Documentation ¶
Overview ¶
Package keystore implements encrypted storage of secp256k1 private keys.
Keys are stored as encrypted JSON files according to the Web3 Secret Storage specification. See https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition for more information.
Index ¶
- Constants
- Variables
- func ECDSAPKCompression(p *ecdsa.PublicKey) []byte
- func EncryptKey(key *Key, auth string, scryptN, scryptP int) ([]byte, error)
- func EncryptOnePrivateKey(privateKey *ecdsa.PrivateKey, auth string, scryptN, scryptP int) (*cryptoJSON, error)
- func GeneratePKPairFromWAddress(w []byte) (*ecdsa.PublicKey, *ecdsa.PublicKey, error)
- func GenerateWaddressFromPK(A *ecdsa.PublicKey, B *ecdsa.PublicKey) *common.WAddress
- func LoadECDSAPair(file string) (*ecdsa.PrivateKey, *ecdsa.PrivateKey, error)
- func WaddrFromUncompressedRawBytes(raw []byte) (*common.WAddress, error)
- func WaddrToUncompressedRawBytes(waddr []byte) ([]byte, error)
- type AmbiguousAddrError
- type AwsKmsInfo
- type Key
- type KeyStore
- func (ks *KeyStore) Accounts() []accounts.Account
- func (ks *KeyStore) ComputeOTAPPKeys(a accounts.Account, AX, AY, BX, BY string) ([]string, error)
- func (ks *KeyStore) Delete(a accounts.Account, passphrase string) error
- func (ks *KeyStore) Export(a accounts.Account, passphrase, newPassphrase string) (keyJSON []byte, err error)
- func (ks *KeyStore) Find(a accounts.Account) (accounts.Account, error)
- func (ks *KeyStore) GetKey(a accounts.Account, passphrase string) (*Key, error)
- func (ks *KeyStore) GetWanAddress(account accounts.Account) (common.WAddress, error)
- func (ks *KeyStore) HasAddress(addr common.Address) bool
- func (ks *KeyStore) Import(keyJSON []byte, passphrase, newPassphrase string) (accounts.Account, error)
- func (ks *KeyStore) ImportECDSA(priv1, priv2 *ecdsa.PrivateKey, passphrase string) (accounts.Account, error)
- func (ks *KeyStore) ImportPreSaleKey(keyJSON []byte, passphrase string) (accounts.Account, error)
- func (ks *KeyStore) Lock(addr common.Address) error
- func (ks *KeyStore) NewAccount(passphrase string) (accounts.Account, error)
- func (ks *KeyStore) SignHash(a accounts.Account, hash []byte) ([]byte, error)
- func (ks *KeyStore) SignHashWithPassphrase(a accounts.Account, passphrase string, hash []byte) (signature []byte, err error)
- func (ks *KeyStore) SignTx(a accounts.Account, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
- func (ks *KeyStore) SignTxWithPassphrase(a accounts.Account, passphrase string, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
- func (ks *KeyStore) Subscribe(sink chan<- accounts.WalletEvent) event.Subscription
- func (ks *KeyStore) TimedUnlock(a accounts.Account, passphrase string, timeout time.Duration) error
- func (ks *KeyStore) TimedUnlockMemKey(a accounts.Account, keyjson []byte, passphrase string, timeout time.Duration) error
- func (ks *KeyStore) Unlock(a accounts.Account, passphrase string) error
- func (ks *KeyStore) UnlockMemKey(a accounts.Account, keyjson []byte, passphrase string) error
- func (ks *KeyStore) Update(a accounts.Account, passphrase, newPassphrase string) error
- func (ks *KeyStore) Wallets() []accounts.Wallet
Constants ¶
const ( // StandardScryptN is the N parameter of Scrypt encryption algorithm, using 256MB // memory and taking approximately 1s CPU time on a modern processor. StandardScryptN = 1 << 18 // StandardScryptP is the P parameter of Scrypt encryption algorithm, using 256MB // memory and taking approximately 1s CPU time on a modern processor. StandardScryptP = 1 // LightScryptN is the N parameter of Scrypt encryption algorithm, using 4MB // memory and taking approximately 100ms CPU time on a modern processor. LightScryptN = 1 << 12 // LightScryptP is the P parameter of Scrypt encryption algorithm, using 4MB // memory and taking approximately 100ms CPU time on a modern processor. LightScryptP = 6 )
const (
AwsKMSCiphertextFileExt = "-cipher"
)
Minimum amount of time between cache reloads. This limit applies if the platform does not support change notifications. It also applies if the keystore directory does not exist yet, the code will attempt to create a watcher at most this often.
Variables ¶
var ( ErrLocked = accounts.NewAuthNeededError("password or unlock") ErrNoMatch = errors.New("no key for given address or file") ErrDecrypt = errors.New("could not decrypt key with given passphrase") ErrInvalidKmsInfo = errors.New("invalid AWS KMS info") )
var ( ErrWAddressFieldNotExist = errors.New("It seems that this account doesn't include a valid wanchain address field, please update your keyfile version") ErrWAddressInvalid = errors.New("invalid wanchain address") ErrInvalidAccountKey = errors.New("invalid account key") ErrInvalidPrivateKey = errors.New("invalid private key") )
var KeyStoreScheme = "keystore"
KeyStoreScheme is the protocol scheme prefixing account and wallet URLs.
var KeyStoreType = reflect.TypeOf(&KeyStore{})
KeyStoreType is the reflect type of a keystore backend.
