Class: Laksa::Crypto::KeyStore

Inherits:
Object
  • Object
show all
Defined in:
lib/laksa/crypto/key_store.rb

Constant Summary collapse

T_PBKDF2 = 
'pbkdf2'
T_SCRYPT = 
'scrypt'

Instance Method Summary collapse

Constructor Details

#initializeKeyStore

Returns a new instance of KeyStore.



13
14
 
# File 'lib/laksa/crypto/key_store.rb', line 13

def initialize
end

Instance Method Details

#decrypt_private_key(encrypt_json, password) ⇒ Object

decrypt_private_key

Recovers the private key from a keystore file using the given passphrase.

Parameters:

  • encrypt_json (KeystoreV3)
  • password (string) 


75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/laksa/crypto/key_store.rb', line 75

def decrypt_private_key(encrypt_json, password)
  datas = JSON.parse(encrypt_json)

  ciphertext = Util.decode_hex(datas['crypto']['ciphertext'])
  iv = Util.decode_hex(datas['crypto']['cipherparams']['iv'])
  kdfparams = datas['crypto']['kdfparams']
  kdf_type = datas['crypto']['kdf']

  case kdf_type
  when T_PBKDF2
    derived_key = PBKDF2.new(password: password, salt: kdfparams['salt'].pack('c*'), key_length: kdfparams['dklen'], iterations: kdfparams['c']).value
  when T_SCRYPT
    derived_key = SCrypt::Engine.scrypt(password, kdfparams['salt'].pack('c*'), kdfparams['n'], kdfparams['r'], kdfparams['p'], kdfparams['dklen'])
  end

  encrypt_key = derived_key[0..15]

  mac = generate_mac(derived_key, ciphertext)
  
  raise 'Failed to decrypt.' if mac.casecmp(datas['crypto']['mac']) != 0

  cipher = OpenSSL::Cipher.new(datas['crypto']['cipher'])
  cipher.decrypt 
  cipher.iv = iv
  cipher.key = encrypt_key
  cipher.padding = 0
  
  private_key = cipher.update(ciphertext) + cipher.final

  return Util.encode_hex private_key
end

#encrypt_private_key(private_key, password, kdf_type) ⇒ Object

encryptPrivateKey

Encodes and encrypts an account in the format specified by github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition. However, note that, in keeping with the hash function used by Zilliqa’s core protocol, the MAC is generated using sha256 instead of keccak.

NOTE: only scrypt and pbkdf2 are supported.

Parameters:

  • private_key (string)

    • hex-encoded private key

  • password (string)

    • a password used for encryption

  • kdf_type (KDF)

    • the key derivation function to be used



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/laksa/crypto/key_store.rb', line 28

def encrypt_private_key(private_key, password, kdf_type)
  address = KeyTool.get_address_from_private_key(private_key)

  iv = KeyTool.generate_random_bytes(16)
  salt = KeyTool.generate_random_bytes(32)

  case kdf_type
  when T_PBKDF2
    derived_key = PBKDF2.new(password: password, salt: salt, key_length: 32, iterations: 262144).value
  when T_SCRYPT
    derived_key = SCrypt::Engine.scrypt(password, salt, 8192, 8, 1, 32)
  end

  encrypt_key = derived_key[0..15]

  cipher = OpenSSL::Cipher.new('aes-128-ctr')
  cipher.encrypt
  cipher.iv = iv
  cipher.key = encrypt_key
  cipher.padding = 0
  
  ciphertext = cipher.update(Util.decode_hex(private_key)) + cipher.final

  mac = generate_mac(derived_key, ciphertext)

  datas = {address: address, 
    crypto: {
      cipher: 'aes-128-ctr', 
      cipherparams: {'iv': Util.encode_hex(iv)}, 
      ciphertext: Util.encode_hex(ciphertext), 
      kdf: kdf_type, 
      kdfparams: {n: 8192, c:262144, r:8, p:1, dklen: 32, salt: salt.bytes}, 
      mac: mac
    },
    id: SecureRandom.uuid, 
    version: 3
  }

  datas.to_json
end