wallet/rpc: fix listdescriptors RPC fails to return descriptors with private key information when wallet contains descriptors missing any key

Eunovo commented at 1:26 pm on May 12, 2025: contributor

TLDR: Currently, listdescriptors [private=true] will fail for a non-watch-only wallet if any descriptor has a missing private key(e.g tr(), multi(), etc.). This PR changes that while making sure listdescriptors [private=true] still fails if there no private keys. Closes #32078

In non-watch-only wallets, it’s possible to import descriptors as long as at least one private key is included. It’s important that users can still view these descriptors when they need to create a backup—even if some private keys are missing (#32078 (comment)). This change makes it possible to do so.

This change also helps prevent listdescriptors true from failing completely, because one descriptor is missing some private keys.

Notes

The new behaviour is applied to all descriptors including miniscript descriptors
listdescriptors true still fails for watch-only wallets to preserve existing behaviour #24361 (review)
Wallet migration logic previously used Descriptor::ToPrivateString() to determine which descriptor was watchonly. This means that modifying the ToPrivateString() behaviour caused descriptors that were previously recognized as “watchonly” to be “non-watchonly”. In order to keep the scope of this PR limited to the RPC behaviour, this PR uses a different method to determine watchonly descriptors for the purpose of wallet migration. A follow-up PR can be opened to update migration logic to exclude descriptors with some private keys from the watchonly migration wallet.

Relevant PRs

#24361 #32186

Testing

Functional tests were added to test the new behaviour

EDIT listdescriptors [private=true] will still fail when there are no private keys because non-watchonly wallets must have private keys and calling listdescriptors [private=true] for watchonly wallet returns an error

DrahtBot commented at 1:26 pm on May 12, 2025: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32471.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	rkrux
Concept NACK	vicjuma
Concept ACK	achow101
Stale ACK	Sjors

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#bitcoin-core/gui/872 (Menu action to export a watchonly wallet by achow101)
#32489 (wallet: Add exportwatchonlywallet RPC to export a watchonly version of a wallet by achow101)
#31734 (miniscript: account for all StringType variants in Miniscriptdescriptor::ToString() by pythcoiner)
#31713 (miniscript refactor: Remove unique_ptr-indirection (#30866 follow-up) by hodlinator)
#30243 (descriptors: taproot partial descriptors by Eunovo)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

fanquake commented at 1:35 pm on May 12, 2025: member

 0/Users/runner/work/bitcoin/bitcoin/src/test/fuzz/miniscript.cpp:1040:42: error: no matching member function for call to 'ToString'
 1    std::optional<std::string> str{node->ToString(parser_ctx)};
 2                                   ~~~~~~^~~~~~~~
 3/Users/runner/work/bitcoin/bitcoin/src/script/miniscript.h:830:17: note: candidate function template not viable: requires 2 arguments, but 1 was provided
 4    std::string ToString(const CTx& ctx, bool& has_priv_key) const {
 5                ^
 6/Users/runner/work/bitcoin/bitcoin/src/test/fuzz/miniscript.cpp:1248:31: error: no matching member function for call to 'ToString'
 7    const auto str2 = parsed->ToString(parser_ctx);
 8                      ~~~~~~~~^~~~~~~~
 9/Users/runner/work/bitcoin/bitcoin/src/script/miniscript.h:830:17: note: candidate function template not viable: requires 2 arguments, but 1 was provided
10    std::string ToString(const CTx& ctx, bool& has_priv_key) const {
11                ^
122 errors generated.

DrahtBot added the label CI failed on May 12, 2025

DrahtBot commented at 1:38 pm on May 12, 2025: contributor

🚧 At least one of the CI tasks failed. Task tidy: https://github.com/bitcoin/bitcoin/runs/42059781761 LLM reason (✨ experimental): The CI failure is due to build errors in miniscript.cpp related to the ToString function call.

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

Eunovo marked this as a draft on May 12, 2025

Eunovo commented at 1:51 pm on May 12, 2025: contributor

Putting draft while I fix some issues with the fuzz tests

Eunovo force-pushed on May 12, 2025

Eunovo force-pushed on May 13, 2025

DrahtBot removed the label CI failed on May 13, 2025

Eunovo marked this as ready for review on May 13, 2025

Eunovo commented at 4:02 pm on May 13, 2025: contributor

cc @rkrux @sipa

achow101 commented at 5:32 pm on May 13, 2025: member

Concept NACK

The purpose of the private argument is to show the private keys. If there are no private keys to show, I think it is a reasonable error to say that, rather than just showing the public descriptors. I think changing the behavior could result in a footgun where people use it thinking that they are being shown private keys when they actually are not.

vicjuma commented at 5:40 pm on May 13, 2025: none

Concept NACK

It’s unclear why someone should receive public keys with private=true. Why not just use the default command, bitcoin-cli listdescriptors, which already shows public keys? I assume the user is certain about the nature of the descriptors they have in their wallet. Maybe if I do not fully understand this PR.

rkrux commented at 6:10 pm on May 13, 2025: contributor

If there are no private keys to show, I think it is a reasonable error to say that, rather than just showing the public descriptors.

I have not checked this PR yet but the original intention came from this issue: #32078 (comment)

The idea was to show results for descriptors that don’t have all the private keys but do have at least one. This is not for the case when the descriptor doesn’t have any private key.

I do like how the importdescriptors RPC returns a warning when the descriptor contains partial private keys: #32078 (comment). Maybe a similar warning can be returned in this case for listdescriptors true as well - to avoid the footgun.

0[
1  {
2    "success": true,
3    "warnings": [
4      "Not all private keys provided. Some wallet functionality may return unexpected errors"
5    ]
6  }
7]

Also, if the importdescriptors RPC allows importing a descriptor with partial private keys, then it seems reasonable to me to list that descriptor in the response of listdescriptors true with those partial private keys. Is there any other way to see those partial private keys?

Regardless of the above point, I do feel that preventing listdescriptors true from failing completely in the case a descriptor is missing few private keys is helpful for the user as the other descriptors with all the private keys will be returned in the response.

This change also helps prevent listdescriptors true from failing completely, because one descriptor is missing some private keys.

vicjuma commented at 6:29 pm on May 13, 2025: none

Maybe -rpcwallet=<wallet> will come in handy in this situation where you would have to use a different wallet for these situations to prevent the conflicts.

achow101 commented at 6:50 pm on May 13, 2025: member

The idea was to show results for descriptors that don’t have all the private keys but do have at least one.

I think that’s fine to show a result, but I don’t think we should show any result if there are no private keys at all.

Eunovo commented at 6:19 am on May 14, 2025: contributor

Concept NACK

The purpose of the private argument is to show the private keys. If there are no private keys to show, I think it is a reasonable error to say that, rather than just showing the public descriptors. I think changing the behavior could result in a footgun where people use it thinking that they are being shown private keys when they actually are not.

I think there has been a misunderstanding. There are private keys to show. This PR doesn’t change the behaviour of listdescriptors true RPC to show any result when there are no private keys. Non-watchonly wallet descriptors must have at least one private key. The RPC still fails for watch only wallets

Eunovo commented at 6:22 am on May 14, 2025: contributor

I think that’s fine to show a result, but I don’t think we should show any result if there are no private keys at all.

No result is shown if there are no private keys

Eunovo commented at 6:29 am on May 14, 2025: contributor

It’s unclear why someone should receive public keys with private=true. Why not just use the default command, bitcoin-cli listdescriptors, which already shows public keys? I assume the user is certain about the nature of the descriptors they have in their wallet. Maybe if I do not fully understand this PR.

It is possible to have descriptors with missing private keys in a non-watchonly wallet. importdescriptors only rejects descriptors without any private keys. Trying listdescriptors private=true in such a wallet will throw an error, preventing the user from being able to backup their descriptors. The default command only returns public information, I believe that modifying the default command to return private information sometimes will be the wrong decision. It’s much better to allow private=true to work for these descriptors with some missing private keys.

