tip: 101
title: Wallet Keystore Specification
author: federico<[email protected]>
discussions-to: https://github.com/tronprotocol/tips/issues/101
status: Last Call
type: Standards Track
category: TRC
created: 2019-10-17
This TIP describes the keystore generation method to store the private key in wallet.
Private key is fatally important for users, which should be kept carefully. Mnemonic code specified in BIP39 is used to generate the private key, but it is not convenient for users to remember. Usually, encrypted private key is stored in keystore file and can be recovered by passphrase. This is a standard about keystore specification, which includes the procedures of key derivation, symmetric encryption and message authentication.
The proposal presents the explicit cryptographic method to generate the keystore file and guarantee the security of users' private keys.
There are mainly three steps as follows.
First, the user needs to provide the passphrase as the input of PBKDF2. The key derivation function has five input parameters:
DK = PBKDF2(PRF, Passphrase, Salt, c, dkLen)
where
- PRF is a pseudorandom function generated by SHA256
- Passphrase is the master password from which a derived key is generated
- Salt is a sequence of bits, known as a cryptographic salt
- c is the number of iterations desired
- dkLen is the desired bit-length of the derived key
- DK is the generated derived key
The derived key DK is used as key of AES to encrypt the real private key of user.
C = AES-128(DK, PrivK, CTR, iv)
where
- DK is the derived key
- PrivK is the private key of user,which is generated by mnemonic codes specified in BIP39
- CTR is the counter encryption mode
- iv is 128-bit initialisation vector for the cipher
- C is the generated cipher text
MAC (Message authentication code) is used to check the correctness of derived key DK when the user try to decrypt the private key with the passphrase. SHA3 is used to produce the MAC:
mac = SHA3-256 (DK || C)
where
- DK is the derived key
- C is the cipher text of private key
- mac is the generated MAC
The SHA256 and AES used in the proposal are all international cryptography standard, which are sufficient to ensure the security of the private key.
For Passphrase = dark1234
, the generated keystore file is:
{"crypto":
{"cipher":"aes-128-ctr",
"cipherparams":{"iv":"faa1c1b73bb9630b8abb7930eccc85f0"},
"ciphertext":"3c46834a29e69fc206277838fdeb395320d7da10d2c067f5b1e0a8a52524fde3",
"kdf":"pbkdf2",
"kdfparams":
{"c":10240,
"dklen":32,
"prf":"hmac-sha256",
"salt":"aaf471468f1030229004f5a189be470fde806685ede147b1694be60fb15b70f1"
},
"mac":"ff7679e803175ba739fadbffe38959282f45aefa3458f083eedc76fc220b201e"
},
"id":"e40c9b94-369c-4b75-a2cd-8c68d542e093",
"version":3,
"address":"fdf9ae6a88fd403cdd2433c23230e729d12d6de4"
}
None