Author: tock203 2018-11-27 21:31:53
Published on: 2018-11-27T21:31:53+00:00
The Nayuta team has developed a Wireshark plug-in for Lightning Network (BOLT) protocol which can decode some BOLT messages. This software currently works for Nayuta’s implementation (ptarmigan) and Éclair. When ptarmigan is compiled with certain options, it writes out a key information file that this Wireshark plug-in decodes packets using. When using Éclair, the software parses log files. The current design is that whenever key rotation occurs (nonce==0), lightning node software write 16-byte MAC & key of "first BOLT packet". Lightning-dissector already supports key rotation, however, if there are both messages before key rotation and messages after key rotation in a .pcap file, ~/.lightning/keys.log should contain a few of recent sk to support decrypting such .pcap. By following the key log file format, KeyLogSecretFactory can be reused instead of implementing ClightningSecretFactory. In order to continue to decrypt transaction post-rotation, tools that read these transcripts would need to be aware of key rotations. The Nayuta team proposes that every implementation has a compile option which enables output key information file. If people can see communication logs of BOLT messages on the same format (.pcap), it will be useful for interoperability tests.
Updated on: 2023-05-25T14:47:17.277012+00:00