# eth-keyfile
[](https://discord.gg/GHryRvPB84) [](https://circleci.com/gh/ethereum/eth-keyfile)
[](https://badge.fury.io/py/eth-keyfile)
[](https://pypi.python.org/pypi/eth-keyfile)
A library for handling the encrypted keyfiles used to store ethereum private keys
> This library and repository was previously located at https://github.com/pipermerriam/ethereum-keyfile. It was transferred to the Ethereum foundation github in November 2017 and renamed to `eth-keyfile`. The PyPi package was also renamed from `ethereum-keyfile` to `eth-keyfile`.
Read more in the documentation below.
View the [change log](https://github.com/ethereum/eth-keyfile/blob/main/CHANGELOG.rst).
## Installation
```sh
python -m pip install eth-keyfile
```
## Documentation
### `eth_keyfile.load_keyfile(path_or_file_obj) --> keyfile_json`
Takes either a filesystem path represented as a string or a file object and
returns the parsed keyfile json as a python dictionary.
```python
>>> from eth_keyfile import load_keyfile
>>> load_keyfile('path/to-my-keystore/keystore.json')
{
"crypto" : {
"cipher" : "aes-128-ctr",
"cipherparams" : {
"iv" : "6087dab2f9fdbbfaddc31a909735c1e6"
},
"ciphertext" : "5318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46",
"kdf" : "pbkdf2",
"kdfparams" : {
"c" : 262144,
"dklen" : 32,
"prf" : "hmac-sha256",
"salt" : "ae3cd4e7013836a3df6bd7241b12db061dbe2c6785853cce422d148a624ce0bd"
},
"mac" : "517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2"
},
"id" : "3198bc9c-6672-5ab3-d995-4942343ae5b6",
"version" : 3
}
```
### `eth_keyfile.create_keyfile_json(private_key, password, kdf="pbkdf2", work_factor=None, salt_size=16) --> keyfile_json`
Takes the following parameters:
- `private_key`: A bytestring of length 32. [See note below.](#a-note-on-private-keys)
- `password`: A bytestring which will be the password that can be used to decrypt the resulting keyfile.
- `version`: An `int` to select the keyfile standard to use. Supported are `3` and `4`. Defaults to `3`.
- `kdf`: A `str` to select the key derivation function. Allowed values are `pbkdf2` and `scrypt`. By default, `pbkdf2` will be used.
- `iterations`: An `int` to set the work factor which will be used for the given key derivation function. By default `1000000` will be used for `pbkdf2` and `262144` for `scrypt`.
- `salt_size`: An `int` to define the size of the randomly-generated salt in bytes. Defaults to `16` for v3 and `32` for v4.
- `description`: (v4 only) An optional `str` for a user-defined message, generally to be able to tell one keyfile from another. Defaults to an empty string.
- `path`: (v4 only) An optional `str` to indicate where in the key-tree a key originates from. Defaults to an empty string. See [EIP-2334](https://eips.ethereum.org/EIPS/eip-2334) for more detail.
Returns the keyfile json as a python dictionary.