Eunovo renamed this:
~~Fix listdescriptors true fails with 'Can't get descriptor string' in non-watch-only descriptor wallet~~
wallet/rpc: fix listdescriptors RPC fails to return descriptors with private key information when wallet contains descriptors missing any key
on May 14, 2025

rkrux commented at 1:02 pm on May 21, 2025: contributor

A similar problem happens in gethdkeys private=true as well and I think it’s due to partial private keys when the following error is thrown:

0➜  bitcoin git:(list-descriptors-with-partial-keys) ✗ bitcoinclireg -named gethdkeys private=true
1error code: -1
2error message:
3map::at:  key not found

It appears to be coming from here when the xprv corresponding to the xpub can’t be found: https://github.com/bitcoin/bitcoin/blob/7763e86afa045910a14ac9b2cd644927a447370b/src/wallet/rpc/wallet.cpp#L822

It’s due to mismatch in the count of wallet_xprvs and wallet_xpubs calculated in the previous loop over spkms. I can create a separate issue later.

rkrux commented at 1:30 pm on July 16, 2025: contributor

Concept ACK bb14e8ac7d38f3698d76ea3d6dce09e1387d59f3

Started reviewing the PR.

in src/script/descriptor.h:127 in a0a458965c outdated

115+    /** Convert the descriptor to a private string. This uses public keys if the relevant private keys are not in the SigningProvider.
116+     *  If none of the relevant private keys are available, the output string in the "out" parameter will not contain any private key information,
117+     *  and this function will return "false".
118+     *  @param[in] provider The SigningProvider to query for private keys.
119+     *  @param[out] out The resulting descriptor string, containing private keys if available.
120+     */

rkrux commented at 2:37 pm on July 16, 2025:

In a0a458965c944434b1f3e4d83277257793435edb “descriptor: ToPrivateString() pass if at least 1 priv key exists”

0+ [@return](/bitcoin-bitcoin/contributor/return/) true if at least one private key available

Eunovo commented at 3:15 pm on July 18, 2025:

Done

in src/script/descriptor.cpp:709 in a0a458965c outdated

706 
707     bool ToPrivateString(const SigningProvider& arg, std::string& out) const override
708     {
709-        bool ret = ToStringHelper(&arg, out, StringType::PRIVATE);
710+        bool has_priv_key;
711+        assert(ToStringHelper(&arg, out, StringType::PRIVATE, has_priv_key));

rkrux commented at 2:43 pm on July 16, 2025:

In a0a458965c944434b1f3e4d83277257793435edb “descriptor: ToPrivateString() pass if at least 1 priv key exists”

Fine to add assert here because for all intents and purposes I don’t suppose there would ever be a case where ToStringHelper returns false here. Perhaps we can add a helpful assert message here for debugging purposes?

0- assert(ToStringHelper(&arg, out, StringType::PRIVATE, has_priv_key));
1+ assert(ToStringHelper(&arg, out, StringType::PRIVATE, has_priv_key), "");

rkrux commented at 2:15 pm on July 17, 2025:

In a0a458965c944434b1f3e4d83277257793435edb “descriptor: ToPrivateString() pass if at least 1 priv key exists”

This would also aid readability because under no condition has_priv_key can be false here.

0Assume(has_priv_key);

Eunovo commented at 3:16 pm on July 18, 2025:

I couldn’t add an assert message, but I added a comment.

Eunovo commented at 3:20 pm on July 18, 2025:

I’m confused here. Can you clarify what you’re suggesting?

rkrux commented at 4:01 pm on July 18, 2025:

I had something like this in mind because in all the descriptors that can be added in a non-watch-only wallet, there must be at least 1 private key that is available. So, it seemed reasonable to me to add an Assume here on has_priv_key being true. I don’t suppose ToPrivateString function would be called in any case for a watch-only wallet.

 0diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
 1index bd85ddd9e2..b22bf3fa4a 100644
 2--- a/src/script/descriptor.cpp
 3+++ b/src/script/descriptor.cpp
 4@@ -710,6 +710,7 @@ public:
 5         // ToStringHelper should never fail for StringType::PRIVATE,
 6         // because it falls back to StringType::PUBLIC when no private ke
 7y is available.
 8         assert(ToStringHelper(&arg, out, StringType::PRIVATE, &has_priv_k
 9ey));
10+        Assume(has_priv_key);
11         out = AddChecksum(out);
12         return has_priv_key;
13     }

The descriptor_tests unit test did fail for one case when I used an assert instead, the functional tests though pass on my system. Maybe I have missed some use case due to which it fails.

0test/descriptor_tests.cpp:212: info: check parse_priv->ToPrivateString(keys_priv, prv1) has passed
1test/descriptor_tests.cpp:216: info: check 'Private ser: combo(L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1)#p5326pcv Private desc: combo(L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1)' has passed
2Assertion failed: (has_priv_key), function ToPrivateString, file descriptor.cpp, line 713.
3unknown location:0: fatal error: in "descriptor_tests/descriptor_test": signal: SIGABRT (application abort requested)
4test/descriptor_tests.cpp:218: last checkpoint
5test/descriptor_tests.cpp:518: Leaving test case "descriptor_test"; testing time: 1795us

ISTM that the unit test case is more contrived than the functional tests as the below check fails.

0BOOST_CHECK(!parse_priv->ToPrivateString(keys_pub, prv1));

You can ignore if this doesn’t make sense.

Eunovo commented at 9:48 am on July 19, 2025:

ToPrivateString will be called on a non-watch-only wallet when the user tries RPC listdescriptors[private=true]. In this case, has_priv_key will be false and the RPC call should fail as expected.

rkrux commented at 11:51 am on July 21, 2025:

Sorry but I don’t understand how the second statement follows the first one above. For a non-watch-only wallet, isn’t it guaranteed that there must be at least one private key, which should turn has_priv_key to true?

Eunovo commented at 7:35 am on July 22, 2025:

I forgot about the guard I added in https://github.com/bitcoin/bitcoin/pull/32471/commits/4202dca524aeef13e09380804c483d7c5402092d

You are right in the sense that it’s not possible for a watch-only to even get to ToPrivateString() through the rpc; we could assert has_priv_key here. However, the descriptor unit tests often call ToPrivateString() on watch-only descriptors; asserting has_priv_key causes the tests to fail.

Eunovo commented at 7:38 am on July 22, 2025:

To add this assertion, we will have to remove those checks, and I haven’t seen the advantage in doing that.

rkrux commented at 9:47 am on July 22, 2025:

However, the descriptor unit tests often call ToPrivateString() on watch-only descriptors

Yeah, I don’t know why this was done.

To add this assertion, we will have to remove those checks, and I haven’t seen the advantage in doing that.

Agree, doesn’t need to be done right now.

in src/script/miniscript.h:847 in a0a458965c outdated

840@@ -840,10 +841,16 @@ struct Node {
841                     (node.fragment == Fragment::OR_I && node.subs[0]->fragment == Fragment::JUST_0) ||
842                     (node.fragment == Fragment::OR_I && node.subs[1]->fragment == Fragment::JUST_0));
843         };
844+        auto toString = [&ctx, &has_priv_key](Key key) -> std::string {
845+            bool tmp{false};
846+            auto key_str{ctx.ToString(key, tmp)};
847+            has_priv_key |= tmp;

rkrux commented at 2:44 pm on July 16, 2025:

In a0a458965c944434b1f3e4d83277257793435edb “descriptor: ToPrivateString() pass if at least 1 priv key exists”

Not a bug but bitwise or for boolean operations is not ideal.

0- has_priv_key |= tmp;
1+ has_priv_key = has_priv_key || tmp;

Eunovo commented at 3:16 pm on July 18, 2025:

Done

in test/functional/wallet_listdescriptors.py:158 in bb14e8ac7d outdated

153+                {'active': False,
154+                 'desc': miniscript_desc,
155+                 'timestamp': TIME_GENESIS_BLOCK},
156+            ],
157+        }
158+        assert_equal(expected, wallet.listdescriptors(True))

rkrux commented at 2:47 pm on July 16, 2025:

In bb14e8ac7d38f3698d76ea3d6dce09e1387d59f3 “test: Test listdescs with priv works even with missing priv keys”

Nit: I prefer to only check for the data that we really want to assert on, helps in keeping the tests code cleaner as well besides being minutely faster. Checking desc for every imported descriptor in this case.

Eunovo commented at 3:16 pm on July 18, 2025:

Done

in src/script/descriptor.cpp:492 in a0a458965c outdated

487@@ -485,7 +488,10 @@ class BIP32PubkeyProvider final : public PubkeyProvider
488     bool ToPrivateString(const SigningProvider& arg, std::string& out) const override
489     {
490         CExtKey key;
491-        if (!GetExtKey(arg, key)) return false;
492+        if (!GetExtKey(arg, key)) {
493+            out = ToString();

rkrux commented at 2:54 pm on July 16, 2025:

In a0a458965c944434b1f3e4d83277257793435edb “descriptor: ToPrivateString() pass if at least 1 priv key exists”

Nit: To keep it consistent with the other pubkey providers and to make it explicit here. Though a default is specified in ToString.

