introduce new UnsafeKeyring interface

Unsafe operations are supported by UnsafeKeyring types.
By doing so, we try to make the client developer aware
of the risks.

client/keys/export.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/cosmos/cosmos-sdk/client"
 	"github.com/cosmos/cosmos-sdk/client/input"
+	"github.com/cosmos/cosmos-sdk/crypto/keyring"
 )
 
 const (
@@ -37,8 +38,7 @@ func ExportKeyCommand() *cobra.Command {
 					}
 				}
 
-				hexPrivKey, err := clientCtx.Keyring.ExportPrivKeyHex(args[0])
-
+				hexPrivKey, err := keyring.NewUnsafe(clientCtx.Keyring).UnsafeExportPrivKeyHex(args[0])
 				if err != nil {
 					return err
 				}

crypto/keyring/keyring.go

@@ -88,6 +88,13 @@ type Keyring interface {
 	Exporter
 }
 
+// UnsafeKeyring exposes unsafe operations such as unsafe unarmored export in
+// addition to those that are made available by the Keyring interface.
+type UnsafeKeyring interface {
+	Keyring
+	UnsafeExporter
+}
+
 // Signer is implemented by key stores that want to provide signing capabilities.
 type Signer interface {
 	// Sign sign byte messages with a user key.
@@ -111,15 +118,19 @@ type Exporter interface {
 	ExportPubKeyArmor(uid string) (string, error)
 	ExportPubKeyArmorByAddress(address sdk.Address) (string, error)
 
-	// ExportPrivKeyHex returns a private key in unarmored hex format
-	ExportPrivKeyHex(uid string) (string, error)
-
 	// ExportPrivKey returns a private key in ASCII armored format.
 	// It returns an error if the key does not exist or a wrong encryption passphrase is supplied.
 	ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error)
 	ExportPrivKeyArmorByAddress(address sdk.Address, encryptPassphrase string) (armor string, err error)
 }
 
+// UnsafeExporter is implemented by key stores that support unsafe export
+// of private keys' material.
+type UnsafeExporter interface {
+	// UnsafeExportPrivKeyHex returns a private key in unarmored hex format
+	UnsafeExportPrivKeyHex(uid string) (string, error)
+}
+
 // Option overrides keyring configuration options.
 type Option func(options *Options)
 
@@ -214,15 +225,6 @@ func (ks keystore) ExportPubKeyArmorByAddress(address sdk.Address) (string, erro
 	return ks.ExportPubKeyArmor(info.GetName())
 }
 
-func (ks keystore) ExportPrivKeyHex(uid string) (privkey string, err error) {
-	priv, err := ks.ExportPrivateKeyObject(uid)
-	if err != nil {
-		return "", err
-	}
-
-	return hex.EncodeToString(priv.Bytes()), nil
-}
-
 func (ks keystore) ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error) {
 	priv, err := ks.ExportPrivateKeyObject(uid)
 	if err != nil {
@@ -787,6 +789,31 @@ func (ks keystore) writeMultisigKey(name string, pub types.PubKey) (Info, error)
 	return info, nil
 }
 
+type unsafeKeystore struct {
+	keystore
+}
+
+func newUnsafeKeystore(ks keystore) unsafeKeystore {
+	return unsafeKeystore{ks}
+}
+
+// NewUnsafe returns a new keyring that provides support for unsafe operations.
+func NewUnsafe(kr Keyring) UnsafeKeyring {
+	ks := kr.(keystore)
+
+	return unsafeKeystore{ks}
+}
+
+// UnsafeExportPrivKeyHex exports private keys in unarmored hexadecimal format.
+func (ks unsafeKeystore) UnsafeExportPrivKeyHex(uid string) (privkey string, err error) {
+	priv, err := ks.ExportPrivateKeyObject(uid)
+	if err != nil {
+		return "", err
+	}
+
+	return hex.EncodeToString(priv.Bytes()), nil
+}
+
 func addrHexKeyAsString(address sdk.Address) string {
 	return fmt.Sprintf("%s.%s", hex.EncodeToString(address.Bytes()), addressSuffix)
 }