```python
>>> private_key = b'\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01'
>>> create_keyfile_json(private_key, b'foo')
{
"address" : "1a642f0e3c3af545e7acbd38b07251b3990914f1",
"crypto" : {
"cipher" : "aes-128-ctr",
"cipherparams" : {
"iv" : "6087dab2f9fdbbfaddc31a909735c1e6"
},
"ciphertext" : "5318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46",
"kdf" : "pbkdf2",
"kdfparams" : {
"c" : 262144,
"dklen" : 32,
"prf" : "hmac-sha256",
"salt" : "ae3cd4e7013836a3df6bd7241b12db061dbe2c6785853cce422d148a624ce0bd"
},
"mac" : "517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2"
},
"id" : "3198bc9c-6672-5ab3-d995-4942343ae5b6",
"version" : 3
}
>>> create_keyfile_json(private_key, b'foo', version=4)
{
'crypto': {
'checksum': {
'function': 'sha256',
'message': '66a4883a8017c9ef2854acc0c46af6cc8943de5bcf6bb501a2d6a932a91c5333',
'params': {}
},
'cipher': {
'function': 'aes-128-ctr',
'message': '584fbbc86d65a92c1e0dfcaa3ba46c4790d31382c5dba25c94acfa2ae6e2687d',
'params': {
'iv': 'f948a84c4072cc3f38c82f6f672fa8a9'
}
},
'kdf': {
'function': 'pbkdf2',
'message': '',
'params': {
'c': 1000000,
'dklen': 32,
'prf': 'hmac-sha256',
'salt': 'd0a1d8a34e7b8bdffbe34e1152ee0bcf3dba64c6e1539cf2bce2ef6995061757'
}
}
},
'description': '',
'path': '',
'pubkey': 'aa1a1c26055a329817a5759d877a2795f9499b97d6056edde0eea39512f24e8bc874b4471f0501127abb1ea0d9f68ac1',
'uuid': '92c3f383-e8ea-47a1-a1d7-55adccfae8fe',
'version': 4}
```
#### A note on private keys
> Valid values for private keys are more limited with the keyfile v4 standard.
>
> In v3, a valid key must be less than
> '0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141',
> a limit which most users are unlikely to run into.
>
> In v4, the key must be less than '0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001'.
>
> These limits are due to the cryptographic functions used. `secp256k1` is used for v3,
> while `bls12-381` is used for v4.
### `eth_keyfile.decode_keyfile_json(keyfile_json, password) --> private_key`
Takes the keyfile json as a python dictionary and the password for the keyfile,
returning the decoded private key.
```python
>>> keyfile_json = {
... "crypto" : {
... "cipher" : "aes-128-ctr",
... "cipherparams" : {
... "iv" : "6087dab2f9fdbbfaddc31a909735c1e6"
... },
... "ciphertext" : "5318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46",
... "kdf" : "pbkdf2",
... "kdfparams" : {
... "c" : 262144,
... "dklen" : 32,
... "prf" : "hmac-sha256",
... "salt" : "ae3cd4e7013836a3df6bd7241b12db061dbe2c6785853cce422d148a624ce0bd"
... },
... "mac" : "517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2"
... },
... "id" : "3198bc9c-6672-5ab3-d995-4942343ae5b6",
... "version" : 3
... }
>>> decode_keyfile_json(keyfile_json, b'foo')
b'\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01'
```
### `eth_keyfile.extract_key_from_keyfile(path_or_file_obj, password) --> private_key`
Takes a filesystem path represented by a string or a file object and the
password for the keyfile. Returns the private key as a bytestring.
```python
>>> extract_key_from_keyfile('path/to-my-keystore/keyfile.json', b'foo')
b'\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01'
```
## Developer Setup
If you would like to hack on eth-keyfile, please check out the [Snake Charmers
Tactical Manual](https://github.com/ethereum/snake-charmers-tactical-manual)
for information on how we do:
- Testing
- Pull Requests
- Documentation
We use [pre-commit](https://pre-commit.com/) to maintain consistent code style. Once
installed, it will run automatically with every commit. You can also run it manually
with `make lint`. If you need to make a commit that skips the `pre-commit` checks, you
can do so with `git commit --no-verify`.
### Development Environment Setup
You can set up your dev environment with:
```sh
git clone git@github.com:ethereum/eth-keyfile.git
cd eth-keyfile
virtualenv -p python3 venv
. venv/bin/activate
python -m pip install -e ".[dev]"
pre-commit install
```
### Release setup
To release a new version:
```sh
make release bump=$$VERSION_PART_TO_BUMP$$
```
#### How to bumpversion
The version format for this repo is `{major}.{minor}.{patch}` for stable, and
`{major}.{minor}.{patch}-{stage}.{devnum}` for unstable (`stage` can be alpha or beta).
To issue the next version in line, specify which part to bump,
like `make release bump=minor` or `make release bump=devnum`. This is typically done from the
main branch, except when releasing a beta (in which case the beta is released from main,
and the previous stable branch is released from said branch).
If you are in a beta version, `make release bump=stage` will switch to a stable.