Functions ¶
func ECDSAPKCompression ¶
ECDSAPKCompression serializes a public key in a 33-byte compressed format from btcec
func EncryptKey ¶
EncryptKey encrypts a key using the specified scrypt parameters into a json blob that can be decrypted later on.
func EncryptOnePrivateKey ¶
func EncryptOnePrivateKey(privateKey *ecdsa.PrivateKey, auth string, scryptN, scryptP int) (*cryptoJSON, error)
EncryptOnePrivateKey encrypts a key using the specified scrypt parameters into one field of a json blob that can be decrypted later on.
func GeneratePKPairFromWAddress ¶
GeneratePKPairFromWAddress represents the keystore to retrieve public key-pair from given WAddress
func GenerateWaddressFromPK ¶
func LoadECDSAPair ¶
func LoadECDSAPair(file string) (*ecdsa.PrivateKey, *ecdsa.PrivateKey, error)
LoadECDSAPair loads a secp256k1 private key pair from the given file
Types ¶
type AmbiguousAddrError ¶
AmbiguousAddrError is returned when attempting to unlock an address for which more than one file exists.
func (*AmbiguousAddrError) Error ¶
func (err *AmbiguousAddrError) Error() string
type AwsKmsInfo ¶
type Key ¶
type Key struct { Id uuid.UUID // Version 4 "random" for unique id not derived from key data // to simplify lookups we also store the address Address common.Address // we only store privkey as pubkey/address can be derived from it // privkey in this struct is always in plaintext PrivateKey *ecdsa.PrivateKey // add a second privkey for privary PrivateKey2 *ecdsa.PrivateKey // compact wanchain address format WAddress common.WAddress }
func DecryptKey ¶
DecryptKey decrypts a key from a json blob, returning the private key itself.
func GenerateKeyWithWAddress ¶
Generate a Key initialized with WAddress field
func NewKeyForDirectICAP ¶
NewKeyForDirectICAP generates a key whose address fits into < 155 bits so it can fit into the Direct ICAP spec. for simplicity and easier compatibility with other libs, we retry until the first byte is 0.
func (*Key) MarshalJSON ¶
func (*Key) UnmarshalJSON ¶
type KeyStore ¶
type KeyStore struct {
// contains filtered or unexported fields
}
KeyStore manages a key storage directory on disk.
func NewKeyStore ¶
NewKeyStore creates a keystore for the given directory.
func NewPlaintextKeyStore ¶
NewPlaintextKeyStore creates a keystore for the given directory. Deprecated: Use NewKeyStore.
func (*KeyStore) ComputeOTAPPKeys ¶
func (*KeyStore) Delete ¶
Delete deletes the key matched by account if the passphrase is correct. If the account contains no filename, the address must match a unique key.
func (*KeyStore) Export ¶
func (ks *KeyStore) Export(a accounts.Account, passphrase, newPassphrase string) (keyJSON []byte, err error)
Export exports as a JSON key, encrypted with newPassphrase.
func (*KeyStore) GetWanAddress ¶
GetWanAddress represents the keystore to retrieve corresponding wanchain public address for a specific ordinary account/address
func (*KeyStore) HasAddress ¶
HasAddress reports whether a key with the given address is present.
func (*KeyStore) Import ¶
func (ks *KeyStore) Import(keyJSON []byte, passphrase, newPassphrase string) (accounts.Account, error)
Import stores the given encrypted JSON key into the key directory.
func (*KeyStore) ImportECDSA ¶
func (ks *KeyStore) ImportECDSA(priv1, priv2 *ecdsa.PrivateKey, passphrase string) (accounts.Account, error)
ImportECDSA stores the given key into the key directory, encrypting it with the passphrase.
func (*KeyStore) ImportPreSaleKey ¶
ImportPreSaleKey decrypts the given Ethereum presale wallet and stores a key file in the key directory. The key file is encrypted with the same passphrase.
func (*KeyStore) NewAccount ¶
NewAccount generates a new key and stores it into the key directory, encrypting it with the passphrase.
func (*KeyStore) SignHash ¶
SignHash calculates a ECDSA signature for the given hash. The produced signature is in the [R || S || V] format where V is 0 or 1.
func (*KeyStore) SignHashWithPassphrase ¶
func (ks *KeyStore) SignHashWithPassphrase(a accounts.Account, passphrase string, hash []byte) (signature []byte, err error)
SignHashWithPassphrase signs hash if the private key matching the given address can be decrypted with the given passphrase. The produced signature is in the [R || S || V] format where V is 0 or 1.
func (*KeyStore) SignTx ¶
func (ks *KeyStore) SignTx(a accounts.Account, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
SignTx signs the given transaction with the requested account.
func (*KeyStore) SignTxWithPassphrase ¶
func (ks *KeyStore) SignTxWithPassphrase(a accounts.Account, passphrase string, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)
SignTxWithPassphrase signs the transaction if the private key matching the given address can be decrypted with the given passphrase.
func (*KeyStore) Subscribe ¶
func (ks *KeyStore) Subscribe(sink chan<- accounts.WalletEvent) event.Subscription
Subscribe implements accounts.Backend, creating an async subscription to receive notifications on the addition or removal of keystore wallets.
func (*KeyStore) TimedUnlock ¶
TimedUnlock unlocks the given account with the passphrase. The account stays unlocked for the duration of timeout. A timeout of 0 unlocks the account until the program exits. The account must match a unique key file.
If the account address is already unlocked for a duration, TimedUnlock extends or shortens the active unlock timeout. If the address was previously unlocked indefinitely the timeout is not altered.