0- out = ToString();
1+ out = ToString(StringType::PUBLIC);

Eunovo commented at 3:16 pm on July 18, 2025:

Done

in src/script/descriptor.cpp:264 in a0a458965c outdated

254@@ -255,9 +255,9 @@ class OriginPubkeyProvider final : public PubkeyProvider
255     bool ToPrivateString(const SigningProvider& arg, std::string& ret) const override

rkrux commented at 12:52 pm on July 17, 2025:

In a0a458965c944434b1f3e4d83277257793435edb “descriptor: ToPrivateString() pass if at least 1 priv key exists”

It would be helpful to update the function doc in PubkeyProvider struct to mention the new behaviour.

Eunovo commented at 3:16 pm on July 18, 2025:

Done

in src/script/descriptor.cpp:702 in a0a458965c outdated

697@@ -686,20 +698,23 @@ class DescriptorImpl : public Descriptor
698     std::string ToString(bool compat_format) const final
699     {
700         std::string ret;
701-        ToStringHelper(nullptr, ret, compat_format ? StringType::COMPAT : StringType::PUBLIC);
702+        bool has_priv_key;
703+        ToStringHelper(nullptr, ret, compat_format ? StringType::COMPAT : StringType::PUBLIC, has_priv_key);

rkrux commented at 1:04 pm on July 17, 2025:

In https://github.com/bitcoin/bitcoin/commit/a0a458965c944434b1f3e4d83277257793435edb “descriptor: ToPrivateString() pass if at least 1 priv key exists”

0- bool has_priv_key;
1- ToStringHelper(nullptr, ret, compat_format ? StringType::COMPAT : StringType::PUBLIC, has_priv_key);
2+ bool dummy;
3+ ToStringHelper(nullptr, ret, compat_format ? StringType::COMPAT : StringType::PUBLIC, dummy);

Because there is no use of this variable in ToString. Same for ToNormalizedString function down below.

An alternative could be to use a pointer for has_priv_key instead of reference because, as noted here, there are use cases for nullptr. The ToStringHelper would need to accordingly check for the presence of pointer value though.

Eunovo commented at 3:18 pm on July 18, 2025:

ToStringHelper now accepts a pointer to has_priv_key in https://github.com/bitcoin/bitcoin/pull/32471/commits/2a1f1f0e32829af43436eb4220164c1be86229bb It does look cleaner, but there’s a need to check for nullptr now.

in src/script/miniscript.h:846 in a0a458965c outdated

840@@ -840,10 +841,16 @@ struct Node {
841                     (node.fragment == Fragment::OR_I && node.subs[0]->fragment == Fragment::JUST_0) ||
842                     (node.fragment == Fragment::OR_I && node.subs[1]->fragment == Fragment::JUST_0));
843         };
844+        auto toString = [&ctx, &has_priv_key](Key key) -> std::string {
845+            bool tmp{false};
846+            auto key_str{ctx.ToString(key, tmp)};

rkrux commented at 1:58 pm on July 17, 2025:

In a0a458965c944434b1f3e4d83277257793435edb “descriptor: ToPrivateString() pass if at least 1 priv key exists”

0- bool tmp{false};
1- auto key_str{ctx.ToString(key, tmp)};
2+ bool fragment_has_private_key{false};
3+ auto key_str{ctx.ToString(key, fragment_has_private_key)};

Eunovo commented at 3:18 pm on July 18, 2025:

Done

in src/script/descriptor.cpp:1720 in a0a458965c outdated

1714@@ -1700,8 +1715,9 @@ struct KeyParser {
1715         return key;
1716     }
1717 
1718-    std::optional<std::string> ToString(const Key& key) const
1719+    std::string ToString(const Key& key, bool& has_priv_key) const
1720     {
1721+        has_priv_key = false;

rkrux commented at 2:02 pm on July 17, 2025:

In a0a458965c944434b1f3e4d83277257793435edb “descriptor: ToPrivateString() pass if at least 1 priv key exists”

Maybe the pointer approach would avoid forcibly setting variables to false?

Eunovo commented at 3:19 pm on July 18, 2025:

Done

rkrux commented at 3:19 pm on July 17, 2025: contributor

Partial review bb14e8ac7d38f3698d76ea3d6dce09e1387d59f3

Eunovo force-pushed on Jul 18, 2025

in src/wallet/scriptpubkeyman.cpp:744 in 2551fdfdd6 outdated

742+            if (GetKey(extpubkey.pubkey.GetID(), key)) {
743+                privkey_count += 1;
744+            }
745+        }
746+        size_t pubkey_count{pubkeys.size() + ext_pubkeys.size()};
747+        bool watchonly{privkey_count == 0 || pubkey_count > privkey_count};

rkrux commented at 11:45 am on July 21, 2025:

In 2551fdfdd662dfb4077c3059b437acf56bdbaf5b “wallet/migration: use count private key count to identify watchonly descs”

This evaluation of watchonly at a barebones level looks great to me! Though maybe we can put this inside a IsWatchOnly function in the Descriptor{Impl} class? Reading all these details in the migration flow might be distracting, and moreover this generic function might have its own use cases separate from this later. Following patch builds and tests fine on my system. I have added few minor renaming changes as well.

 0diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
 1index bd85ddd9e2..bf67b8c43e 100644
 2--- a/src/script/descriptor.cpp
 3+++ b/src/script/descriptor.cpp
 4@@ -646,6 +646,31 @@ public:
 5         return false;
 6     }
 7 
 8+    bool IsWatchOnly(const SigningProvider& arg) const override
 9+    {
10+        size_t privkey_count{0};
11+        std::set<CPubKey> pubkeys;
12+        std::set<CExtPubKey> ext_pubkeys;
13+        this->GetPubKeys(pubkeys, ext_pubkeys);
14+        auto output_type{this->GetOutputType()};
15+        for (auto pubkey : pubkeys) {
16+            CKey key;
17+            if (arg.GetKey(pubkey.GetID(), key)) {
18+                privkey_count += 1;
19+            } else if (output_type.has_value() && *output_type == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {
20+                privkey_count += 1;
21+            }
22+        }
23+        for (auto extpubkey : ext_pubkeys) {
24+            CKey dummy;
25+            if (arg.GetKey(extpubkey.pubkey.GetID(), dummy)) {
26+                privkey_count += 1;
27+            }
28+        }
29+        size_t pubkey_count{pubkeys.size() + ext_pubkeys.size()};
30+        return (privkey_count == 0 || pubkey_count > privkey_count);
31+    }
32+
33     // NOLINTNEXTLINE(misc-no-recursion)
34     virtual bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, bool* has_priv_key, const DescriptorCache* cache = nullptr) const
35     {
36diff --git a/src/script/descriptor.h b/src/script/descriptor.h
37index 09e9840645..f2e40b7f7a 100644
38--- a/src/script/descriptor.h
39+++ b/src/script/descriptor.h
40@@ -111,6 +111,9 @@ struct Descriptor {
41     /** Whether this descriptor will return one scriptPubKey or multiple (aka is or is not combo) */
42     virtual bool IsSingleType() const = 0;
43 
44+    /** Whether this descriptor doesn't contain any private key material */
45+    virtual bool IsWatchOnly(const SigningProvider& provider) const = 0;
46+
47     /** Convert the descriptor to a private string. This uses public keys if the relevant private keys are not in the SigningProvider.
48      *  If none of the relevant private keys are available, the output string in the "out" parameter will not contain any private key information,
49      *  and this function will return "false".
50diff --git a/src/wallet/scriptpubkeyman.cpp b/src/wallet/scriptpubkeyman.cpp
51index 117fdd3a5e..e403bf3bbe 100644
52--- a/src/wallet/scriptpubkeyman.cpp
53+++ b/src/wallet/scriptpubkeyman.cpp
54@@ -721,27 +721,7 @@ std::optional<MigrationData> LegacyDataSPKM::MigrateToDescriptor()
55 
56         std::vector<CScript> desc_spks;
57 
58-        size_t privkey_count{0};
59-        std::set<CPubKey> pubkeys;
60-        std::set<CExtPubKey> ext_pubkeys;
61-        desc->GetPubKeys(pubkeys, ext_pubkeys);
62-        auto output_type{desc->GetOutputType()};
63-        for (auto pubkey : pubkeys) {
64-            CKey key;
65-            if (GetKey(pubkey.GetID(), key)) {
66-                privkey_count += 1;
67-            } else if (output_type.has_value() && *output_type == OutputType::BECH32M && GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {
68-                privkey_count += 1;
69-            }
70-        }
71-        for (auto extpubkey : ext_pubkeys) {
72-            CKey key;
73-            if (GetKey(extpubkey.pubkey.GetID(), key)) {
74-                privkey_count += 1;
75-            }
76-        }
77-        size_t pubkey_count{pubkeys.size() + ext_pubkeys.size()};
78-        bool watchonly{privkey_count == 0 || pubkey_count > privkey_count};
79+        bool watchonly = desc->IsWatchOnly(*this);
80         if (watchonly && !m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {
81             out.watch_descs.emplace_back(desc->ToString(), creation_time);
82 
83diff --git a/src/wallet/test/walletload_tests.cpp b/src/wallet/test/walletload_tests.cpp
84index 0c69849d0b..29f174be81 100644
85--- a/src/wallet/test/walletload_tests.cpp
86+++ b/src/wallet/test/walletload_tests.cpp
87@@ -26,6 +26,7 @@ public:
88     bool IsRange() const override { return false; }
89     bool IsSolvable() const override { return false; }
90     bool IsSingleType() const override { return true; }
91+    bool IsWatchOnly(const SigningProvider&) const override { return false; }
92     bool ToPrivateString(const SigningProvider& provider, std::string& out) const override { return false; }
93     bool ToNormalizedString(const SigningProvider& provider, std::string& out, const DescriptorCache* cache = nullptr) const override { return false; }
94     bool Expand(int pos, const SigningProvider& provider, std::vector<CScript>& output_scripts, FlatSigningProvider& out, DescriptorCache* write_cache = nullptr) const override { return false; };

