Context:

All the dependencies listed in the package.json file are fixed to exact versions. Is there a particular reason why this is? For a library package, keythereum should allow minor and patch versions to be used (and allow npm to deduplicate them in consuming applications).

I got an error "Error: method only available in Node.js", when I use a function named "keythereum.importFromFile()" by javascript. I ran successfully in node. But written in the JS file, it will prompt the error by opening the web page. My system is Ubuntu 16.04

Hi there,
how can I create several accounts and import/export it? For example Mist allow to store many accounts.

https://github.com/ethereumjs/keythereum/blob/master/package.json#L27

Why?

isHexadecimal looks not good for us validatorjs/validator.js#648
Is keys by geth can be encoded with base64?

should we implement own validators and remove this package?

I wish to use an empty string for password/passpharse for private key for testing purposes

[ DELETED ]

deriveKey internally performs a if (password && salt) before proceeding. This works fine for most scenarios, but will fail when password is an empty string (which should still be a valid use case).

Additionally when it does fail, it does not throw an informative exception, it just returns undefined and tends to cause a confusing error somewhere down the line (calling slice of undefined and what not).

Suggested tweaks:

• Change the password check to password != null or typeof password === 'string'.
• When either password or salt are missing, throw an exception.

The number of rounds slows down the main UI thread so was wondering if there's a way to use it in a web worker. I've tried using webworkify with no luck. Thanks

I'm getting error aes-128-ctr is not available when trying to run keythereum.recover().

I'm using web3 version ^0.19.1.

Using keythereum on Safari on iOS 10+ causes errors about keys length:

TypeError: invalid key length 32

The problem is due to the version of buffer coming with browserify^10.2.6 : the slice method doesn't return the modified buffer but the original one.
This causes errors when slicing keys (for exemple here).

The solution is to upgrade browserify on ^13.1.1 and rebuild the package.

Hello, when I use keythereum in vue.js, the speed of generating keystore is very slow. It takes about a minute, what's the problem, and is there a solution?

"angular/compiler-cli": "^4.2.4",
"typescript": "~2.3.3"

var dk = keythereum.create(this.params);

"scripts": [
"assets/keythereum.min.js",
"assets/keythereum.js"
],

AppComponent.html:7 ERROR TypeError: crypto.randomBytes is not a function
    at Object.create (index.js:304)
    at AppComponent.webpackJsonp.../../../../../src/app/app.component.ts.AppComponent.generateWallet (app.component.ts:24)
    at Object.eval [as handleEvent] (AppComponent.html:7)
    at handleEvent (core.es5.js:12023)
    at callWithDebugContext (core.es5.js:13493)
    at Object.debugHandleEvent [as handleEvent] (core.es5.js:13081)
    at dispatchEvent (core.es5.js:8615)
    at core.es5.js:9226
    at HTMLButtonElement.<anonymous> (platform-browser.es5.js:2651)
    at ZoneDelegate.webpackJsonp.../../../../zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:425)

When I use recover method in keythereum lib. I get error "Cannot read property 'Crypto' of undefined"

Just wondering why key import only runs on Node? I was hoping to be able to upload a key file or at least paste in the json into a text box and have keythereum import it.

Hello! Good day!.

, I tried the below link for login authentication :
https://auth0.com/docs/quickstart/native/ionic3/01-login.

I am facing the crypto issue “TypeError: crypto.randomBytes is not a function
TypeError: crypto.randomBytes is not a function”.
Then, I try to solve the issue with following link :slight_smile:https://stackoverflow.com/questions/47486774/crypto-randombytes-is-not-a-function-in-angular

But, I am stuck on the console error such as below :
Error: ENOENT: no such file or directory, open ‘C:\Users\username\Documents\ionic\Cabling\cabling2\node_modules[PACKAGE_ERROR][FILE_ERROR]’
errno: -4058,
code: ‘ENOENT’,
syscall: ‘open’,
path: ‘C:\Users\username\Documents\ionic\Cabling\cabling2\node_modules[PACKAGE_ERROR][FILE_ERROR]’ }

My node version is 8.11.2
Angular CLI: 7.3.9

Could you please help me?
Thank you so much.

