cosmos-sdk: Index | Examples | Files | Directories

package keys

import ""



Package Files

codec.go keybase.go keybase_base.go keyring.go keys.go lazy_keybase.go output.go types.go


const (
    BackendFile    = "file"
    BackendOS      = "os"
    BackendKWallet = "kwallet"
    BackendPass    = "pass"
    BackendTest    = "test"
const (
    // MultiAlgo implies that a pubkey is a multisignature
    MultiAlgo = SigningAlgo("multi")
    // Secp256k1 uses the Bitcoin secp256k1 ECDSA parameters.
    Secp256k1 = SigningAlgo("secp256k1")
    // Ed25519 represents the Ed25519 signature system.
    // It is currently not supported for end-user keys (wallets/ledgers).
    Ed25519 = SigningAlgo("ed25519")
    // Sr25519 represents the Sr25519 signature system.
    Sr25519 = SigningAlgo("sr25519")
const (
    // used for deriving seed from mnemonic
    DefaultBIP39Passphrase = ""


var (
    // ErrUnsupportedSigningAlgo is raised when the caller tries to use a
    // different signing scheme than secp256k1.
    ErrUnsupportedSigningAlgo = errors.New("unsupported signing algo")

    // ErrUnsupportedLanguage is raised when the caller tries to use a
    // different language than english for creating a mnemonic sentence.
    ErrUnsupportedLanguage = errors.New("unsupported language: only english is supported")
var CryptoCdc *codec.Codec

CryptoCdc defines the codec required for keys and info

func CreateHDPath Uses

func CreateHDPath(account uint32, index uint32) *hd.BIP44Params

CreateHDPath returns BIP 44 object from account and index parameters.

func IsSupportedAlgorithm Uses

func IsSupportedAlgorithm(supported []SigningAlgo, algo SigningAlgo) bool

IsSupportedAlgorithm returns whether the signing algorithm is in the passed-in list of supported algorithms.

func RegisterCodec Uses

func RegisterCodec(cdc *codec.Codec)

RegisterCodec registers concrete types and interfaces on the given codec.

func SecpDeriveKey Uses

func SecpDeriveKey(mnemonic string, bip39Passphrase, hdPath string) ([]byte, error)

SecpDeriveKey derives and returns the secp256k1 private key for the given seed and HD path.

func SecpPrivKeyGen Uses

func SecpPrivKeyGen(bz []byte) tmcrypto.PrivKey

SecpPrivKeyGen generates a secp256k1 private key from the given bytes

func StdDeriveKey Uses

func StdDeriveKey(mnemonic string, bip39Passphrase, hdPath string, algo SigningAlgo) ([]byte, error)

StdDeriveKey is the default DeriveKey function in the keybase. For now, it only supports Secp256k1

func StdPrivKeyGen Uses

func StdPrivKeyGen(bz []byte, algo SigningAlgo) (tmcrypto.PrivKey, error)

StdPrivKeyGen is the default PrivKeyGen function in the keybase. For now, it only supports Secp256k1

type DeriveKeyFunc Uses

type DeriveKeyFunc func(mnemonic string, bip39Passphrase, hdPath string, algo SigningAlgo) ([]byte, error)

DeriveKeyFunc defines the function to derive a new key from a seed and hd path

type Info Uses

type Info interface {
    // Human-readable type for key listing
    GetType() KeyType
    // Name of the key
    GetName() string
    // Public key
    GetPubKey() crypto.PubKey
    // Address
    GetAddress() types.AccAddress
    // Bip44 Path
    GetPath() (*hd.BIP44Params, error)
    // Algo
    GetAlgo() SigningAlgo

Info is the publicly exposed information about a keypair

func NewMultiInfo Uses

func NewMultiInfo(name string, pub crypto.PubKey) Info

NewMultiInfo creates a new multiInfo instance

type KeyOutput Uses

type KeyOutput struct {
    Name      string                 `json:"name" yaml:"name"`
    Type      string                 `json:"type" yaml:"type"`
    Address   string                 `json:"address" yaml:"address"`
    PubKey    string                 `json:"pubkey" yaml:"pubkey"`
    Mnemonic  string                 `json:"mnemonic,omitempty" yaml:"mnemonic"`
    Threshold uint                   `json:"threshold,omitempty" yaml:"threshold"`
    PubKeys   []multisigPubKeyOutput `json:"pubkeys,omitempty" yaml:"pubkeys"`

KeyOutput defines a structure wrapping around an Info object used for output functionality.

func Bech32ConsKeyOutput Uses

func Bech32ConsKeyOutput(keyInfo Info) (KeyOutput, error)

