我们都知道,在区块链的世界中,私钥是你有用某一地址的唯一标识。丢失了私钥就等于丢失了此地址的所有权。
We all know that xff0c; in the world of block chains xff0c; the private key is the only sign you can use for an address. The loss of a private key is the loss of ownership of the address.
以太坊的私钥文件存储于数据目录(datadir指向或默认目录)下,对应的目录为keystore。所有的私钥文件都经过加密之后存储于此目录下。
Stores a private key file in a data directory xff08; datadir point or default directory xff09; lower xff0c; corresponding directory is keystore. All private key files are stored under this directory after encryption.
以太坊的客户端或图形界面帮助我们因此了底层复杂的密码实现,唯一需要我们做的就是保存好(多出备份)keystore下面的加密私钥文件和加密的密码。否则,有可能失去辛苦挖来的以太币或花钱购买来的以太币。
#xff0c is used as a client or graphical interface to help us achieve xff0c, which is the underlying complex password; the only thing we need to do is save xff08; backup xff09; encrypted private key files and encrypted passwords below Keystore. Otherwise xff0c; there is a risk that we may lose
记住,永远不要犯的错误:丢失keystore文件或忘记密码!
Remember xff0c; never make an error xff1a; lose keystore file or forget password xff01;
以太坊创建账户的操作非常简单,但有不同的展现形式。以geth客户端为例。
It is very simple to create an account in the Tai Chamber & #xff0c; but in different forms of presentation. For example, the geth client.
command命令方式
以上操作是直接执行geth客户端的命令(command)来创建账户和展示账户私钥文件信息。创建过程中需要两次输入对私钥加密的密码。此种方式的好处是不需要单独启动geth节点即可创建完成账户。
The above actions are direct execution of the geth client's command xff08;command) to create an account and display the account's private key file information. Two passwords for private key encryption are required during the creation process. The advantage of this approach is that a complete account can be created without separately starting the geth node.
console命令方式
此种方式需先启动geth节点,并进入console命令行交互界面。然后执行以下命令:
This means starting the geth node & #xff0c; and entering the console command line interactive interface. Then executing the following command & #xff1a;
通过personal角色来管理和创建新账号,并设置密码。
Manages and creates a new account & #xff0c through a personial role; and sets the password.
keystore文件是你独有的,用于签名交易的以太坊私钥的加密文件。一旦丢失文件或加密密码就意味着你失去了此地址发起交易、签名交易的特权,账户里面的资金将永远被锁。
Keystore files are your unique & #xff0c; encrypted files for signing transactions with a private key in Taiwan. The loss of a file or encryption password means that you lose the privilege of initiating a transaction at this address, signing a transaction & #xff0c; the funds in the account will be locked forever.
keystore文件存在的价值就是以加密的方式存储密钥,同时在使用的时候只需要提供keystore文件和对应的密码即可发起交易。安全性与可用性达到了完美的平衡。
The value of the keystore file is to store the key & #xff0c in an encrypted format; at the same time, the transaction can be initiated only by providing the keystore file and the corresponding password. Security and usability are perfectly balanced.
但是,我们需要注意的是一旦用密码对加密文件进行解锁之后,在有效时间内通一个客户端下,你可以发起交易,如果别人可以访问你的客户端,同样也可以发起交易。在网络安全不足的情况下,这是被盗币的场景之一。
But xff0c; what we need to note is that once encrypted files are unlocked with a password xff0c; xff0c below a client for a valid time; you can start a transaction xff0c; you can also start a transaction if someone else can access your client xff0c; xff0c; this is one of the scenes of stolen currency.
秘钥文件为文本文件,可以使用任何文本编辑器或浏览器打开。
The key file is a text file & #xff0c; you can open it with any text editor or browser.
通过文件中的内容,我们能看到的是一个json字符串,里面包含了此秘钥对应的地址和加密相关的一些信息。
Through the contents of the file & #xff0c; we can see a json string & #xff0c; it contains the address corresponding to this key and some information related to encryption.
