Documentation ¶
Overview ¶
Package keys provides common key management API.
The Keybase interface ¶
The Keybase interface defines the methods that a type needs to implement to be used as key storage backend. This package provides few implementations out-of-the-box.
NewLegacy ¶
The NewLegacy constructor returns an on-disk implementation backed by LevelDB storage that has been the default implementation used by the SDK until v0.38.0. Due to security concerns, it is recommended to drop it in favor of the NewKeyring constructor as it will be removed in future releases.
NewInMemory ¶
The NewInMemory constructor returns an implementation backed by an in-memory, goroutine-safe map that has historically been used for testing purposes or on-the-fly key generation as the generated keys are discarded when the process terminates or the type instance is garbage collected.
New ¶
The New constructor returns an implementation backed by a keyring library (https://github.com/99designs/keyring), whose aim is to provide a common abstraction and uniform interface between secret stores available for Windows, macOS, and most GNU/Linux distributions as well as operating system-agnostic encrypted file-based backends.
The backends:
os The instance returned by this constructor uses the operating system's default credentials store to handle keys storage operations securely. It should be noted that the keyring keyring may be kept unlocked for the whole duration of the user session. file This backend more closely resembles the previous keyring storage used prior to v0.38.1. It stores the keyring encrypted within the app's configuration directory. This keyring will request a password each time it is accessed, which may occur multiple times in a single command resulting in repeated password prompts. kwallet This backend uses KDE Wallet Manager as a credentials management application: https://github.com/KDE/kwallet pass This backend uses the pass command line utility to store and retrieve keys: https://www.passwordstore.org/ test This backend stores keys insecurely to disk. It does not prompt for a password to be unlocked and it should be use only for testing purposes. memory Same instance as returned by NewInMemory. This backend uses a transient storage. Keys are discarded when the process terminates or the type instance is garbage collected.
Index ¶
- Constants
- Variables
- func RegisterLegacyAminoCodec(cdc *codec.LegacyAmino)
- func SignWithLedger(info Info, msg []byte) (sig []byte, pub types.PubKey, err error)
- type DeriveKeyFunc
- type Exporter
- type Importer
- type Info
- type InfoImporter
- type KeyOutput
- type KeyType
- type KeybaseOption
- type Keyring
- type Language
- type LegacyKeybase
- type Option
- type Options
- type PrivKeyGenFunc
- type SignatureAlgo
- type Signer
- type SigningAlgoList
- type UnsafeExporter
- type UnsafeKeyring
Examples ¶
Constants ¶
const ( BackendFile = "file" BackendOS = "os" BackendKWallet = "kwallet" BackendPass = "pass" BackendTest = "test" BackendMemory = "memory" )
Backend options for Keyring
const (
// DefaultBIP39Passphrase used for deriving seed from mnemonic
DefaultBIP39Passphrase = ""
)
Variables ¶
var ( // ErrUnsupportedSigningAlgo is raised when the caller tries to use a // different signing scheme than secp256k1. ErrUnsupportedSigningAlgo = errors.New("unsupported signing algo") // ErrUnsupportedLanguage is raised when the caller tries to use a // different language than english for creating a mnemonic sentence. ErrUnsupportedLanguage = errors.New("unsupported language: only english is supported") )
Functions ¶
func RegisterLegacyAminoCodec ¶
func RegisterLegacyAminoCodec(cdc *codec.LegacyAmino)
RegisterLegacyAminoCodec registers concrete types and interfaces on the given codec.
func SignWithLedger ¶
SignWithLedger signs a binary message with the ledger device referenced by an Info object and returns the signed bytes and the public key. It returns an error if the device could not be queried or it returned an error.
Types ¶
type DeriveKeyFunc ¶
type DeriveKeyFunc func(mnemonic string, bip39Passphrase, hdPath string, algo hd.PubKeyType) ([]byte, error)
DeriveKeyFunc defines the function to derive a new key from a seed and hd path
type Exporter ¶
type Exporter interface { // Export public key ExportPubKeyArmor(uid string) (string, error) ExportPubKeyArmorByAddress(address sdk.Address) (string, error) // ExportPrivKey returns a private key in ASCII armored format. // It returns an error if the key does not exist or a wrong encryption passphrase is supplied. ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error) ExportPrivKeyArmorByAddress(address sdk.Address, encryptPassphrase string) (armor string, err error) }
Exporter is implemented by key stores that support export of public and private keys.
type Importer ¶
type Importer interface { // ImportPrivKey imports ASCII armored passphrase-encrypted private keys. ImportPrivKey(uid, armor, passphrase string) error // ImportPubKey imports ASCII armored public keys. ImportPubKey(uid string, armor string) error }
Importer is implemented by key stores that support import of public and private keys.