To issue an unstable version when the current version is stable, specify the
new version explicitly, like `make release bump="--new-version 4.0.0-alpha.1 devnum"`
Raw data
{
"_id": null,
"home_page": "https://github.com/ethereum/eth-keyfile",
"name": "eth-keyfile",
"maintainer": null,
"docs_url": null,
"requires_python": "<4,>=3.8",
"maintainer_email": null,
"keywords": "ethereum",
"author": "The Ethereum Foundation",
"author_email": "snakecharmers@ethereum.org",
"download_url": "https://files.pythonhosted.org/packages/08/e4/3f0c20b020786e1fa6e1ecd81806c54167fa2b0839e0020086b95a6e8faf/eth_keyfile-0.9.1.tar.gz",
"platform": null,
"description": "# eth-keyfile\n\n[](https://discord.gg/GHryRvPB84) [](https://circleci.com/gh/ethereum/eth-keyfile)\n[](https://badge.fury.io/py/eth-keyfile)\n[](https://pypi.python.org/pypi/eth-keyfile)\n\nA library for handling the encrypted keyfiles used to store ethereum private keys\n\n> This library and repository was previously located at https://github.com/pipermerriam/ethereum-keyfile. It was transferred to the Ethereum foundation github in November 2017 and renamed to `eth-keyfile`. The PyPi package was also renamed from `ethereum-keyfile` to `eth-keyfile`.\n\nRead more in the documentation below.\n\nView the [change log](https://github.com/ethereum/eth-keyfile/blob/main/CHANGELOG.rst).\n\n## Installation\n\n```sh\npython -m pip install eth-keyfile\n```\n\n## Documentation\n\n### `eth_keyfile.load_keyfile(path_or_file_obj) --> keyfile_json`\n\nTakes either a filesystem path represented as a string or a file object and\nreturns the parsed keyfile json as a python dictionary.\n\n```python\n>>> from eth_keyfile import load_keyfile\n>>> load_keyfile('path/to-my-keystore/keystore.json')\n{\n \"crypto\" : {\n \"cipher\" : \"aes-128-ctr\",\n \"cipherparams\" : {\n \"iv\" : \"6087dab2f9fdbbfaddc31a909735c1e6\"\n },\n \"ciphertext\" : \"5318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46\",\n \"kdf\" : \"pbkdf2\",\n \"kdfparams\" : {\n \"c\" : 262144,\n \"dklen\" : 32,\n \"prf\" : \"hmac-sha256\",\n \"salt\" : \"ae3cd4e7013836a3df6bd7241b12db061dbe2c6785853cce422d148a624ce0bd\"\n },\n \"mac\" : \"517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2\"\n },\n \"id\" : \"3198bc9c-6672-5ab3-d995-4942343ae5b6\",\n \"version\" : 3\n}\n```\n\n### `eth_keyfile.create_keyfile_json(private_key, password, kdf=\"pbkdf2\", work_factor=None, salt_size=16) --> keyfile_json`\n\nTakes the following parameters:\n\n- `private_key`: A bytestring of length 32. [See note below.](#a-note-on-private-keys)\n- `password`: A bytestring which will be the password that can be used to decrypt the resulting keyfile.\n- `version`: An `int` to select the keyfile standard to use. Supported are `3` and `4`. Defaults to `3`.\n- `kdf`: A `str` to select the key derivation function. Allowed values are `pbkdf2` and `scrypt`. By default, `pbkdf2` will be used.\n- `iterations`: An `int` to set the work factor which will be used for the given key derivation function. By default `1000000` will be used for `pbkdf2` and `262144` for `scrypt`.\n- `salt_size`: An `int` to define the size of the randomly-generated salt in bytes. Defaults to `16` for v3 and `32` for v4.\n- `description`: (v4 only) An optional `str` for a user-defined message, generally to be able to tell one keyfile from another. Defaults to an empty string.\n- `path`: (v4 only) An optional `str` to indicate where in the key-tree a key originates from. Defaults to an empty string. See [EIP-2334](https://eips.ethereum.org/EIPS/eip-2334) for more detail.