Eunovo commented at 7:14 am on July 22, 2025:

Nice idea. Added you as Co-author in the relevant commit.

Eunovo force-pushed on Jul 22, 2025

rkrux commented at 6:44 am on July 30, 2025: contributor

Thanks for addressing the comments, I will take one final look and then a-c-k.

Tagging @furszy for review as he noticed this issue as well few months back.

in src/script/descriptor.h:114 in 2c0a84f1e2 outdated

110@@ -111,6 +111,9 @@ struct Descriptor {
111     /** Whether this descriptor will return one scriptPubKey or multiple (aka is or is not combo) */
112     virtual bool IsSingleType() const = 0;
113 
114+    /** Whether this descriptor contains any private key material */

Sjors commented at 8:01 am on July 30, 2025:

In 2c0a84f1e2ebe98bcf5066acb0de0ba5138c2101 descriptors: add IsWatchOnly(): this doesn’t describe the actual behavior. IIUC:

0/** Whether this descriptor is missing any private key material */

Eunovo commented at 7:52 pm on August 1, 2025:

Thanks for this. I’ve updated the comment.

in src/script/descriptor.cpp:640 in 2c0a84f1e2 outdated

635+        auto output_type{this->GetOutputType()};
636+        for (auto pubkey : pubkeys) {
637+            CKey key;
638+            if (arg.GetKey(pubkey.GetID(), key)) {
639+                privkey_count += 1;
640+            } else if (output_type.has_value() && *output_type == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {

Sjors commented at 8:19 am on July 30, 2025:

In https://github.com/bitcoin/bitcoin/commit/2c0a84f1e2ebe98bcf5066acb0de0ba5138c2101 descriptors: add IsWatchOnly(): since c++17 you can safely compare std::optional with T, see item 21 here: https://en.cppreference.com/w/cpp/utility/optional/operator_cmp.html

I also find it easier to read if privkey_count and pubkey_count are tracked in the same manner, but feel free to ignore:

 0diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
 1index 98ae29ceb3..a86b4743b3 100644
 2--- a/src/script/descriptor.cpp
 3+++ b/src/script/descriptor.cpp
 4@@ -628,26 +628,27 @@ public:
 5
 6     bool IsWatchOnly(const SigningProvider& arg) const override
 7     {
 8+        size_t pubkey_count{0};
 9         size_t privkey_count{0};
10         std::set<CPubKey> pubkeys;
11         std::set<CExtPubKey> ext_pubkeys;
12         this->GetPubKeys(pubkeys, ext_pubkeys);
13-        auto output_type{this->GetOutputType()};
14-        for (auto pubkey : pubkeys) {
15-            CKey key;
16-            if (arg.GetKey(pubkey.GetID(), key)) {
17+        for (const CPubKey pubkey : pubkeys) {
18+            pubkey_count++;
19+            CKey dummy;
20+            if (arg.GetKey(pubkey.GetID(), dummy)) {
21                 privkey_count += 1;
22-            } else if (output_type.has_value() && *output_type == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {
23+            } else if (this->GetOutputType() == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), dummy)) {
24                 privkey_count += 1;
25             }
26         }
27-        for (auto extpubkey : ext_pubkeys) {
28+        for (const CExtPubKey extpubkey : ext_pubkeys) {
29+            pubkey_count++;
30             CKey dummy;
31             if (arg.GetKey(extpubkey.pubkey.GetID(), dummy)) {
32                 privkey_count += 1;
33             }
34         }
35-        size_t pubkey_count{pubkeys.size() + ext_pubkeys.size()};
36         return (privkey_count == 0 || pubkey_count > privkey_count);
37     }

Eunovo commented at 7:52 pm on August 1, 2025:

I didn’t use this patch, but I put some effort into making the code more readable.

in src/test/miniscript_tests.cpp:191 in b32c2b290f outdated

187@@ -188,7 +188,7 @@ struct KeyConverter {
188         return g_testdata->pkmap.at(keyid);
189     }
190 
191-    std::optional<std::string> ToString(const Key& key) const {
192+    std::string ToString(const Key& key, bool* has_priv_key = nullptr) const {

Sjors commented at 8:44 am on July 30, 2025:

In b32c2b290f8e4dcb7fe54ee4c81714a3785920a7 descriptor: ToPrivateString() pass if at least 1 priv key exists:

To preserve existing behaviour:

0if (has_priv_key) *has_priv_key = true;

It’s a bit worrying that the test passes whether I set this to false or true. But that’s a pre-existing issue, as the following change to the original code doesn’t break the test either:

 0diff --git a/src/test/miniscript_tests.cpp b/src/test/miniscript_tests.cpp
 1index 0a32727f37..0989f0c50a 100644
 2--- a/src/test/miniscript_tests.cpp
 3+++ b/src/test/miniscript_tests.cpp
 4@@ -189,7 +189,7 @@ struct KeyConverter {
 5     }
 6
 7     std::optional<std::string> ToString(const Key& key) const {
 8-        return HexStr(ToPKBytes(key));
 9+        return {};
10     }
11
12     miniscript::MiniscriptContext MsContext() const {

cc @darosior

Eunovo commented at 8:06 pm on August 1, 2025:

has_priv_key is only relevant when ToPrivateString is called on an actual Descriptor instance. IIUC, this test doesn’t do that, so the value of has_priv_key does not matter here. I’m not sure we should set it here, apart from the fact that it doesn’t affect the test, the string returned doesn’t have a private key.

Sjors commented at 8:52 am on July 30, 2025: member

Mostly happy with d82dcf2eaa7efb3809ae559c8f97f74403a2ccd6, but in b32c2b290f8e4dcb7fe54ee4c81714a3785920a7 descriptor: ToPrivateString() pass if at least 1 priv key exists I find the miniscript change hard to follow (mostly because I find the miniscript code itself hard to follow). Can you split that out in a seperate commit that doesn’t change behaviour?

Tested with https://github.com/Sjors/bitcoin/pull/91.

Also left some code style suggestions.

DrahtBot added the label Needs rebase on Jul 31, 2025

Eunovo force-pushed on Aug 1, 2025

DrahtBot added the label CI failed on Aug 1, 2025

DrahtBot commented at 2:41 pm on August 1, 2025: contributor

🚧 At least one of the CI tasks failed. Task ARM, unit tests, no functional tests: https://github.com/bitcoin/bitcoin/runs/47207844179 LLM reason (✨ experimental): The CI failure is caused by an assertion failure and subprocess abortion during a benchmark test, indicating a test-related error rather than a build or compilation issue.

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

Eunovo force-pushed on Aug 1, 2025

DrahtBot removed the label Needs rebase on Aug 1, 2025

DrahtBot removed the label CI failed on Aug 1, 2025

Eunovo commented at 7:55 pm on August 1, 2025: contributor

Mostly happy with d82dcf2, but in b32c2b2 descriptor: ToPrivateString() pass if at least 1 priv key exists I find the miniscript change hard to follow (mostly because I find the miniscript code itself hard to follow). Can you split that out in a seperate commit that doesn’t change behaviour?