type Info ¶
type Info interface { // Human-readable type for key listing GetType() KeyType // Name of the key GetName() string // Public key GetPubKey() cryptotypes.PubKey // Address GetAddress() types.AccAddress // Bip44 Path GetPath() (*hd.BIP44Params, error) // Algo GetAlgo() hd.PubKeyType }
Info is the publicly exposed information about a keypair
func NewMultiInfo ¶
func NewMultiInfo(name string, pub cryptotypes.PubKey) Info
NewMultiInfo creates a new multiInfo instance
type InfoImporter ¶
type InfoImporter interface { // Import imports ASCII-armored private keys. Import(uid string, armor string) error }
InfoImporter is implemented by those types that want to provide functions necessary to migrate keys from LegacyKeybase types to Keyring types.
func NewInfoImporter ¶
type KeyOutput ¶
type KeyOutput struct { Name string `json:"name" yaml:"name"` Type string `json:"type" yaml:"type"` Address string `json:"address" yaml:"address"` PubKey string `json:"pubkey" yaml:"pubkey"` Mnemonic string `json:"mnemonic,omitempty" yaml:"mnemonic"` Threshold uint `json:"threshold,omitempty" yaml:"threshold"` PubKeys []multisigPubKeyOutput `json:"pubkeys,omitempty" yaml:"pubkeys"` }
KeyOutput defines a structure wrapping around an Info object used for output functionality.
func Bech32ConsKeyOutput ¶
Bech32ConsKeyOutput create a KeyOutput in with "cons" Bech32 prefixes.
func Bech32KeyOutput ¶
Bech32KeyOutput create a KeyOutput in with "acc" Bech32 prefixes. If the public key is a multisig public key, then the threshold and constituent public keys will be added.
func Bech32KeysOutput ¶
Bech32KeysOutput returns a slice of KeyOutput objects, each with the "acc" Bech32 prefixes, given a slice of Info objects. It returns an error if any call to Bech32KeyOutput fails.
func Bech32ValKeyOutput ¶
Bech32ValKeyOutput create a KeyOutput in with "val" Bech32 prefixes.
func NewKeyOutput ¶
NewKeyOutput creates a default KeyOutput instance without Mnemonic, Threshold and PubKeys
type KeyType ¶
type KeyType uint
KeyType reflects a human-readable type for key listing.
type KeybaseOption ¶
type KeybaseOption func(*kbOptions)
KeybaseOption overrides options for the db.
type Keyring ¶
type Keyring interface { // List all keys. List() ([]Info, error) // Supported signing algorithms for Keyring and Ledger respectively. SupportedAlgorithms() (SigningAlgoList, SigningAlgoList) // Key and KeyByAddress return keys by uid and address respectively. Key(uid string) (Info, error) KeyByAddress(address sdk.Address) (Info, error) // Delete and DeleteByAddress remove keys from the keyring. Delete(uid string) error DeleteByAddress(address sdk.Address) error // NewMnemonic generates a new mnemonic, derives a hierarchical deterministic // key from that, and persists it to the storage. Returns the generated mnemonic and the key // Info. It returns an error if it fails to generate a key for the given algo type, or if // another key is already stored under the same name. NewMnemonic(uid string, language Language, hdPath string, algo SignatureAlgo) (Info, string, error) // NewAccount converts a mnemonic to a private key and BIP-39 HD Path and persists it. NewAccount(uid, mnemonic, bip39Passwd, hdPath string, algo SignatureAlgo) (Info, error) // SaveLedgerKey retrieves a public key reference from a Ledger device and persists it. SaveLedgerKey(uid string, algo SignatureAlgo, hrp string, coinType, account, index uint32) (Info, error) // SavePubKey stores a public key and returns the persisted Info structure. SavePubKey(uid string, pubkey types.PubKey, algo hd.PubKeyType) (Info, error) // SaveMultisig stores and returns a new multsig (offline) key reference. SaveMultisig(uid string, pubkey types.PubKey) (Info, error) Signer Importer Exporter }
Keyring exposes operations over a backend supported by github.com/99designs/keyring.
func New ¶
New creates a new instance of a keyring. Keyring ptions can be applied when generating the new instance. Available backends are "os", "file", "kwallet", "memory", "pass", "test".
