Practical Cryptography for Developers
  • Welcome
  • Preface
  • Cryptography - Overview
  • Hash Functions
    • Crypto Hashes and Collisions
    • Hash Functions: Applications
    • Secure Hash Algorithms
    • Hash Functions - Examples
    • Exercises: Calculate Hashes
    • Proof-of-Work Hash Functions
  • MAC and Key Derivation
    • HMAC and Key Derivation
    • HMAC Calculation - Examples
    • Exercises: Calculate HMAC
    • KDF: Deriving Key from Password
    • PBKDF2
    • Modern Key Derivation Functions
    • Scrypt
    • Bcrypt
    • Linux crypt()
    • Argon2
    • Secure Password Storage
    • Exercises: Password Encryption
  • Secure Random Generators
    • Pseudo-Random Numbers - Examples
    • Secure Random Generators (CSPRNG)
    • Exercises: Pseudo-Random Generator
  • Key Exchange and DHKE
    • Diffie–Hellman Key Exchange
    • DHKE - Examples
    • Exercises: DHKE Key Exchange
  • Encryption: Symmetric and Asymmetric
  • Symmetric Key Ciphers
    • Cipher Block Modes
    • Popular Symmetric Algorithms
    • The AES Cipher - Concepts
    • AES Encrypt / Decrypt - Examples
    • Ethereum Wallet Encryption
    • Exercises: AES Encrypt / Decrypt
    • ChaCha20-Poly1305
    • Exercises: ChaCha20-Poly1305
  • Asymmetric Key Ciphers
    • The RSA Cryptosystem - Concepts
    • RSA Encrypt / Decrypt - Examples
    • Exercises: RSA Encrypt / Decrypt
    • Elliptic Curve Cryptography (ECC)
    • ECDH Key Exchange
    • ECDH Key Exchange - Examples
    • Exercises: ECDH Key Exchange
    • ECC Encryption / Decryption
    • ECIES Hybrid Encryption Scheme
    • ECIES Encryption - Example
    • Exercises: ECIES Encrypt / Decrypt
  • Digital Signatures
    • RSA Signatures
    • RSA: Sign / Verify - Examples
    • Exercises: RSA Sign and Verify
    • ECDSA: Elliptic Curve Signatures
    • ECDSA: Sign / Verify - Examples
    • Exercises: ECDSA Sign and Verify
    • EdDSA and Ed25519
    • EdDSA: Sign / Verify - Examples
    • Exercises: EdDSA Sign and Verify
  • Quantum-Safe Cryptography
    • Quantum-Safe Signatures - Example
    • Quantum-Safe Key Exchange - Example
    • Quantum-Safe Asymmetric Encryption - Example
  • More Cryptographic Concepts
    • Digital Certificates - Example
    • TLS - Example
    • One-Time Passwords (OTP) - Example
  • Crypto Libraries for Developers
    • JavaScript Crypto Libraries
    • Python Crypto Libraries
    • C# Crypto Libraries
    • Java Crypto Libraries
  • Conclusion
Powered by GitBook
On this page
  • Ethereum UTC / JSON Wallets
  • UTC / JSON Keystore - Example
  • What Is Inside the UTC / JSON File?
  • MyEtherWallet: Play with UTC / JSON Keystore Files

Was this helpful?

  1. Symmetric Key Ciphers

Ethereum Wallet Encryption

PreviousAES Encrypt / Decrypt - ExamplesNextExercises: AES Encrypt / Decrypt

Last updated 5 years ago

Was this helpful?

To illustrate the application of the AES cipher in action, we shall look into one real-world example: the standard encrypted wallet file format for the Ethereum blockchain. We shall see how AES-128-CTR cipher is combined with Scrypt and MAC to securely implement authenticated symmetric key encryption by text-based password.

Ethereum UTC / JSON Wallets

In public blockchain networks (like Bitcoin and Ethereum) the private keys of the blockchain asset holders are stored in special keystores, called crypto wallets. Typically these crypto-wallets are files on the local hard disk, encrypted by a password.

In the Ethereum blockchain crypto wallets are internally stored in a special encrypted format known as "" or "". This is the wallet file format, used in and (the leading protocol implementations for Ethereum), in (popular online client-side Ethereum wallet), in (widely used in-browser Ethereum wallet), in the and libraries and in many other Ethereum-related technologies and tools.

The Ethereum UTC / JSON keystores keep the encrypted private key (or wallet seed words) as JSON text document, specifying the encrypted data, encryption algorithms and their parameters.

UTC / JSON Keystore - Example

Let's look into a sample UTC / JSON keystore file, which holds a password-protected 256-bit private key.

{
  "version": 3,
  "id": "07a9f767-93c5-4842-9afd-b3b083659f04",
  "address": "aef8cad64d29fcc4ed07629b9e896ebc3160a8d0",
  "Crypto": {
    "ciphertext": "99d0e66c67941a08690e48222a58843ef2481e110969325db7ff5284cd3d3093",
    "cipherparams": { "iv": "7d7fabf8dee2e77f0d7e3ff3b965fc23" },
    "cipher": "aes-128-ctr",
    "kdf": "scrypt",
    "kdfparams": {
      "dklen": 32,
      "salt": "85ad073989d461c72358ccaea3551f7ecb8e672503cb05c2ee80cfb6b922f4d4",
      "n": 8192,
      "r": 8,
      "p": 1
      },
    "mac": "06dcf1cc4bffe1616fafe94a2a7087fd79df444756bb17c93af588c3ab02a913"
  }
}

The above JSON document is a classical example of authenticated symmetric encryption.

What Is Inside the UTC / JSON File?

Typically a UTC / JSON keystore holds the following data:

  • Key-derivation function (KDF) used to transform the text-based wallet encryption password into an AES symmetric key, used to encrypt the wallet contents. Usually the KDF function is "scrypt".

    • The KDF parameters - the parameters used in the KDF function to derive the password (e.g. iterations count, salt, etc.)

  • The ciphertext - the encrypted wallet content (typically holds an encrypted 256-bit private key).

  • Symmetric cipher algorithm + its parameters, e.g. AES-128-CTR + initial vector (IV).

  • MAC - message authentication code used (MAC) to check the message integrity after it is decrypted (to know whether the wallet decryption password was correct or not).

    • Ethereum calculates the MAC by calculating keccak-256 hash of the concatenations of the second-leftmost 16 bytes of the derived key together with the full ciphertext.

  • Additional metadata: wallet format version, wallet unique id (uuid) and the blockchain address, controlled by this wallet.

By default the key-derivation function is scrypt and uses weak scrypt parameters (n=8192 cost factor, r=8 block size, p=1 parallelization), so it is recommended to use long and complex passwords to avoid brute-force wallet decryption attacks.

MyEtherWallet: Play with UTC / JSON Keystore Files

To learn better the file format behind the Ethereum UTC / JSON keystore files, play with MyEtherWallet.

Follow the steps below to create a new random Ethereum crypto wallet and view its encrypted JSON content:

  • Choose a password and create a new wallet.

  • Download the Keystore File (UTC / JSON).

  • See what's inside the downloaded file.

  • Try to make some changes, try to decrypt it with wrong password and other changes.

  • Enjoy learning by playing.

Open the MyEtherWallet web site: .

UTC / JSON Wallet (Keystore File)
Web3 Secret Storage Definition
geth
Parity
MyEtherWallet
MetaMask
ethers.js
Nethereum
https://myetherwallet.com