Bech32ConsKeyOutput create a KeyOutput in with "cons" Bech32 prefixes.

func Bech32KeyOutput Uses

func Bech32KeyOutput(keyInfo Info) (KeyOutput, error)

Bech32KeyOutput create a KeyOutput in with "acc" Bech32 prefixes. If the public key is a multisig public key, then the threshold and constituent public keys will be added.

func Bech32KeysOutput Uses

func Bech32KeysOutput(infos []Info) ([]KeyOutput, error)

Bech32KeysOutput returns a slice of KeyOutput objects, each with the "acc" Bech32 prefixes, given a slice of Info objects. It returns an error if any call to Bech32KeyOutput fails.

func Bech32ValKeyOutput Uses

func Bech32ValKeyOutput(keyInfo Info) (KeyOutput, error)

Bech32ValKeyOutput create a KeyOutput in with "val" Bech32 prefixes.

func NewKeyOutput Uses

func NewKeyOutput(name, keyType, address, pubkey string) KeyOutput

NewKeyOutput creates a default KeyOutput instance without Mnemonic, Threshold and PubKeys

type KeyType Uses

type KeyType uint

KeyType reflects a human-readable type for key listing.

const (
    TypeLocal   KeyType = 0
    TypeLedger  KeyType = 1
    TypeOffline KeyType = 2
    TypeMulti   KeyType = 3

Info KeyTypes

func (KeyType) String Uses

func (kt KeyType) String() string

String implements the stringer interface for KeyType.

type Keybase Uses

type Keybase interface {
    // CRUD on the keystore
    List() ([]Info, error)
    // Get returns the public information about one key.
    Get(name string) (Info, error)
    // Get performs a by-address lookup and returns the public
    // information about one key if there's any.
    GetByAddress(address types.AccAddress) (Info, error)
    // Delete removes a key.
    Delete(name, passphrase string, skipPass bool) error
    // Sign bytes, looking up the private key to use.
    Sign(name, passphrase string, msg []byte) ([]byte, crypto.PubKey, error)

    // CreateMnemonic generates a new mnemonic, derives a hierarchical deterministic
    // key from that. and persists it to storage, encrypted using the provided password.
    // It returns the generated mnemonic and the key Info. It returns an error if it fails to
    // generate a key for the given algo type, or if another key is already stored under the
    // same name.
    CreateMnemonic(name string, language Language, passwd string, algo SigningAlgo) (info Info, seed string, err error)

    // CreateAccount converts a mnemonic to a private key and BIP 32 HD Path
    // and persists it, encrypted with the given password.
    CreateAccount(name, mnemonic, bip39Passwd, encryptPasswd, hdPath string, algo SigningAlgo) (Info, error)

    // CreateLedger creates, stores, and returns a new Ledger key reference
    CreateLedger(name string, algo SigningAlgo, hrp string, account, index uint32) (info Info, err error)

    // CreateOffline creates, stores, and returns a new offline key reference
    CreateOffline(name string, pubkey crypto.PubKey, algo SigningAlgo) (info Info, err error)

    // CreateMulti creates, stores, and returns a new multsig (offline) key reference
    CreateMulti(name string, pubkey crypto.PubKey) (info Info, err error)

    // The following operations will *only* work on locally-stored keys
    Update(name, oldpass string, getNewpass func() (string, error)) error

    // Import imports ASCII armored Info objects.
    Import(name string, armor string) (err error)

    // ImportPrivKey imports a private key in ASCII armor format.
    // It returns an error if a key with the same name exists or a wrong encryption passphrase is
    // supplied.
    ImportPrivKey(name, armor, passphrase string) error

    // ImportPubKey imports ASCII-armored public keys.
    // Store a new Info object holding a public key only, i.e. it will
    // not be possible to sign with it as it lacks the secret key.
    ImportPubKey(name string, armor string) (err error)

    // Export exports an Info object in ASCII armored format.
    Export(name string) (armor string, err error)

    // ExportPubKey returns public keys in ASCII armored format.
    // Retrieve a Info object by its name and return the public key in
    // a portable format.
    ExportPubKey(name string) (armor string, err error)

    // ExportPrivKey returns a private key in ASCII armored format.
    // It returns an error if the key does not exist or a wrong encryption passphrase is supplied.
    ExportPrivKey(name, decryptPassphrase, encryptPassphrase string) (armor string, err error)

    // ExportPrivateKeyObject *only* works on locally-stored keys. Temporary method until we redo the exporting API
    ExportPrivateKeyObject(name string, passphrase string) (crypto.PrivKey, error)

    // SupportedAlgos returns a list of signing algorithms supported by the keybase
    SupportedAlgos() []SigningAlgo

    // SupportedAlgosLedger returns a list of signing algorithms supported by the keybase's ledger integration
    SupportedAlgosLedger() []SigningAlgo

    // CloseDB closes the database.

