Skip to content

Latest commit

 

History

History
99 lines (72 loc) · 3.55 KB

tip-101.md

File metadata and controls

99 lines (72 loc) · 3.55 KB
tip: 101
title: Wallet Keystore Specification
author: federico<[email protected]>
discussions-to: https://github.com/tronprotocol/tips/issues/101
status: Last Call
type: Standards Track
category: TRC
created: 2019-10-17

Simple Summary

This TIP describes the keystore generation method to store the private key in wallet.

Abstract

Private key is fatally important for users, which should be kept carefully. Mnemonic code specified in BIP39 is used to generate the private key, but it is not convenient for users to remember. Usually, encrypted private key is stored in keystore file and can be recovered by passphrase. This is a standard about keystore specification, which includes the procedures of key derivation, symmetric encryption and message authentication.

Motivation

The proposal presents the explicit cryptographic method to generate the keystore file and guarantee the security of users' private keys.

Specification

There are mainly three steps as follows.

Key Derivation Function

First, the user needs to provide the passphrase as the input of PBKDF2. The key derivation function has five input parameters:

DK = PBKDF2(PRF, Passphrase, Salt, c, dkLen)

where

  • PRF is a pseudorandom function generated by SHA256
  • Passphrase is the master password from which a derived key is generated
  • Salt is a sequence of bits, known as a cryptographic salt
  • c is the number of iterations desired
  • dkLen is the desired bit-length of the derived key
  • DK is the generated derived key

Symmetric Encryption

The derived key DK is used as key of AES to encrypt the real private key of user.

C = AES-128(DK, PrivK, CTR, iv)

where

  • DK is the derived key
  • PrivK is the private key of user,which is generated by mnemonic codes specified in BIP39
  • CTR is the counter encryption mode
  • iv is 128-bit initialisation vector for the cipher
  • C is the generated cipher text

Message Authentication Code

MAC (Message authentication code) is used to check the correctness of derived key DK when the user try to decrypt the private key with the passphrase. SHA3 is used to produce the MAC:

mac = SHA3-256 (DK || C)

where

  • DK is the derived key
  • C is the cipher text of private key
  • mac is the generated MAC

Rationale

The SHA256 and AES used in the proposal are all international cryptography standard, which are sufficient to ensure the security of the private key.

Test Cases

For Passphrase = dark1234, the generated keystore file is:

 {"crypto":
    {"cipher":"aes-128-ctr",
      "cipherparams":{"iv":"faa1c1b73bb9630b8abb7930eccc85f0"},
      "ciphertext":"3c46834a29e69fc206277838fdeb395320d7da10d2c067f5b1e0a8a52524fde3",
      "kdf":"pbkdf2",
      "kdfparams":
         {"c":10240,
          "dklen":32,
          "prf":"hmac-sha256",
          "salt":"aaf471468f1030229004f5a189be470fde806685ede147b1694be60fb15b70f1"
         }, 
      "mac":"ff7679e803175ba739fadbffe38959282f45aefa3458f083eedc76fc220b201e"
    },
    "id":"e40c9b94-369c-4b75-a2cd-8c68d542e093",
    "version":3,
    "address":"fdf9ae6a88fd403cdd2433c23230e729d12d6de4"
 }

Implementation

None

Reference