Example ¶
// Select the encryption and storage for your cryptostore cstore := NewInMemory() sec := hd.Secp256k1 // Add keys and see they return in alphabetical order bob, _, err := cstore.NewMnemonic("Bob", English, sdk.FullFundraiserPath, sec) if err != nil { // this should never happen fmt.Println(err) } else { // return info here just like in List fmt.Println(bob.GetName()) } _, _, _ = cstore.NewMnemonic("Alice", English, sdk.FullFundraiserPath, sec) _, _, _ = cstore.NewMnemonic("Carl", English, sdk.FullFundraiserPath, sec) info, _ := cstore.List() for _, i := range info { fmt.Println(i.GetName()) } // We need to use passphrase to generate a signature tx := []byte("deadbeef") sig, pub, err := cstore.Sign("Bob", tx) if err != nil { fmt.Println("don't accept real passphrase") } // and we can validate the signature with publicly available info binfo, _ := cstore.Key("Bob") if !binfo.GetPubKey().Equals(bob.GetPubKey()) { fmt.Println("Get and Create return different keys") } if pub.Equals(binfo.GetPubKey()) { fmt.Println("signed by Bob") } if !pub.VerifySignature(tx, sig) { fmt.Println("invalid signature") }
Output: Bob Alice Bob Carl signed by Bob
func NewInMemory ¶
NewInMemory creates a transient keyring useful for testing purposes and on-the-fly key generation. Keybase options can be applied when generating this new Keybase.
type Language ¶
type Language int
Language is a language to create the BIP 39 mnemonic in. Currently, only english is supported though. Find a list of all supported languages in the BIP 39 spec (word lists).
const ( // English is the default language to create a mnemonic. // It is the only supported language by this package. English Language = iota + 1 // Japanese is currently not supported. Japanese // Korean is currently not supported. Korean // Spanish is currently not supported. Spanish // ChineseSimplified is currently not supported. ChineseSimplified // ChineseTraditional is currently not supported. ChineseTraditional // French is currently not supported. French // Italian is currently not supported. Italian )
type LegacyKeybase ¶
type LegacyKeybase interface { List() ([]Info, error) Export(name string) (armor string, err error) ExportPrivKey(name, decryptPassphrase, encryptPassphrase string) (armor string, err error) ExportPubKey(name string) (armor string, err error) Close() error }
LegacyKeybase is implemented by the legacy keybase implementation.
func NewLegacy ¶
func NewLegacy(name, dir string, opts ...KeybaseOption) (LegacyKeybase, error)
NewLegacy creates a new instance of a legacy keybase.
type Options ¶
type Options struct { // supported signing algorithms for keyring SupportedAlgos SigningAlgoList // supported signing algorithms for Ledger SupportedAlgosLedger SigningAlgoList }
Options define the options of the Keyring.
type PrivKeyGenFunc ¶
type PrivKeyGenFunc func(bz []byte, algo hd.PubKeyType) (cryptotypes.PrivKey, error)
PrivKeyGenFunc defines the function to convert derived key bytes to a tendermint private key
type SignatureAlgo ¶
type SignatureAlgo interface { Name() hd.PubKeyType Derive() hd.DeriveFn Generate() hd.GenerateFn }
SignatureAlgo defines the interface for a keyring supported algorithm.
func NewSigningAlgoFromString ¶
func NewSigningAlgoFromString(str string, algoList SigningAlgoList) (SignatureAlgo, error)
NewSigningAlgoFromString creates a supported SignatureAlgo.
type Signer ¶
type Signer interface { // Sign sign byte messages with a user key. Sign(uid string, msg []byte) ([]byte, types.PubKey, error) // SignByAddress sign byte messages with a user key providing the address. SignByAddress(address sdk.Address, msg []byte) ([]byte, types.PubKey, error) }
Signer is implemented by key stores that want to provide signing capabilities.
type SigningAlgoList ¶
type SigningAlgoList []SignatureAlgo
SigningAlgoList is a slice of signature algorithms
func (SigningAlgoList) Contains ¶
func (sal SigningAlgoList) Contains(algo SignatureAlgo) bool
Contains returns true if the SigningAlgoList the given SignatureAlgo.
func (SigningAlgoList) String ¶
func (sal SigningAlgoList) String() string
String returns a comma separated string of the signature algorithm names in the list.
type UnsafeExporter ¶
type UnsafeExporter interface { // UnsafeExportPrivKeyHex returns a private key in unarmored hex format UnsafeExportPrivKeyHex(uid string) (string, error) }
UnsafeExporter is implemented by key stores that support unsafe export of private keys' material.
type UnsafeKeyring ¶
type UnsafeKeyring interface { Keyring UnsafeExporter }
UnsafeKeyring exposes unsafe operations such as unsafe unarmored export in addition to those that are made available by the Keyring interface.
func NewUnsafe ¶
func NewUnsafe(kr Keyring) UnsafeKeyring
NewUnsafe returns a new keyring that provides support for unsafe operations.