z-v4-converterusmansaleem/z-v4-converter
BLS Keystore Converter written in Zig
Dependencies
b7e3348ed60f99ba32c75aa707ff7c87adc31b36README
z-v4-converter - BLS12-381 v4 Keystore converter
Converts BLS12-381 v4 keystore's kdf function parameters. Written in Zig.
WARNING The kdf function parameters should not be lower for production keys. The OWASP recommend minimum SCRYPT
nparameter should be 2^17=131072. The defaults for v4 keystores are 2^18=262144. Use this program at your own risk!
About
This program decrypts v4 (BLS) keystores and re-encrypt them again with supplied kdf function parameters. The v4
keystore generated by other tools is typically using SCRYPT with cpu cost parameter n=262144 which makes it very
secure but very expensive to compute, which makes start up time of validators very long. By decreasing n parameter
in SCRYPT or c parameter in PBKDF2, the decryption time can be decreased drastically. The lower the value, the faster
the decryption.
Usage:
To use this program,
- Download pre-built binaries from the releases
- Build from source
Build from source
Pre-req: Zig 0.15.1. See Zig Releases for more details on how to install on your system.
git clone https://github.com/usmansaleem/z-v4-converter.git
zig build --release=safe
./zig-out/bin/z-v4-converter --help
Mode
This program uses WEB3SIGNER and NIMBUS mode to expect the keystore and their password files naming patterns.
WEB3SIGNER mode:
In this mode, the keystore files are stored in a directory as <public-key>.json and password files are stored in a
different directory as <public-key>.txt. This is the default mode.
NIMBUS mode:
In this mode, the keystore files are stored in a directory as <public-key>/keystore.json where <public-key> is a
subdirectory; while the password files are stored in a different directory as <public-key>, a regular file, without
any extension.
Minimal Usage:
./zig-out/bin/z-v4-converter --src ./tests/fixtures/web3signer/keystores \
--dest /tmp/t1 \
--password_dir ./tests/fixtures/web3signer/passwords
License
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
SPDX-License-Identifier: (Apache-2.0 OR MIT)
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.