I split the original commit into the following commits:

I’m not sure https://github.com/bitcoin/bitcoin/pull/32471/commits/d2b84af58073630f87df32a7b785971fe32cb9be makes the miniscript change in https://github.com/bitcoin/bitcoin/pull/32471/commits/49f41141c674f83d0b66262a5b21aad623704264 easier to follow. I still think they should be one commit, but let me know if it helps. @Sjors

in src/script/descriptor.cpp:862 in 64213213b3 outdated

857+
858+        for (auto pubkey : pubkeys) {
859+            CKey key;
860+            if (arg.GetKey(pubkey.GetID(), key)) {
861+                privkey_count += 1;
862+            } else if (output_type.has_value() && output_type == OutputType::BECH32M && arg.GetKeyByXOnly(XOnlyPubKey(pubkey), key)) {

Sjors commented at 12:03 pm on August 4, 2025:

In 64213213b3691c9d93de95f880f820a640cd3c35 descriptors: add IsWatchOnly(): nit: you don’t need output_type.has_value()

Eunovo commented at 3:15 pm on August 8, 2025:

I rewrote the function, so this comment is now outdated.

in src/test/fuzz/miniscript.cpp:131 in 49f41141c6 outdated

123@@ -124,10 +124,13 @@ struct ParserContext {
124         return a < b;
125     }
126 
127-    std::optional<std::string> ToString(const Key& key) const
128+    std::string ToString(const Key& key, bool* has_priv_key) const
129     {
130         auto it = TEST_DATA.dummy_key_idx_map.find(key);
131-        if (it == TEST_DATA.dummy_key_idx_map.end()) return {};
132+        if (it == TEST_DATA.dummy_key_idx_map.end()) {

Sjors commented at 12:16 pm on August 4, 2025:

In 49f41141c674f83d0b66262a5b21aad623704264 descriptor: ToPrivateString() pass if at least 1 priv key exists: maybe for good measure:

0*has_priv_key = false;

In both places it seems better to check that priv_key exists, even if that’s always the case in this fuzzer. IIUC in that case you can leave out tmp{false} and just pass nullptr below.

Eunovo commented at 3:15 pm on August 8, 2025:

Done

Sjors approved

Sjors commented at 12:27 pm on August 4, 2025: member

ACK 45e06e05e7f8d638ecc91a1ba62e1b38a5133a2b

I find that the separation of 23431cde206bd6e18f274773f77bd914553bf2cc makes it easier to follow. The separation of https://github.com/bitcoin/bitcoin/commit/d2b84af58073630f87df32a7b785971fe32cb9be from https://github.com/bitcoin/bitcoin/commit/49f41141c674f83d0b66262a5b21aad623704264 is less useful, but fine by me. @achow101 can you update your concept opinion based on the updated behaviour? I think it makes sense to return a result if any private key is present in descriptor, rather than all.

DrahtBot requested review from rkrux on Aug 4, 2025

in src/script/descriptor.cpp:844 in 64213213b3 outdated

840@@ -841,6 +841,38 @@ class DescriptorImpl : public Descriptor
841         return true;
842     }
843 
844+    bool IsWatchOnly(const SigningProvider& arg) const override

achow101 commented at 10:24 pm on August 6, 2025:

In 64213213b3691c9d93de95f880f820a640cd3c35 “descriptors: add IsWatchOnly()”

I think this function can be vastly simplified by calling GetPrivKey on all the PubkeyProvider, and IsWatchOnly on all subdescriptors.

nit: I don’t like this function name since whether the descriptor is watchonly depends on the contents of the provided parameter. It’s not a property like a Is* name implies. Watchonly also is not a property applied to descriptors as private keys are not actually part of the descriptor. Perhaps something like HavePrivateKeys instead.

Eunovo commented at 3:16 pm on August 8, 2025:

I was able to simplify the code as suggested, and I renamed it to HavePrivateKeys()

in src/script/descriptor.cpp:899 in 49f41141c6 outdated

895@@ -896,24 +896,27 @@ class DescriptorImpl : public Descriptor
896     }
897 
898     // NOLINTNEXTLINE(misc-no-recursion)
899-    virtual bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, const DescriptorCache* cache = nullptr) const
900+    virtual bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, bool* has_priv_key, const DescriptorCache* cache = nullptr) const

achow101 commented at 10:32 pm on August 6, 2025:

In 49f41141c674f83d0b66262a5b21aad623704264 “descriptor: ToPrivateString() pass if at least 1 priv key exists”

has_priv_key should be a reference not a pointer. The pointer-ness is never used in this function.

Eunovo commented at 3:18 pm on August 8, 2025:

The has_priv_key parameter has been removed.

in src/script/descriptor.cpp:928 in 49f41141c6 outdated

924@@ -922,7 +925,8 @@ class DescriptorImpl : public Descriptor
925                     if (!pubkey->ToNormalizedString(*arg, tmp, cache)) return false;
926                     break;
927                 case StringType::PRIVATE:
928-                    if (!pubkey->ToPrivateString(*arg, tmp)) return false;
929+                    assert(has_priv_key != nullptr);

achow101 commented at 10:33 pm on August 6, 2025:

In 49f41141c674f83d0b66262a5b21aad623704264 “descriptor: ToPrivateString() pass if at least 1 priv key exists”

If has_priv_key is never supposed to be null, then it should be a reference. Otherwise, this should be an if, we should not rely on caller behavior.

Eunovo commented at 3:19 pm on August 8, 2025:

Done.

in src/script/descriptor.cpp:961 in 49f41141c6 outdated

954@@ -949,14 +955,17 @@ class DescriptorImpl : public Descriptor
955 
956     bool ToPrivateString(const SigningProvider& arg, std::string& out) const override
957     {
958-        bool ret = ToStringHelper(&arg, out, StringType::PRIVATE);
959+        bool has_priv_key{false};
960+        // ToStringHelper should never fail for StringType::PRIVATE,
961+        // because it falls back to StringType::PUBLIC when no private key is available.
962+        assert(ToStringHelper(&arg, out, StringType::PRIVATE, &has_priv_key));

achow101 commented at 10:36 pm on August 6, 2025:

In 49f41141c674f83d0b66262a5b21aad623704264 “descriptor: ToPrivateString() pass if at least 1 priv key exists”

asserts should not have side effects. If we are calling a function to actually do something, it should not be in an assert.

However, if the return value of ToStringHelper is always supposed to be true, then it should not be returning anything anyways. Furthermore, I don’t see why ToStringHelper doesn’t return whether the string has a private key, as we are doing in this function. That would allow us to drop has_priv_key from all of the function.

Eunovo commented at 3:21 pm on August 8, 2025:

I refactored the code as suggested and was able to drop has_priv_key from the parameter list. Now, has_priv_key is returned if type == StringType::PRIVATE.

achow101 commented at 10:44 pm on August 6, 2025: member

Concept ACK

Eunovo force-pushed on Aug 8, 2025

DrahtBot added the label CI failed on Aug 8, 2025

DrahtBot commented at 3:54 pm on August 8, 2025: contributor

🚧 At least one of the CI tasks failed. Task tidy: https://github.com/bitcoin/bitcoin/runs/47688035952 LLM reason (✨ experimental): The CI failure is caused by a clang-tidy error detecting recursive call chains in src/script/descriptor.cpp.

