is a hash of the private spend key. So, you should be able to generate the main address from the private spend key alone. (And subaddresses as well).

That's what I thought, just the private spend key to restore the wallet. But from experiment and from doc, it seems the primary address is required.

jetsteel:

will.yijinin: Help me understand better. You say a primary address is required. But a primary address can be created from the private spend key. So, logically, it is possible to do what you need with just a spend key.

jetsteel:... (full message at libera.ems.host/_matrix/media/r0/do…b9d2cea10ad13f0fdf2c8f7dace96a379f9)

This snippet of code generates a different primary address each run/

will.yijinin: I think I may be answering the wrong question. Can you restate your question? Are you asking if it is possible, or asking what existing code does this already? Or asking how to get thr software to do this?

will.yijinin: I just sae your last post. Let me take another look.

will.yijinin: well, that is curious to me. I believe you are right that you can derive everything from the private sprnd key. At least, that was my experience a couple years back. I do not have experience with this js code base. So, I am not sure what you are seeing or why. We'll both have to wait for someone more knowledgeable.

will.yijinin: could you provide example input and output? (Obviously do **not** use real private keys...just a dummy one) Perhaps, that might offer a clue. ....

Like, use a dummy private key "11111...." or something. When you run it twice, what do you get back each time?

Are you able to step through the code with a debugger and see where the code starts to diverge from your expectations?

First I create a wallet:... (full message at libera.ems.host/_matrix/media/r0/do…f5af161878485fcbed2eb6f8ace6724c825)

jetsteel:

will.yijinin: I'll look some more later, but likely someone else will need to answer

To sign a transaction offiline, I follow the code from the doc: `github.com/monero-ecosystem/monero-…eveloper_guide/view_only_offline.md`.... (full message at libera.ems.host/_matrix/media/r0/do…c35185801c13c9d0a0d275a107de38be5f3)

* To sign a transaction offiline, I follow the code from the doc: `github.com/monero-ecosystem/monero-…eveloper_guide/view_only_offline.md`.... (full message at libera.ems.host/_matrix/media/r0/do…fed5c531865872979036220e3590a48919f)

matrix folks when you edit messages it looks like a hot mess on the IRC side

> Will there be a (beta) release of that project soon?

dEBRUYNE: not realistically. it needs a full design and then to be built

will.yijinin: when creating the wallet, it needs to be passed `privateSpendKey: <private spend key>`:... (full message at libera.ems.host/_matrix/media/r0/do…290090ff9ca09612d41e585935856f01b07)

looks like you're only passing it `privateSpendKey,`

I’m looking for help to design the web wallet tool if anyone knows interested designers

woodser:... (full message at libera.ems.host/_matrix/media/r0/do…92fe3ab553324e5507bf65b995a842319d4)

<woodser[m]> "looks like you're only passing..." <- For clarity, what should his code snippet look like in the example will.yijinin last gave?

woodser: ^

woodser: The snippet you gave uses the mnemonic. mathematically, a private spend key has all the information needed to recreate the wallet, correct? Can monerojs do that?

currently the wallet needs to be recreated with either the mnemonic or the private spend key, private view key, and primary address

woodser: Thanks. That is unexpected, though, considering the private view key and primary address can be derived from the private spend key. Do you know if there is a specific rationale for that? Or is it more "it was coded that way" and nobody has changed it?

there are non-deterministic keys too, where the private view key is unrelated to the spend key

hyc: I can see how that would necessitate optionally specifying the private view key. But I don't (yet) see the rationale for requiring the primary address when both keys have been provided. Also, IMO, such a function should operate using just the private spend key by implicitly or explicity deterministically generating the rest of the info. Would you agree? Or am I off?

Sanity checks maybe ?

I'd be fine with an empty (or zeroed) input being interpreted as "fill this in if you can, error out if you can't".

yeah I always wondered why we needed to provide the address

I was able to restore a wallet in monerojs from only the private spend key by removing sanity checks:

I can incorporate the changes in the next release if it makes sense and isn't unsafe, given the non-determinstic keys

woodser: Thanks. I would have had the same question will.yijinin had. Is your "sense and safety" concern regarding someone (who had a non-determinsitic view key) calling it and (by accident/bug/typo) generating a wallet with a deterministic view key?

Gentle reminder that we have loose consensus on the next hard-fork in early 2022:... (full message at libera.ems.host/_matrix/media/r0/do…ee4b7d4452390e264e861952ce939cf26fb)

Branch/feature complete is barely 30d away.

jetsteel when both private keys are provided, you can reconstruct the primary address because it's just a combination of the two corresponding public keys. The catch is you don't know whether it's mainnet/testnet/stagenet if you only have two public keys.

but usually it's just mainnet that matters anyway

sethsimmons> Branch/feature complete is barely 30d away. <= fork it

30d away, wait till we're all back from our new years hangovers before forking it

the question will be how much time hardware wallets will need to update to bp+

probably about 3 months longer than we have

someone claimed supporting bp+ will be easier than clsag

actually yeah maybe

Is the latest PR the multisig vuln fix?

yep

jetsteel: yeah, my concern would be someone calling this function with a private spend key and deriving any unexpected keys. I'd be fine to support it if the risk is low