Documentation ¶
Overview ¶
Package keystore implements encrypted storage of secp256k1 private keys.
Keys are stored as encrypted JSON files according to the Web3 Secret Storage specification. See https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition for more information.
Source Files ¶
Each file contains following contents
- account_cache.go : Provides `accountCache` which contains a live index of all accounts in keystore folder
- file_cache.go : Provides `fileCache` which contains information of all files in keystore folder
- key.go : Defines `KeyV3` struct, `keyStore` interface and related functions
- keyv4.go : Defines `KeyV4` struct.
- keystore.go : Defines `KeyStore` which manages a key storage directory on disk and related functions
- keystore_passphrase.go: Provides functions to encrypt and decrypt `Key` with a passphrase
- keystore_plain.go : Deprecated
- keystore_wallet.go : Defines `keystoreWallet` struct which implements accounts.Wallet interface. Wallet represents a software or hardware wallet that might contain one or more accounts
- presale.go : Deprecated
- watch.go : Provides a watcher which monitors any changes on the keystore folder
- watch_fallback.go : Provides an empty watcher for unsupported platforms
Index ¶
- Constants
- Variables
- func EncryptKey(key Key, auth string, scryptN, scryptP int) ([]byte, error)
- func EncryptKeyEIP2335(key *KeyEIP2335, password string, scryptN, scryptP int) ([]byte, error)
- func EncryptKeyV3(key Key, auth string, scryptN, scryptP int) ([]byte, error)
- func StoreKey(dir, auth string, scryptN, scryptP int) (common.Address, error)
- type AmbiguousAddrError
- type Key
- type KeyEIP2335
- type KeyStore
- func (ks *KeyStore) Accounts() []accounts.Account
- func (ks *KeyStore) Delete(a accounts.Account, passphrase string) error
- func (ks *KeyStore) Export(a accounts.Account, passphrase, newPassphrase string) (keyJSON []byte, err error)
- func (ks *KeyStore) Find(a accounts.Account) (accounts.Account, error)
- func (ks *KeyStore) HasAddress(addr common.Address) bool
- func (ks *KeyStore) Import(keyJSON []byte, passphrase, newPassphrase string) (accounts.Account, error)
- func (ks *KeyStore) ImportECDSA(priv *ecdsa.PrivateKey, passphrase string) (accounts.Account, error)
- func (ks *KeyStore) ImportECDSAWithAddress(priv *ecdsa.PrivateKey, passphrase string, address *common.Address) (accounts.Account, error)
- func (ks *KeyStore) IsUnlocked(addr common.Address) bool
- func (ks *KeyStore) Lock(addr common.Address) error
- func (ks *KeyStore) NewAccount(passphrase string) (accounts.Account, error)
- func (ks *KeyStore) ReplaceECDSAWithAddress(priv *ecdsa.PrivateKey, passphrase string, newPassphrase string, ...) (accounts.Account, error)
- func (ks *KeyStore) SignHash(a accounts.Account, hash []byte) ([]byte, error)
- func (ks *KeyStore) SignHashWithPassphrase(a accounts.Account, passphrase string, hash []byte) (signature []byte, err error)
- func (ks *KeyStore) SignTx(a accounts.Account, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
- func (ks *KeyStore) SignTxAsFeePayer(a accounts.Account, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
- func (ks *KeyStore) SignTxAsFeePayerWithPassphrase(a accounts.Account, passphrase string, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