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

DrahtBot removed the label CI failed on Aug 8, 2025

Eunovo commented at 4:03 am on August 9, 2025: contributor

Thanks for the reviews! I have:

renamed IsWatchOnly() to HavePrivateKeys()
Added a test for HavePrivateKeys() to descriptor_tests
Removed the unnecessary asserts from ToStringHelper() and ToPrivateString()
Removed has_priv_key from ToStringHelper() and ToSubStringHelper() parameter lists

in src/script/descriptor.cpp:1432 in deed439bff outdated

1424@@ -1418,24 +1425,34 @@ class TRDescriptor final : public DescriptorImpl
1425     }
1426     bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, const DescriptorCache* cache = nullptr) const override
1427     {
1428-        if (m_depths.empty()) return true;
1429+        if (m_depths.empty()) {
1430+            // If there are no sub-descriptors and a PRIVATE string
1431+            // is requested, return `false` to indicate that the presence
1432+            // of a private key depends solely on the internal key, not on
1433+            // any sub-descriptor. This ensures correct behavior for

rkrux commented at 12:13 pm on August 11, 2025:

In deed439bff638abfc298a3b9c4f3d9f75fa18244 “descriptor: ToPrivateString() pass if at least 1 priv key exists”

Micro nit if retouched

0-            // of a private key depends solely on the internal key, not on
1-            // any sub-descriptor. This ensures correct behavior for
2+           // of a private key depends solely on the internal key (which is checked
3+           // in the caller), not on any sub-descriptor. This ensures correct behavior for

Eunovo commented at 3:25 pm on August 11, 2025:

Done

in src/script/descriptor.cpp:2123 in deed439bff outdated

2119@@ -2104,7 +2120,7 @@ struct KeyParser {
2120         return key;
2121     }
2122 
2123-    std::optional<std::string> ToString(const Key& key) const
2124+    std::string ToString(const Key& key, bool* has_priv_key = nullptr) const

rkrux commented at 12:20 pm on August 11, 2025:

In https://github.com/bitcoin/bitcoin/commit/deed439bff638abfc298a3b9c4f3d9f75fa18244 “descriptor: ToPrivateString() pass if at least 1 priv key exists”

Nit:

 0diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
 1index b6539ab12e..028a7299e5 100644
 2--- a/src/script/descriptor.cpp
 3+++ b/src/script/descriptor.cpp
 4@@ -2120,7 +2120,7 @@ struct KeyParser {
 5         return key;
 6     }
 7 
 8-    std::string ToString(const Key& key, bool* has_priv_key = nullptr) const
 9+    std::string ToString(const Key& key, bool*) const
10     {
11         return m_keys.at(key).at(0)->ToString();
12     }

Eunovo commented at 3:26 pm on August 11, 2025:

Done

in src/script/descriptor.cpp:1548 in deed439bff outdated

1545+    std::string ToString(uint32_t key, bool* has_priv_key = nullptr) const
1546     {
1547         std::string ret;
1548         if (m_private) {
1549-            if (!m_pubkeys[key]->ToPrivateString(*m_arg, ret)) return {};
1550+            assert(has_priv_key != nullptr);

rkrux commented at 12:44 pm on August 11, 2025:

In https://github.com/bitcoin/bitcoin/commit/deed439bff638abfc298a3b9c4f3d9f75fa18244 “descriptor: ToPrivateString() pass if at least 1 priv key exists”

Looks like the same argument applies here too?

#32471 (review)

If has_priv_key is never supposed to be null, then it should be a reference.

Eunovo commented at 3:26 pm on August 11, 2025:

Fixed

rkrux commented at 12:45 pm on August 11, 2025: contributor

The miniscript code took some time for me to understand.

lgtm ACK 4241edfce6f9a4a51121b39bc20040c14d220551

DrahtBot requested review from Sjors on Aug 11, 2025

DrahtBot requested review from achow101 on Aug 11, 2025

in src/script/descriptor.h:119 in 726181bf5b outdated

110@@ -111,6 +111,13 @@ struct Descriptor {
111     /** Whether this descriptor will return one scriptPubKey or multiple (aka is or is not combo) */
112     virtual bool IsSingleType() const = 0;
113 
114+    /** Whether the given provider has all private keys required by this descriptor.
115+     * @return `false` if the descriptor doesn't have any keys or subdescriptors,
116+     *         or if the provider does not have all private keys required by
117+     *         the descriptor.
118+     */
119+    virtual bool HavePrivateKeys(const SigningProvider& provider) const = 0;

rkrux commented at 1:01 pm on August 11, 2025:

In 726181bf5bbf23e188156d2ec2db3e0dcb83b2ee “descriptors: add HavePrivateKeys()”

Naming nit because the function is a part of a singular Descriptor class, but I see there is a combination of Have* (not my preference) and Has* functions in the singular object classes in the codebase, so feel free to ignore.

0- virtual bool HavePrivateKeys(const SigningProvider& provider) const = 0;
1+ virtual bool HasPrivateKeys(const SigningProvider& provider) const = 0;

Eunovo force-pushed on Aug 11, 2025

rkrux approved

rkrux commented at 10:34 am on August 15, 2025: contributor

ACK 46860de809a1e9c7d0a1d716f77e9df7fb0bcd1c

0git range-diff 4241edf...46860de

Sjors commented at 12:33 pm on September 2, 2025: member

utACK 46860de809a1e9c7d0a1d716f77e9df7fb0bcd1c

I studied 4d07eff13002384ed59a3b7f592be56a25b88c15 from scratch since it had quite a few changes since my last review.

in src/script/descriptor.cpp:888 in 4d07eff130 outdated

884@@ -885,13 +885,16 @@ class DescriptorImpl : public Descriptor
885     virtual bool ToStringSubScriptHelper(const SigningProvider* arg, std::string& ret, const StringType type, const DescriptorCache* cache = nullptr) const
886     {
887         size_t pos = 0;
888+        bool has_priv_key{false};

achow101 commented at 8:43 pm on September 11, 2025:

In 4d07eff13002384ed59a3b7f592be56a25b88c15 “descriptor: ToPrivateString() pass if at least 1 priv key

has_priv_key is a misnomer since for public strings, it has a completely different meaning. I would prefer naming this something more generic, like any_success, here and elsewhere.

Eunovo commented at 3:02 pm on September 12, 2025:

I think changing has_priv_key to any_success might make line 897 more confusing.

https://github.com/bitcoin/bitcoin/blob/4d07eff13002384ed59a3b7f592be56a25b88c15/src/script/descriptor.cpp#L897

rkrux commented at 7:27 am on September 16, 2025:

has_priv_key is used only for PRIVATE type, consider the following that limits its usage to avoid it being considered a misnomer - related unit/functional tests pass.

 0diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
 1index f29e73e2e6..ef977a5912 100644
 2--- a/src/script/descriptor.cpp
 3+++ b/src/script/descriptor.cpp
 4@@ -891,7 +891,7 @@ public:
 5             std::string tmp;
 6             bool subscript_res{scriptarg->ToStringHelper(arg, tmp, type, cache)};
 7             if (type != StringType::PRIVATE && !subscript_res) return false;
 8-            has_priv_key = has_priv_key || subscript_res;
 9+            if (type == StringType::PRIVATE) has_priv_key = has_priv_key || subscript_res;
10             ret += tmp;
11         }
12         return type == StringType::PRIVATE ? has_priv_key : true;

Eunovo commented at 6:58 am on September 17, 2025:

I refactored the code a bit and changed has_priv_key to any_success.

in src/script/descriptor.cpp:1434 in 4d07eff130 outdated

1430+            // If there are no sub-descriptors and a PRIVATE string
1431+            // is requested, return `false` to indicate that the presence
1432+            // of a private key depends solely on the internal key (which is checked
1433+            // in the caller), not on any sub-descriptor. This ensures correct behavior for
1434+            // descriptors like tr(internal_key) when checking for private keys.
1435+            return type == StringType::PRIVATE ? false : true;

achow101 commented at 8:44 pm on September 11, 2025:

In 4d07eff13002384ed59a3b7f592be56a25b88c15 “descriptor: ToPrivateString() pass if at least 1 priv key exists”

nit: can be simplified to

0            return type != StringType::PRIVATE

in src/script/miniscript.h:828 in 4d07eff130 outdated

824@@ -825,7 +825,7 @@ struct Node {
825     }
826 
827     template<typename CTx>
828-    std::optional<std::string> ToString(const CTx& ctx) const {
829+    std::string ToString(const CTx& ctx, bool* has_priv_key = nullptr) const {

achow101 commented at 8:45 pm on September 11, 2025:

In 4d07eff13002384ed59a3b7f592be56a25b88c15 “descriptor: ToPrivateString() pass if at least 1 priv key exists”

has_priv_key does not need to be a pointer here.