\n\nReturns the keyfile json as a python dictionary.\n\n```python\n>>> private_key = b'\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01'\n>>> create_keyfile_json(private_key, b'foo')\n{\n \"address\" : \"1a642f0e3c3af545e7acbd38b07251b3990914f1\",\n \"crypto\" : {\n \"cipher\" : \"aes-128-ctr\",\n \"cipherparams\" : {\n \"iv\" : \"6087dab2f9fdbbfaddc31a909735c1e6\"\n },\n \"ciphertext\" : \"5318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46\",\n \"kdf\" : \"pbkdf2\",\n \"kdfparams\" : {\n \"c\" : 262144,\n \"dklen\" : 32,\n \"prf\" : \"hmac-sha256\",\n \"salt\" : \"ae3cd4e7013836a3df6bd7241b12db061dbe2c6785853cce422d148a624ce0bd\"\n },\n \"mac\" : \"517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2\"\n },\n \"id\" : \"3198bc9c-6672-5ab3-d995-4942343ae5b6\",\n \"version\" : 3\n}\n\n>>> create_keyfile_json(private_key, b'foo', version=4)\n {\n 'crypto': {\n 'checksum': {\n 'function': 'sha256',\n 'message': '66a4883a8017c9ef2854acc0c46af6cc8943de5bcf6bb501a2d6a932a91c5333',\n 'params': {}\n },\n 'cipher': {\n 'function': 'aes-128-ctr',\n 'message': '584fbbc86d65a92c1e0dfcaa3ba46c4790d31382c5dba25c94acfa2ae6e2687d',\n 'params': {\n 'iv': 'f948a84c4072cc3f38c82f6f672fa8a9'\n }\n },\n 'kdf': {\n 'function': 'pbkdf2',\n 'message': '',\n 'params': {\n 'c': 1000000,\n 'dklen': 32,\n 'prf': 'hmac-sha256',\n 'salt': 'd0a1d8a34e7b8bdffbe34e1152ee0bcf3dba64c6e1539cf2bce2ef6995061757'\n }\n }\n },\n 'description': '',\n 'path': '',\n 'pubkey': 'aa1a1c26055a329817a5759d877a2795f9499b97d6056edde0eea39512f24e8bc874b4471f0501127abb1ea0d9f68ac1',\n 'uuid': '92c3f383-e8ea-47a1-a1d7-55adccfae8fe',\n 'version': 4}\n```\n\n#### A note on private keys\n\n> Valid values for private keys are more limited with the keyfile v4 standard.\n>\n> In v3, a valid key must be less than\n> '0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141',\n> a limit which most users are unlikely to run into.\n>\n> In v4, the key must be less than '0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001'.\n>\n> These limits are due to the cryptographic functions used. `secp256k1` is used for v3,\n> while `bls12-381` is used for v4.\n\n### `eth_keyfile.decode_keyfile_json(keyfile_json, password) --> private_key`\n\nTakes the keyfile json as a python dictionary and the password for the keyfile,\nreturning the decoded private key.\n\n```python\n>>> keyfile_json = {\n... \"crypto\" : {\n... \"cipher\" : \"aes-128-ctr\",\n... \"cipherparams\" : {\n... \"iv\" : \"6087dab2f9fdbbfaddc31a909735c1e6\"\n... },\n... \"ciphertext\" : \"5318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46\",\n... \"kdf\" : \"pbkdf2\",\n... \"kdfparams\" : {\n... \"c\" : 262144,\n... \"dklen\" : 32,\n... \"prf\" : \"hmac-sha256\",\n... \"salt\" : \"ae3cd4e7013836a3df6bd7241b12db061dbe2c6785853cce422d148a624ce0bd\"\n... },\n... \"mac\" : \"517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2\"\n... },\n... \"id\" : \"3198bc9c-6672-5ab3-d995-4942343ae5b6\",\n... \"version\" : 3\n... }\n>>> decode_keyfile_json(keyfile_json, b'foo')\nb'\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01'\n```\n\n### `eth_keyfile.extract_key_from_keyfile(path_or_file_obj, password) --> private_key`\n\nTakes a filesystem path represented by a string or a file object and the\npassword for the keyfile. Returns the private key as a bytestring.