cosmos-sdk: Index | Files | Directories

package crypto

import ""


Package Files

amino.go armor.go ledger_notavail.go ledger_secp256k1.go


var BcryptSecurityParameter = 12

BcryptSecurityParameter is security parameter var, and it can be changed within the lcd test. Making the bcrypt security parameter a var shouldn't be a security issue: One can't verify an invalid key by maliciously changing the bcrypt parameter during a runtime vulnerability. The main security threat this then exposes would be something that changes this during runtime before the user creates their key. This vulnerability must succeed to update this to that same value before every subsequent call to the keys command in future startups / or the attacker must get access to the filesystem. However, with a similar threat model (changing variables in runtime), one can cause the user to sign a different tx than what they see, which is a significantly cheaper attack then breaking a bcrypt hash. (Recall that the nonce still exists to break rainbow tables) For further notes on security parameter choice, see

func ArmorInfoBytes Uses

func ArmorInfoBytes(bz []byte) string

Armor the InfoBytes

func ArmorPubKeyBytes Uses

func ArmorPubKeyBytes(bz []byte, algo string) string

Armor the PubKeyBytes

func EncryptArmorPrivKey Uses

func EncryptArmorPrivKey(privKey crypto.PrivKey, passphrase string, algo string) string

Encrypt and armor the private key.

func LedgerShowAddress Uses

func LedgerShowAddress(path hd.BIP44Params, expectedPubKey tmcrypto.PubKey,
    accountAddressPrefix string) error

LedgerShowAddress triggers a ledger device to show the corresponding address.

func NewPrivKeyLedgerSecp256k1 Uses

func NewPrivKeyLedgerSecp256k1(path hd.BIP44Params, hrp string) (tmcrypto.PrivKey, string, error)

NewPrivKeyLedgerSecp256k1 will generate a new key and store the public key for later use. The request will require user confirmation and will show account and index in the device

func NewPrivKeyLedgerSecp256k1Unsafe Uses

func NewPrivKeyLedgerSecp256k1Unsafe(path hd.BIP44Params) (tmcrypto.PrivKey, error)

NewPrivKeyLedgerSecp256k1Unsafe will generate a new key and store the public key for later use.

This function is marked as unsafe as it will retrieve a pubkey without user verification. It can only be used to verify a pubkey but never to create new accounts/keys. In that case, please refer to NewPrivKeyLedgerSecp256k1

func RegisterAmino Uses

func RegisterAmino(cdc *codec.Codec)

RegisterAmino registers all go-crypto related types in the given (amino) codec.

func UnarmorDecryptPrivKey Uses

func UnarmorDecryptPrivKey(armorStr string, passphrase string) (privKey crypto.PrivKey, algo string, err error)

UnarmorDecryptPrivKey returns the privkey byte slice, a string of the algo type, and an error

func UnarmorInfoBytes Uses

func UnarmorInfoBytes(armorStr string) ([]byte, error)

Unarmor the InfoBytes

func UnarmorPubKeyBytes Uses

func UnarmorPubKeyBytes(armorStr string) (bz []byte, algo string, err error)

UnarmorPubKeyBytes returns the pubkey byte slice, a string of the algo type, and an error

type LedgerSECP256K1 Uses

type LedgerSECP256K1 interface {
    Close() error
    // Returns an uncompressed pubkey
    GetPublicKeySECP256K1([]uint32) ([]byte, error)
    // Returns a compressed pubkey and bech32 address (requires user confirmation)
    GetAddressPubKeySECP256K1([]uint32, string) ([]byte, string, error)
    // Signs a message (requires user confirmation)
    SignSECP256K1([]uint32, []byte) ([]byte, error)

LedgerSECP256K1 reflects an interface a Ledger API must implement for SECP256K1

type PrivKeyLedgerSecp256k1 Uses

type PrivKeyLedgerSecp256k1 struct {
    // CachedPubKey should be private, but we want to encode it via
    // go-amino so we can view the address later, even without having the
    // ledger attached.
    CachedPubKey tmcrypto.PubKey
    Path         hd.BIP44Params

PrivKeyLedgerSecp256k1 implements PrivKey, calling the ledger nano we cache the PubKey from the first call to use it later.

func (*PrivKeyLedgerSecp256k1) AssertIsPrivKeyInner Uses

func (pkl *PrivKeyLedgerSecp256k1) AssertIsPrivKeyInner()

AssertIsPrivKeyInner implements the PrivKey interface. It performs a no-op.

func (PrivKeyLedgerSecp256k1) Bytes Uses

func (pkl PrivKeyLedgerSecp256k1) Bytes() []byte

Bytes implements the PrivKey interface. It stores the cached public key so we can verify the same key when we reconnect to a ledger.

func (PrivKeyLedgerSecp256k1) Equals Uses

func (pkl PrivKeyLedgerSecp256k1) Equals(other tmcrypto.PrivKey) bool

Equals implements the PrivKey interface. It makes sure two private keys refer to the same public key.

func (PrivKeyLedgerSecp256k1) PubKey Uses

func (pkl PrivKeyLedgerSecp256k1) PubKey() tmcrypto.PubKey

PubKey returns the cached public key.

func (PrivKeyLedgerSecp256k1) Sign Uses

func (pkl PrivKeyLedgerSecp256k1) Sign(message []byte) ([]byte, error)

Sign returns a secp256k1 signature for the corresponding message

func (PrivKeyLedgerSecp256k1) ValidateKey Uses

func (pkl PrivKeyLedgerSecp256k1) ValidateKey() error

ValidateKey allows us to verify the sanity of a public key after loading it from disk.


hdPackage hd provides support for hierarchical deterministic wallets generation and derivation.
keyringPackage keys provides common key management API.

Package crypto imports 15 packages (graph) and is imported by 9 packages. Updated 2020-06-24. Refresh now. Tools for package owners.