- func (ks *KeyStore) SignTxWithPassphrase(a accounts.Account, passphrase string, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
- func (ks *KeyStore) Subscribe(sink chan<- accounts.WalletEvent) event.Subscription
- func (ks *KeyStore) TimedUnlock(a accounts.Account, passphrase string, timeout time.Duration) error
- func (ks *KeyStore) Unlock(a accounts.Account, passphrase string) error
- func (ks *KeyStore) Update(a accounts.Account, passphrase, newPassphrase string) error
- func (ks *KeyStore) UpdateKey(a accounts.Account, newKey Key, passphrase, newPassphrase string) error
- func (ks *KeyStore) Wallets() []accounts.Wallet
- type KeyV3
- func (k *KeyV3) GetAddress() common.Address
- func (k *KeyV3) GetId() uuid.UUID
- func (k *KeyV3) GetPrivateKey() *ecdsa.PrivateKey
- func (k *KeyV3) GetPrivateKeys() [][]*ecdsa.PrivateKey
- func (k *KeyV3) GetPrivateKeysWithRole(role int) []*ecdsa.PrivateKey
- func (k *KeyV3) MarshalJSON() (j []byte, err error)
- func (k *KeyV3) ResetPrivateKey()
- func (k *KeyV3) UnmarshalJSON(j []byte) (err error)
- type KeyV4
- func (k *KeyV4) GetAddress() common.Address
- func (k *KeyV4) GetId() uuid.UUID
- func (k *KeyV4) GetPrivateKey() *ecdsa.PrivateKey
- func (k *KeyV4) GetPrivateKeys() [][]*ecdsa.PrivateKey
- func (k *KeyV4) GetPrivateKeysWithRole(role int) []*ecdsa.PrivateKey
- func (k *KeyV4) MarshalJSON() (j []byte, err error)
- func (k *KeyV4) ResetPrivateKey()
- func (k *KeyV4) UnmarshalJSON(j []byte) (err error)
Constants ¶
const ( // StandardScryptN is the N parameter of Scrypt encryption algorithm, using 256MB // memory and taking approximately 1s CPU time on a modern processor. StandardScryptN = 1 << 18 // StandardScryptP is the P parameter of Scrypt encryption algorithm, using 256MB // memory and taking approximately 1s CPU time on a modern processor. StandardScryptP = 1 // LightScryptN is the N parameter of Scrypt encryption algorithm, using 4MB // memory and taking approximately 100ms CPU time on a modern processor. LightScryptN = 1 << 12 // LightScryptP is the P parameter of Scrypt encryption algorithm, using 4MB // memory and taking approximately 100ms CPU time on a modern processor. LightScryptP = 6 )
Variables ¶
var ( ErrLocked = accounts.NewAuthNeededError("password or unlock") ErrNoMatch = errors.New("no key for given address or file") ErrDecrypt = errors.New("could not decrypt key with given passphrase") ErrChainIdNil = errors.New("Chain ID should not be nil") )
var KeyStoreScheme = "keystore"
KeyStoreScheme is the protocol scheme prefixing account and wallet URLs.
var KeyStoreType = reflect.TypeOf(&KeyStore{})
KeyStoreType is the reflect type of a keystore backend.
Functions ¶
func EncryptKey ¶
EncryptKey encrypts a key using the specified scrypt parameters into a json blob that can be decrypted later on. It uses the keystore v4 format.
func EncryptKeyEIP2335 ¶
func EncryptKeyEIP2335(key *KeyEIP2335, password string, scryptN, scryptP int) ([]byte, error)
EncryptKeyEIP2335 encrypts a BLS key using the specified scrypt parameters into a JSON blob that can be decrypted later on.
func EncryptKeyV3 ¶
EncryptKeyV3 encrypts a key using the specified scrypt parameters into a json blob that can be decrypted later on. It uses the keystore v3 format.
