Research
Security News
Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
blockstack-keychains
Advanced tools
Library for creating elliptic curve keypairs and deriving child keys
A library for effective private and public keychain management.
$ npm install blockstack-keychains
import { PrivateKeychain, PublicKeychain, getChildKeypair, getEntropy } from 'blockstack-keychains'
var blockstackKeychains = require('blockstack-keychains')
var PrivateKeychain = blockstackKeychains.PrivateKeychain,
PublicKeychain = blockstackKeychains.PublicKeychain,
getEntropy = blockstackKeychains.getEntropy,
getChildKeypair = blockstackKeychains.getChildKeypair
This library provides a powerful key derivation interface that is based on the creation of private and public keychains.
A private keychain contains a private key, and has a corresponding public keychain that can be derived from it.
Child keychains can be derived in 6 different ways:
Method 1 can be used to create private subaccounts, as long as the creator keeps a recording of the entropy used to derive each subaccount.
Method 2 can be used to enumerate private subaccounts, without the requirement of recording any information beyond the information stored in the master keychain (this is the equivalent of BIP32 hardened keys).
Method 3 can be used to create private subaccounts that can be accessed/re-derived by name.
Method 4 can be used to create children that are not known to be linked to the parent until the entropy for each key is revealed.
Method 5 can be used to enumerate a bunch of children and be certain that everyone with the same public keychain is enumerating the same keys without having to share additional information (this is the equivalent of BIP32 unhardened keys).
Method 6 can be used to create a bunch of children that can be accessed/re-derived by name.
let privateKeychain = new PrivateKeychain()
let privateKey = privateKeychain.privateKey('hex')
let publicKeychain = privateKeychain.publicKeychain()
let publicKeyString = '023db6b4e3cb22097a9b6b9c82ff6becb8cb01561fd46c3484abf22ff4dc30ee58',
publicKeychain2 = new PublicKeychain(publicKeyString)
let publicKey = publicKeychain.publicKey('hex')
let mnemonic = privateKeychain.mnemonic()
console.log(mnemonic)
'aim elbow hungry involve ranch source car connect come wasp spread pet board welcome give garden virtual goose juice today over illness shove slam'
let entropy = getEntropy(32)
let privateChildKeychain = privateKeychain.child(entropy)
let publicChildKeychain = publicKeychain.child(entropy)
let publicChildKeychain2 = privateChildKeychain.publicKeychain()
Note that the independently derived public child keychains should be equal:
let publicKey1 = publicChildKeychain.publicKey('hex')
let publicKey2 = publicChildKeychain2.publicKey('hex')
console.log(publicKey1 === publicKey2)
true
let firstPrivateChildKeychain = privateKeychain.privatelyEnumeratedChild(0)
let firstPublicChildKeychain = publicKeychain.publiclyEnumeratedChild(0)
Note that the privately-enumerated child should not correspond to the publicly-enumerated child
let publicKey1 = firstPrivateChildKeychain.publicKeychain().publicKey('hex')
let publicKey2 = firstPublicChildKeychain.publicKey('hex')
console.log(publicKey1 === publicKey2)
false
let namedPrivateChildKeychain = privateKeychain.privatelyNamedChild('home-laptop-1')
let namedPublicChildKeychain = publicKeychain.publiclyNamedChild('home-laptop-1')
Note that the privately-named child should not correspond to the publicly-named child
let publicKey1 = namedPrivateChildKeychain.publicKeychain().publicKey('hex')
let publicKey2 = namedPublicChildKeychain.publicKey('hex')
console.log(publicKey1 === publicKey2)
false
FAQs
Library for creating elliptic curve keypairs and deriving child keys
The npm package blockstack-keychains receives a total of 4 weekly downloads. As such, blockstack-keychains popularity was classified as not popular.
We found that blockstack-keychains demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.