Eunovo commented at 3:05 pm on September 12, 2025:

I changed this to use a reference and added an overload that doesn’t use the reference; callers that don’t need has_priv_key can still do ToString(ctx)

DrahtBot requested review from achow101 on Sep 11, 2025

Eunovo force-pushed on Sep 12, 2025

Eunovo force-pushed on Sep 15, 2025

Eunovo requested review from rkrux on Sep 15, 2025

Eunovo force-pushed on Sep 17, 2025

Eunovo commented at 2:55 pm on September 17, 2025: contributor

Rebased on master @https://github.com/bitcoin/bitcoin/commit/2d6a0c4649 and refactored the code the based on suggestions from @achow101

in test/functional/wallet_listdescriptors.py:136 in 74521dd6d4

131+        wallet = node.get_wallet_rpc('w5')
132+        tr_desc = descsum_create('tr(' + node.get_deterministic_priv_key().key +
133+                                 ',{pk(03cdabb7f2dce7bfbd8a0b9570c6fd1e712e5d64045e9d6b517b3d5072251dc204)' +
134+                                 ',pk([d34db33f/44h/0h/0h]tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)})')
135+        miniscript_desc = descsum_create('wsh(and_v(v:ripemd160(095ff41131e5946f3c85f79e44adbcf8e27e080e),multi(1,' + node.get_deterministic_priv_key().key +
136+                                            ',tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)))')

rkrux commented at 9:28 am on October 3, 2025:

In 74521dd6d4b65007547e64bda2bfbc6fe497677f “test: Test listdescs with priv works even with missing priv keys”

Consider importing few musig descriptors as well. Noticed this was an issue while reviewing #29675: #29675 (review)

Plus minor refactor to use set for importing and asserting to make it less redundant to read.

 0diff --git a/test/functional/wallet_listdescriptors.py b/test/functional/wallet_listdescriptors.py
 1index ce4859e43f..5204971e33 100755
 2--- a/test/functional/wallet_listdescriptors.py
 3+++ b/test/functional/wallet_listdescriptors.py
 4@@ -127,27 +127,33 @@ class ListDescriptorsTest(BitcoinTestFramework):
 5         assert_equal(expected, wallet.listdescriptors())
 6 
 7         self.log.info('Test descriptor with missing private keys')
 8-        node.createwallet(wallet_name='w5', blank=True, descriptors=True)
 9+        node.createwallet(wallet_name='w5', blank=True)
10         wallet = node.get_wallet_rpc('w5')
11-        tr_desc = descsum_create('tr(' + node.get_deterministic_priv_key().key +
12-                                 ',{pk(03cdabb7f2dce7bfbd8a0b9570c6fd1e712e5d64045e9d6b517b3d5072251dc204)' +
13-                                 ',pk([d34db33f/44h/0h/0h]tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)})')
14-        miniscript_desc = descsum_create('wsh(and_v(v:ripemd160(095ff41131e5946f3c85f79e44adbcf8e27e080e),multi(1,' + node.get_deterministic_priv_key().key +
15-                                            ',tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)))')
16-        wallet.importdescriptors([
17-            {
18-                'desc': tr_desc,
19-                'timestamp': TIME_GENESIS_BLOCK,
20-            },
21-            {
22-                'desc': miniscript_desc,
23-                'timestamp': TIME_GENESIS_BLOCK,
24-            }
25-        ])
26+
27+        expected_descs = {
28+            descsum_create('tr(' + node.get_deterministic_priv_key().key +
29+                ',{pk(03cdabb7f2dce7bfbd8a0b9570c6fd1e712e5d64045e9d6b517b3d5072251dc204)' +
30+                ',pk([d34db33f/44h/0h/0h]tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)})'),
31+            descsum_create('wsh(and_v(v:ripemd160(095ff41131e5946f3c85f79e44adbcf8e27e080e),multi(1,' + node.get_deterministic_priv_key().key +
32+                ',tpubD6NzVbkrYhZ4WaWSyoBvQwbpLkojyoTZPRsgXELWz3Popb3qkjcJyJUGLnL4qHHoQvao8ESaAstxYSnhyswJ76uZPStJRJCTKvosUCJZL5B/0)))'),
33+            descsum_create('tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XcACN3PEwNjRpR1g4tZjBVk5pdMR2B6dbd3HYhdGVZNKofAiFZd9okBserZvv58A6tBX4pE64UpXGNTSesfUW7PpW36HuKz)/7/8/*))'),
34+            descsum_create('tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV/10,tpubD6NzVbkrYhZ4XcACN3PEwNjRpR1g4tZjBVk5pdMR2B6dbd3HYhdGVZNKofAiFZd9okBserZvv58A6tBX4pE64UpXGNTSesfUW7PpW36HuKz/11)/*))'),
35+            descsum_create('tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(musig(tpubD6NzVbkrYhZ4Wo2WcFSgSqRD9QWkGxddo6WSqsVBx7uQ8QEtM7WncKDRjhFEexK119NigyCsFygA4b7sAPQxqebyFGAZ9XVV1BtcgNzbCRR,tprv8ZgxMBicQKsPen4PGtDwURYnCtVMDejyE8vVwMGhQWfVqB2FBPdekhTacDW4vmsKTsgC1wsncVqXiZdX2YFGAnKoLXYf42M78fQJFzuDYFN)/12/*),pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})')
36+        }
37+
38+        descs_to_import = []
39+        for desc in expected_descs:
40+            descs_to_import.append({'desc': desc, 'timestamp': TIME_GENESIS_BLOCK})
41+
42+        wallet.importdescriptors(descs_to_import)
43         result = wallet.listdescriptors(True)
44-        expected_descs = [tr_desc, miniscript_desc]
45         actual_descs = [d['desc'] for d in result['descriptors']]
46-        assert_equal(actual_descs, expected_descs)
47+
48+        assert_equal(len(actual_descs), len(expected_descs))
49+        for desc in actual_descs:
50+            if desc not in expected_descs:
51+                raise AssertionError(f"{desc} missing")
52+
53 
54 
55 if __name__ == '__main__':

rkrux commented at 10:01 am on October 3, 2025:

There appears to be an issue with the following MuSig descriptor that fails the test:

One of the MuSig portion in the descriptor doesn’t contain any private key for which the listdescriptors(true) returns a pk() instead of defaulting to the public keys whereas the listdescriptors() works fine.

0        desc = descsum_create('tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(musig(tpubD6NzVbkrYhZ4Wo2WcFSgSqRD9QWkGxddo6WSqsVBx7uQ8QEtM7WncKDRjhFEexK119NigyCsFygA4b7sAPQxqebyFGAZ9XVV1BtcgNzbCRR,tpubD6NzVbkrYhZ4Wc3i6L6N1Pp7cyVeyMcdLrFGXGDGzCfdCa5F4Zs3EY46N72Ws8QDEUYBVwXfDfda2UKSseSdU1fsBegJBhGCZyxkf28bkQ6)/12/*),pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})')
1        result = wallet.importdescriptors([{
2            'desc': desc,
3            'timestamp': TIME_GENESIS_BLOCK,
4        }])
5        result = wallet.listdescriptors(True)
6        result = wallet.listdescriptors()

Debug Output for result object.

 02025-10-03T09:56:03.473944Z TestFramework (INFO): Test descriptor with missing private keys
 1'tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(musig(tpubD6NzVbkrYhZ4Wo2WcFSgSqRD9QWkGxddo6WSqsVBx7uQ8QEtM7WncKDRjhFEexK119NigyCsFygA4b7sAPQxqebyFGAZ9XVV1BtcgNzbCRR,tpubD6NzVbkrYhZ4Wc3i6L6N1Pp7cyVeyMcdLrFGXGDGzCfdCa5F4Zs3EY46N72Ws8QDEUYBVwXfDfda2UKSseSdU1fsBegJBhGCZyxkf28bkQ6)/12/*),pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})#jd2qx33n'
 2[{'success': True,
 3  'warnings': ['Range not given, using default keypool range',
 4               'Not all private keys provided. Some wallet functionality may '
 5               'return unexpected errors']}]
 6{'wallet_name': 'w5',
 7 'descriptors': [{'desc': 'tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(),pk(musig(tprv8ZgxMBicQKsPeNLUGrbv3b7qhUk1LQJZAGMuk9gVuKh9sd4BWGp1eMsehUni6qGb8bjkdwBxCbgNGdh2bYGACK5C5dRTaif9KBKGVnSezxV,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})#53ynphm7',
 8                  'timestamp': 1296688602,
 9                  'active': False,
10                  'range': [0, 0],
11                  'next': 0,
12                  'next_index': 0}]}
13{'wallet_name': 'w5',
14 'descriptors': [{'desc': 'tr(03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,{pk(musig(tpubD6NzVbkrYhZ4Wo2WcFSgSqRD9QWkGxddo6WSqsVBx7uQ8QEtM7WncKDRjhFEexK119NigyCsFygA4b7sAPQxqebyFGAZ9XVV1BtcgNzbCRR,tpubD6NzVbkrYhZ4Wc3i6L6N1Pp7cyVeyMcdLrFGXGDGzCfdCa5F4Zs3EY46N72Ws8QDEUYBVwXfDfda2UKSseSdU1fsBegJBhGCZyxkf28bkQ6)/12/*),pk(musig(tpubD6NzVbkrYhZ4XqNGAWGWSzmxGWFwVjVTjZxh2fioKbVYi7Jx8fdbprVWsdW7mHwqjchBVas8TLZG4Xwuz4RKU4iaCqiCvoSkFCzQptqk5Y1,tpubD6NzVbkrYhZ4XWb6fGPjyhgLxapUhXszv7ehQYrQWDgDX4nYWcNcbgWcM2RhYo9s2mbZcfZJ8t5LzYcr24FK79zVybsw5Qj3Rtqug8jpJMy)/13/*)})#8396h37a',
15                  'timestamp': 1296688602,
16                  'active': False,
17                  'range': [0, 0],
18                  'next': 0,
19                  'next_index': 0}]}

The following patch in MuSigPubkeyProvider seems to fix it.

out doesn’t need to be cleared if no priv keys found. For non watch-only wallets, a descriptor without any private keys can’t be imported anyway so there can’t be a case wherein we need to propagate this check from MuSigPubkeyProvider to TrDescriptor.