Types ¶
type AmbiguousAddrError ¶
AmbiguousAddrError is returned when attempting to unlock an address for which more than one file exists.
func (*AmbiguousAddrError) Error ¶
func (err *AmbiguousAddrError) Error() string
type Key ¶
type Key interface { json.Marshaler json.Unmarshaler // Returns key ID. GetId() uuid.UUID // Returns the address of the keystore. GetAddress() common.Address // Returns the default key of the keystore. GetPrivateKey() *ecdsa.PrivateKey // Returns all keys in the keystore. GetPrivateKeys() [][]*ecdsa.PrivateKey // Returns all keys in the specified role in the keystore. GetPrivateKeysWithRole(role int) []*ecdsa.PrivateKey // Resets all the keys in the keystore. ResetPrivateKey() }
Key represents a keystore storing private keys of an account.
func DecryptKey ¶
DecryptKey decrypts a key from a json blob, returning the private key itself. TODO: use encryptedKeyJSON object directly instead of double unmarshalling.
func NewKeyForDirectICAP ¶
NewKeyForDirectICAP generates a key whose address fits into < 155 bits so it can fit into the Direct ICAP spec. for simplicity and easier compatibility with other libs, we retry until the first byte is 0.
type KeyEIP2335 ¶
type KeyEIP2335 struct { ID uuid.UUID // Version 4 "random" for unique id not derived from key data PublicKey bls.PublicKey // Represents the public key of the user. SecretKey bls.SecretKey // Represents the private key of the user. }
KeyEIP2335 is a decrypted BLS12-381 keypair.
func DecryptKeyEIP2335 ¶
func DecryptKeyEIP2335(keyJSON []byte, password string) (*KeyEIP2335, error)
DecryptKeyEIP2335 decrypts a key from an EIP-2335 JSON blob, returning the BLS private key.
func NewKeyEIP2335 ¶
func NewKeyEIP2335(blsKey bls.SecretKey) *KeyEIP2335
NewKeyEIP2335 creates a new EIP-2335 keystore Key type using a BLS private key.
type KeyStore ¶
type KeyStore struct {
// contains filtered or unexported fields
}
KeyStore manages a key storage directory on disk.
func NewKeyStore ¶
NewKeyStore creates a keystore for the given directory.
func NewPlaintextKeyStore ¶
NewPlaintextKeyStore creates a keystore for the given directory. Deprecated: Use NewKeyStore.
func (*KeyStore) Delete ¶
Delete deletes the key matched by account if the passphrase is correct. If the account contains no filename, the address must match a unique key.
func (*KeyStore) Export ¶
func (ks *KeyStore) Export(a accounts.Account, passphrase, newPassphrase string) (keyJSON []byte, err error)
Export exports as a JSON key, encrypted with newPassphrase.
func (*KeyStore) HasAddress ¶
HasAddress reports whether a key with the given address is present.
func (*KeyStore) Import ¶
func (ks *KeyStore) Import(keyJSON []byte, passphrase, newPassphrase string) (accounts.Account, error)
Import stores the given encrypted JSON key into the key directory.
func (*KeyStore) ImportECDSA ¶
func (ks *KeyStore) ImportECDSA(priv *ecdsa.PrivateKey, passphrase string) (accounts.Account, error)
ImportECDSA stores the given key into the key directory, encrypting it with the passphrase.
func (*KeyStore) ImportECDSAWithAddress ¶
func (ks *KeyStore) ImportECDSAWithAddress(priv *ecdsa.PrivateKey, passphrase string, address *common.Address) (accounts.Account, error)
ImportECDSAWithAddress stores the given key and address into the key directory, encrypting it with the passphrase.
func (*KeyStore) IsUnlocked ¶
IsUnlocked returns if the account is unlocked or not.
func (*KeyStore) NewAccount ¶
NewAccount generates a new key and stores it into the key directory, encrypting it with the passphrase.
func (*KeyStore) ReplaceECDSAWithAddress ¶
func (ks *KeyStore) ReplaceECDSAWithAddress(priv *ecdsa.PrivateKey, passphrase string, newPassphrase string, address *common.Address) (accounts.Account, error)
ReplaceECDSAWithAddress stores the given key and address into the key directory, encrypting it with the newPassphrase. This first checks that the target address exists and it can be unlocked with passphrase.
func (*KeyStore) SignHash ¶
SignHash calculates a ECDSA signature for the given hash. The produced signature is in the [R || S || V] format where V is 0 or 1.