\n\n```python\n>>> extract_key_from_keyfile('path/to-my-keystore/keyfile.json', b'foo')\nb'\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01'\n```\n\n## Developer Setup\n\nIf you would like to hack on eth-keyfile, please check out the [Snake Charmers\nTactical Manual](https://github.com/ethereum/snake-charmers-tactical-manual)\nfor information on how we do:\n\n- Testing\n- Pull Requests\n- Documentation\n\nWe use [pre-commit](https://pre-commit.com/) to maintain consistent code style. Once\ninstalled, it will run automatically with every commit. You can also run it manually\nwith `make lint`. If you need to make a commit that skips the `pre-commit` checks, you\ncan do so with `git commit --no-verify`.\n\n### Development Environment Setup\n\nYou can set up your dev environment with:\n\n```sh\ngit clone git@github.com:ethereum/eth-keyfile.git\ncd eth-keyfile\nvirtualenv -p python3 venv\n. venv/bin/activate\npython -m pip install -e \".[dev]\"\npre-commit install\n```\n\n### Release setup\n\nTo release a new version:\n\n```sh\nmake release bump=$$VERSION_PART_TO_BUMP$$\n```\n\n#### How to bumpversion\n\nThe version format for this repo is `{major}.{minor}.{patch}` for stable, and\n`{major}.{minor}.{patch}-{stage}.{devnum}` for unstable (`stage` can be alpha or beta).\n\nTo issue the next version in line, specify which part to bump,\nlike `make release bump=minor` or `make release bump=devnum`. This is typically done from the\nmain branch, except when releasing a beta (in which case the beta is released from main,\nand the previous stable branch is released from said branch).\n\nIf you are in a beta version, `make release bump=stage` will switch to a stable.\n\nTo issue an unstable version when the current version is stable, specify the\nnew version explicitly, like `make release bump=\"--new-version 4.0.0-alpha.1 devnum\"`\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "eth-keyfile: A library for handling the encrypted keyfiles used to store ethereum private keys",
"version": "0.9.1",
"project_urls": {
"Homepage": "https://github.com/ethereum/eth-keyfile"
},
"split_keywords": [
"ethereum"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "5f089c8bf617b39e1dd56303593292e8b4eb66497a5f0f5b997a4b291e5343c0",
"md5": "78b814b1c5fc0f9f6ee0d12bb8d812b0",
"sha256": "9789c3b4fa0bb6e2616cdc2bdd71b8755b42947d78ef1e900a0149480fabb5c2"
},
"downloads": -1,
"filename": "eth_keyfile-0.9.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "78b814b1c5fc0f9f6ee0d12bb8d812b0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4,>=3.8",
"size": 9866,
"upload_time": "2025-02-10T18:00:59",
"upload_time_iso_8601": "2025-02-10T18:00:59.695773Z",
"url": "https://files.pythonhosted.org/packages/5f/08/9c8bf617b39e1dd56303593292e8b4eb66497a5f0f5b997a4b291e5343c0/eth_keyfile-0.9.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "08e43f0c20b020786e1fa6e1ecd81806c54167fa2b0839e0020086b95a6e8faf",
"md5": "674722442a40af42c427c6d1391d842f",
"sha256": "c7a8bc6af4527d1ab2eb1d1b949d59925252e17663eaf90087da121327b51df6"
},
"downloads": -1,
"filename": "eth_keyfile-0.9.1.tar.gz",
"has_sig": false,
"md5_digest": "674722442a40af42c427c6d1391d842f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4,>=3.8",
"size": 19787,
"upload_time": "2025-02-10T18:01:01",
"upload_time_iso_8601": "2025-02-10T18:01:01.703187Z",
"url": "https://files.pythonhosted.org/packages/08/e4/3f0c20b020786e1fa6e1ecd81806c54167fa2b0839e0020086b95a6e8faf/eth_keyfile-0.9.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-02-10 18:01:01",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ethereum",
"github_project": "eth-keyfile",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"circle": true,
"tox": true,
"lcname": "eth-keyfile"
}