It can be assumed that any other portion of the descriptor will have a private key.

I haven’t verified this^ assumption for every possible scenario and I suggest adding few more cases in this test wherein a private key is present in different portions of the tr() descriptor with musig(). Few templates for reference from #29675 PR: https://github.com/bitcoin/bitcoin/pull/29675/commits/ac599c4a9cb3b2d424932d3fd91f9eed17426827#diff-c94f9555a2569240d362a00a82764f4714f6c65283e3f96725cf2a1043a296b5R224-R238

After this PR, pubkey->ToPrivateString defaults to returning the public key in tmp, so the subsequent else block is redundant now.

 0diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
 1index 6eafcaa94c..76d4c8bb02 100644
 2--- a/src/script/descriptor.cpp
 3+++ b/src/script/descriptor.cpp
 4@@ -726,17 +726,14 @@ public:
 5             std::string tmp;
 6             if (pubkey->ToPrivateString(arg, tmp)) {
 7                 any_privkeys = true;
 8-                out += tmp;
 9-            } else {
10-                out += pubkey->ToString();
11             }
12+            out += tmp;
13         }
14         out += ")";
15         out += FormatHDKeypath(m_path);
16         if (IsRangedDerivation()) {
17             out += "/*";
18         }
19-        if (!any_privkeys) out.clear();
20         return any_privkeys;
21     }
22     bool ToNormalizedString(const SigningProvider& arg, std::string& out, const DescriptorCache* cache = nullptr) const override

Eunovo commented at 1:37 am on October 5, 2025:

Thanks for pointing this out.

out doesn’t need to be cleared if no priv keys found. For non watch-only wallets, a descriptor without any private keys can’t be imported anyway so there can’t be a case wherein we need to propagate this check from MuSigPubkeyProvider to TrDescriptor.

Yes, there must be a private key somewhere in the descriptor, so the MusigPubkeyProvider should not clear the string.

I used your patch and added you as co-author.

in src/wallet/rpc/backup.cpp:495 in a797b2ab6b outdated

490@@ -490,6 +491,9 @@ RPCHelpMan listdescriptors()
491     if (!wallet) return UniValue::VNULL;
492 
493     const bool priv = !request.params[0].isNull() && request.params[0].get_bool();
494+    if (wallet->IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS) && priv) {
495+        throw JSONRPCError(RPC_WALLET_ERROR, "Can't get private descriptor string for watch-only wallets");

rkrux commented at 9:32 am on October 3, 2025:

In a797b2ab6ba69732a1b6f1b54b7785d4b802170e “walletrpc: reject listdes with priv key on w-only wallets”

Nit: To make it explicit in the error that the request params combination is invalid.

0- throw JSONRPCError(RPC_WALLET_ERROR, "Can't get private descriptor string for watch-only wallets");
1+ throw JSONRPCError(RPC_WALLET_ERROR, "Invalid request to get private descriptor string for watch-only wallets");

Eunovo commented at 1:40 am on October 5, 2025:

I don’t believe the suggested message is an improvement, so I will leave it as is.

rkrux changes_requested

rkrux commented at 11:02 am on October 3, 2025: contributor

Requesting changes because found an issue with the musig() descriptor that can be fixed in this PR itself.

descriptors: add HavePrivateKeys()

Previously, to determine if a desc is watchonly, `ToPrivateString()`, was used.
It returns `false` if there is at least one pubkey in the descriptor for which
the provider  does not have a private key.

ToPrivateString() behaviour will change in the following commits to only
return `false` if no priv keys could be found for the pub keys in the descriptor.

HavePrivateKeys() is added here to replace the use of ToPrivateString() for determining
if a descriptor is 'watchonly'.

Co-authored-by: rkrux <rkrux.connect@gmail.com>

8dbad13eda

wallet/migration: use HavePrivateKeys in place of ToPrivateString

ToPrivateString() behaviour will be modified in the following commits.
This change ensures that wallet migration does not break.

1887747189

in src/test/descriptor_tests.cpp:52 in 74521dd6d4

48@@ -49,7 +49,7 @@ constexpr int SIGNABLE = 1 << 3; // We can sign with this descriptor (this is no
49 constexpr int DERIVE_HARDENED = 1 << 4; // The final derivation is hardened, i.e. ends with *' or *h
50 constexpr int MIXED_PUBKEYS = 1 << 5;
51 constexpr int XONLY_KEYS = 1 << 6; // X-only pubkeys are in use (and thus inferring/caching may swap parity of pubkeys/keyids)
52-constexpr int MISSING_PRIVKEYS = 1 << 7; // Not all private keys are available, so ToPrivateString will fail.
53+constexpr int MISSING_PRIVKEYS = 1 << 7; // Not all private keys are available, so ToPrivateString will fail and HavePrivateKeys() will return `true`.

DrahtBot commented at 11:16 am on October 3, 2025:

Not all private keys are available, so ToPrivateString will fail and HavePrivateKeys() will return true. -> … will return false. [The comment contradicts the flag name and intent — if private keys are missing, HavePrivateKeys() should be false; the current text stating true is likely a typo and is misleading.]

rkrux commented at 11:41 am on October 3, 2025:

Is this comment in the code correct?

s/HavePrivateKeys/HasAllPrivateKeys because the current implementation of HavePrivateKeys returns false immediately if a corresponding private key is not found for a public key; the function doc suggests this too - “Whether the given provider has all private keys required by this descriptor.”

Whereas ToPrivateString returns true if any private key is found, the usage of any_success also suggests this.

Eunovo commented at 1:39 am on October 5, 2025:

I have updated the comment.

Eunovo force-pushed on Oct 5, 2025

descriptor: refactor ToPrivateString for providers

This commit modifies the Pubkey providers to return the public string
if private data is not available.
This is setup for a future commit to make Descriptor::ToPrivateString
return strings with missing private key information.

Co-authored-by: rkrux <rkrux.connect@gmail.com>

2cd7a024f9

descriptor: ToPrivateString() pass if at least 1 priv key exists

- Refactor Descriptor::ToPrivateString() to allow descriptors with
  missing private keys to be printed. Useful in descriptors with
  multiple keys e.g tr() etc.
- The existing behaviour of listdescriptors is preserved as much as
  possible, if no private keys are availablle ToPrivateString will
  return false

eef0100cee

walletrpc: reject listdes with priv key on w-only wallets 88f489c375

test: Test listdescs with priv works even with missing priv keys

Co-authored-by: rkrux <rkrux.connect@gmail.com>

8b4d4b392c

Eunovo force-pushed on Oct 5, 2025

rkrux approved

rkrux commented at 11:16 am on October 6, 2025: contributor

lgtm ACK 8b4d4b3

Thanks for quickly addressing the comments.

0git range-diff 74521dd...8b4d4b3

I have tried to think if the fix covers all the cases that could possibly arise in various descriptors containing private keys partially. Essentially, the ToPrivateString function of the descriptor classes returns true even if there is a single private key available for it, whereas the newly added HavePrivateKeys function returns true when all the private keys for the descriptor are available & hence, it’s used in the wallet migration code now. Very good that the latest push also tests for the missing private keys case in the else block in the descriptor unit tests!

Note: I have limited exposure to the Miniscript code as of now; I might re-review later that portion again, but looks ok right now.

This issue has popped up in my own local quite a few times where it became hard for me to continue my workflow, hope it gets checked in soon!

wallet/rpc: fix listdescriptors RPC fails to return descriptors with private key information when wallet contains descriptors missing any key #32471

Notes

Relevant PRs

Testing

Code Coverage & Benchmarks

Reviews

Conflicts