func (*KeyStore) SignHashWithPassphrase ¶
func (ks *KeyStore) SignHashWithPassphrase(a accounts.Account, passphrase string, hash []byte) (signature []byte, err error)
SignHashWithPassphrase signs hash if the private key matching the given address can be decrypted with the given passphrase. The produced signature is in the [R || S || V] format where V is 0 or 1.
func (*KeyStore) SignTx ¶
func (ks *KeyStore) SignTx(a accounts.Account, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
SignTx signs the given transaction with the requested account.
func (*KeyStore) SignTxAsFeePayer ¶
func (ks *KeyStore) SignTxAsFeePayer(a accounts.Account, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
SignTxAsFeePayer signs the given transaction as a fee payer with the requested account.
func (*KeyStore) SignTxAsFeePayerWithPassphrase ¶
func (ks *KeyStore) SignTxAsFeePayerWithPassphrase(a accounts.Account, passphrase string, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
SignTxAsFeePayerWithPassphrase signs the transaction as a fee payer if the private key matching the given address can be decrypted with the given passphrase.
func (*KeyStore) SignTxWithPassphrase ¶
func (ks *KeyStore) SignTxWithPassphrase(a accounts.Account, passphrase string, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
SignTxWithPassphrase signs the transaction if the private key matching the given address can be decrypted with the given passphrase.
func (*KeyStore) Subscribe ¶
func (ks *KeyStore) Subscribe(sink chan<- accounts.WalletEvent) event.Subscription
Subscribe implements accounts.Backend, creating an async subscription to receive notifications on the addition or removal of keystore wallets.
func (*KeyStore) TimedUnlock ¶
TimedUnlock unlocks the given account with the passphrase. The account stays unlocked for the duration of timeout. A timeout of 0 unlocks the account until the program exits. The account must match a unique key file.
If the account address is already unlocked for a duration, TimedUnlock extends or shortens the active unlock timeout. If the address was previously unlocked indefinitely the timeout is not altered.
type KeyV3 ¶
type KeyV3 struct { Id uuid.UUID // Version 4 "random" for unique id not derived from key data // to simplify lookups we also store the address Address common.Address // we only store privkey as pubkey/address can be derived from it // privkey in this struct is always in plaintext PrivateKey *ecdsa.PrivateKey }
func (*KeyV3) GetAddress ¶
func (*KeyV3) GetPrivateKey ¶
func (k *KeyV3) GetPrivateKey() *ecdsa.PrivateKey
func (*KeyV3) GetPrivateKeys ¶
func (k *KeyV3) GetPrivateKeys() [][]*ecdsa.PrivateKey
func (*KeyV3) GetPrivateKeysWithRole ¶
func (k *KeyV3) GetPrivateKeysWithRole(role int) []*ecdsa.PrivateKey
func (*KeyV3) MarshalJSON ¶
func (*KeyV3) ResetPrivateKey ¶
func (k *KeyV3) ResetPrivateKey()
func (*KeyV3) UnmarshalJSON ¶
type KeyV4 ¶
type KeyV4 struct { Id uuid.UUID // Version 4 "random" for unique id not derived from key data // to simplify lookups we also store the address Address common.Address // We only store privkey as pubkey/address can be derived from it. PrivateKeys [][]*ecdsa.PrivateKey }
func (*KeyV4) GetAddress ¶
func (*KeyV4) GetPrivateKey ¶
func (k *KeyV4) GetPrivateKey() *ecdsa.PrivateKey
func (*KeyV4) GetPrivateKeys ¶
func (k *KeyV4) GetPrivateKeys() [][]*ecdsa.PrivateKey
func (*KeyV4) GetPrivateKeysWithRole ¶
func (k *KeyV4) GetPrivateKeysWithRole(role int) []*ecdsa.PrivateKey
func (*KeyV4) MarshalJSON ¶
func (*KeyV4) ResetPrivateKey ¶
func (k *KeyV4) ResetPrivateKey()