Keybase exposes operations on a generic keystore

func New Uses

func New(name, dir string, opts ...KeybaseOption) Keybase

New creates a new instance of a lazy keybase.


// Select the encryption and storage for your cryptostore
customKeyGenFunc := func(bz []byte, algo SigningAlgo) (crypto.PrivKey, error) {
    var bzArr [32]byte
    copy(bzArr[:], bz)
    return secp256k1.PrivKeySecp256k1(bzArr), nil
cstore := NewInMemory(WithKeygenFunc(customKeyGenFunc))

sec := Secp256k1

// Add keys and see they return in alphabetical order
bob, _, err := cstore.CreateMnemonic("Bob", English, "friend", sec)
if err != nil {
    // this should never happen
} else {
    // return info here just like in List
_, _, _ = cstore.CreateMnemonic("Alice", English, "secret", sec)
_, _, _ = cstore.CreateMnemonic("Carl", English, "mitm", sec)
info, _ := cstore.List()
for _, i := range info {

// We need to use passphrase to generate a signature
tx := []byte("deadbeef")
sig, pub, err := cstore.Sign("Bob", "friend", tx)
if err != nil {
    fmt.Println("don't accept real passphrase")

// and we can validate the signature with publicly available info
binfo, _ := cstore.Get("Bob")
if !binfo.GetPubKey().Equals(bob.GetPubKey()) {
    fmt.Println("Get and Create return different keys")

if pub.Equals(binfo.GetPubKey()) {
    fmt.Println("signed by Bob")
if !pub.VerifyBytes(tx, sig) {
    fmt.Println("invalid signature")


signed by Bob

func NewInMemory Uses

func NewInMemory(opts ...KeybaseOption) Keybase

NewInMemory creates a transient keybase on top of in-memory storage instance useful for testing purposes and on-the-fly key generation. Keybase options can be applied when generating this new Keybase.

func NewKeyring Uses

func NewKeyring(
    appName, backend, rootDir string, userInput io.Reader, opts ...KeybaseOption,
) (Keybase, error)

NewKeyring creates a new instance of a keyring. Keybase options can be applied when generating this new Keybase. Available backends are "os", "file", "test".

type KeybaseOption Uses

type KeybaseOption func(*kbOptions)

KeybaseOption overrides options for the db

func WithDeriveFunc Uses

func WithDeriveFunc(f DeriveKeyFunc) KeybaseOption

WithDeriveFunc applies an overridden key derivation function to generate the private key.

func WithKeygenFunc Uses

func WithKeygenFunc(f PrivKeyGenFunc) KeybaseOption

WithKeygenFunc applies an overridden key generation function to generate the private key.

func WithSupportedAlgos Uses

func WithSupportedAlgos(algos []SigningAlgo) KeybaseOption

WithSupportedAlgos defines the list of accepted SigningAlgos.

func WithSupportedAlgosLedger Uses

func WithSupportedAlgosLedger(algos []SigningAlgo) KeybaseOption

WithSupportedAlgosLedger defines the list of accepted SigningAlgos compatible with Ledger.

type Language Uses

type Language int

Language is a language to create the BIP 39 mnemonic in. Currently, only english is supported though. Find a list of all supported languages in the BIP 39 spec (word lists).

const (
    // English is the default language to create a mnemonic.
    // It is the only supported language by this package.
    English Language = iota + 1
    // Japanese is currently not supported.
    // Korean is currently not supported.
    // Spanish is currently not supported.
    // ChineseSimplified is currently not supported.
    // ChineseTraditional is currently not supported.
    // French is currently not supported.
    // Italian is currently not supported.

noinspection ALL

type PrivKeyGenFunc Uses

type PrivKeyGenFunc func(bz []byte, algo SigningAlgo) (crypto.PrivKey, error)

PrivKeyGenFunc defines the function to convert derived key bytes to a tendermint private key

type SigningAlgo Uses

type SigningAlgo string

SigningAlgo defines an algorithm to derive key-pairs which can be used for cryptographic signing.


hdPackage hd provides basic functionality Hierarchical Deterministic Wallets.

Package keys imports 26 packages (graph) and is imported by 45 packages. Updated 2020-01-23. Refresh now. Tools for package owners.