- cipher:加密算法,对称加密,AES算法,用于加密以太坊私钥;
- cipherparams:cipher算法需要的参数,参数iv,是aes-128-ctr加密算法需要的初始化向量;
- ciphertext:加密后的密文,aes-128-ctr函数的加密输入密文;
- kdf:秘钥生成函数,用于使用密码加密keystore文件;
- kdfparams:kdf算法所需要的参数;
- mac:验证密码的编码;
加密秘钥
一个以太坊账户是由一对公私钥对构成,并使用强对称算法(cipher)进行加密。
An Etheria account is made up of a pair of public-private key pairs xff0c; encrypted using a strong symmetric algorithm xff08; cipher)
我们看一下具体的流程图《ciphertex密文的对称解密》:
Let's take a look at the specific flowchart "Symmetial Decryption of Ciphertex Secrets" #xff1a;
客户端读取密钥文件和加密密码,对私钥进行解密,然后使用私钥对发送的交易进行签名。
Client reads key files and encryption passwords xff0c; decrypts private keys xff0c; then signs the transaction sent using private keys.
密码保护
以太坊使用基于密码保护的机制来解密密钥。这样用户就不需要记住一串非用户友好的密码。为了达到此效果,以太坊使用密钥生成函数,根据输入的密码和一系列参数就能计算解密密钥。
Use password-protected mechanisms to decrypt keys in the courthouse. The user does not need to remember a list of non-user-friendly passwords. To achieve this effect & #xff0c; to use key generation functions & #xff0c in the courthouse; to calculate the decryption key based on the password and a series of parameters entered.
这就涉及到kdf和kdfparams的用途:
This relates to the use of kdf and kdfparams & #xff1a;
- kdf是一个密钥生成函数,根据密码计算(或者取回)解密密钥。kdf用的是scrypt算法。
- kdfparams是scrypt函数需要的参数。更多的参数可以参考:https://tools.ietf.org/html/rfc7914
用kdfparams参数对scrypt函数进行调整,反馈密码中,得到解密密钥,也就是密钥生成函数的输出。
Adjusting the Scrypt function & #xff0c with kdfparams parameters; , in feedback password; getting decryption key & #xff0c; i.e. output of key generation function.
错误密码
当输入错误密码时,密码派生和解密等操作都会成功,但最终计算所得的以太坊私钥不是正确的,因此无法进行解锁账户的操作。
When the wrong password is entered, xff0c; operations such as password derivatives and declassification are successful xff0c; but the resulting #xff0c private key is not correct; it is therefore not possible to unlock the account.
keystore文件中mac值起作用的地方。在密钥生成函数执行之后,它的输出(解密密钥)和ciphertext密文就被处理,并且和mac(类似于数据签名)作比较。如果结果和mac相同,那么密码就是正确的,可以开始解密操作。
Where the Mac value in the keystore file works. After the key generation function is executed xff0c; its output xff08; decryption key xff09; and ciphertext is processed xff0c; and Macxff08; similar to the data signature xff09; for comparison purposes. If the result is the same as Mac xff0c; the password is correct xff0c; can start decrypting operations.
在和mac进行比较之前,需要解密密钥(左起第二字节开始的16字节)要和ciphertext*密文连接在一起,并进行哈希散列(用SHA3-256的方法)。
xff0c; decrypt key xff08; 16 bytes xff09 from the second byte to the left; connect to ciphertext* secret xff0c; and Hashish xff08; method xff09 using SHA3-256;
流程回顾
输入密码,密码作为kdf密钥生成函数的输入,计算解密密钥。用解密密钥和ciphertext密文连接并进行处理,和mac比较确保密码正确。最后,通过cipher对称函数用解密密钥对ciphertext 密文解密。
Enter the password & #xff0c; the password as the input & #xff0c for the kdf key generation function; calculates the decryption key. The decryption key connects to the ciphertext secret and handles & #xff0c; and mac compares to ensure that the password is correct. Final & #xff0c; decrypts the ciphertext message with the decrypher symmetry function.
**获取更多资讯,请关注微信公众号:程序新视界。或加入QQ技术交流群:659809063。
本人诚接以太坊相关研发及技术支持(以太坊接口封装&代币开发等),如有需要请联系QQ:541075754。非诚勿扰。**
** Get more information xff0c; xfff1a; program new horizon. or join QQT & #xff1a; 659809063.
I have been involved in relevant research and development and technical support from the Tai Township xff08; xff09 xff0c; xff0c; contact QQ: 541075754. Undisturbed. **
获得一对一技术咨询请扫码加入知识星球(小密圈)
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论