I have exception Uncaught Exception...RangeError: private key length is invalid from

exports.isBufferLength = function (buffer, length, message) {
  if (buffer.length !== length) throw RangeError(message)
}

<Buffer 83 8b f2 6b d6 35 85 cd 25 b7 c7 8c 3c 7d ed fe 29 b7 de 72 d7 6c 8c c2 ca 76 b9 72 ff c7 44 2e>
Code:

    let privateKey = "838bf26bd63585cd25b7c78c3c7dedfe29b7de72d76c8cc2ca76b972ffc7442e";
    var params = { keyBytes: 32, ivBytes: 16 };
    let password = "1";
    var options = {
    kdf: "scrypt",
    cipher: "aes-128-ctr",
    kdfparams: {
        n: 262144,
        dklen: 32,
        p:1,
        r:8
    }
    };
    var dk = keythereum.create(params);
    //var nullBuff = new Buffer ([0x00]);
    //dk.privateKey = Buffer.concat([nullBuff, privateKey]);
    dk.privateKey = new Buffer(privateKey);
    keythereum.dump(password, dk.privateKey, dk.salt, dk.iv, options, function (keyObject) {
        keythereum.exportToFile(keyObject);
    });

In case when I empty if blocks in RangeError in assert.js, I getting privatekey is incorrect. I tried with like 5 private keys already.

i found the encrypt and decrypt functions but no sign and verify functions ? i could be an useful improvement. Should we use ethereumjs-util to do theses operations.
Best regards

Export is implemented, but not import.

Hey, any plans to provide Keythereum as an ES6/CommonJS module for compatibility with JavaScript module bundlers (like Webpack)? Generally, the JS ecosystem has moved beyond inclusion via script tag so it'd be great to see this support added to this very useful library!

Appreciate there would be a lot of work involved in this so just starting off discussion by checking if it had been thought about already.

Thanks!

Hello,

I would like to use this module with https://github.com/ethereumjs/ethereumjs-tx, so that I can sign directly transactions from my browser, and I don't know if it is really secure. Maybe it is not the right place to ask, so please tell me if it isn't.

I would like to store the keystore file on a server, load it in a webapp in my (regular, not mist) browser, unlock the account using keythereum, sign the transactions I want to make with ethereumjs-tx and finally send them to a remote node using the eth_sendrawtransaction of the RPC API.

Let's suppose for this paragraph that the browser environment is safe.
If the https connection is MITMed, and the keystore file is intercepted, is it a problem?

Is the browser environment really safe?

Is it possible to import a keystore file from a string ?
For example, I would like to be able to drop my keystore file in the browser to use it, but I haven't seen a function to read the account from a string.

We can create a new account in geth console like this:

personal.newAccount("my-password")

Is it possible to do the same thing with this library without geth/parity?

The recover function of keythereum runs more than 7 times slower than unlockAccount in geth.

// setup code omitted
(async()=>{
  const tm1 = Date.now();
  await web3.eth.personal.unlockAccount(acct, passwd);
  const tm2 = Date.now();
  console.log(tm2 - tm1);
  var keyObject = keythereum.importFromFile(acct, datadir);
  const tm3 = Date.now();
  var privateKey = keythereum.recover(passwd, keyObject);
  const tm4 = Date.now();
  console.log(tm4 - tm3);
})()

Prints

766
5697

Why is that? Can it be improved?

I have to use geth-generated accounts, and specifying fewer hashing rounds is not an option.

npm install keythereum fails when using node v12

https://gist.github.com/phahulin/3f267d933a5cc78a56b599f6c5d0b8d1

looks like the reason is scrypt package

Would a PR with promise support be accepted?

The source is very simple

keythereum.exportToFile(keyObject, './blockchain/keystore');

The cause is the use of the character ':' in the filename. There is a list of invalid characters in filenames under Windows Naming conventions.

The workaround used by geth is to replace ':' with '-'.

Otherwise the code works without problems under linux.

fs.js:640
  return binding.open(pathModule._makeLong(path), stringToFlags(flags), mode);
                 ^

Error: ENOENT: no such file or directory, open 'D:\demo\blockchain\keystore\UTC--2017-02-24T20:32:07.469Z--acafe503ff60fd6b7ae0a48ca7c6f70a8f88dada'
    at Error (native)
    at Object.fs.openSync (fs.js:640:18)
    at Object.fs.writeFileSync (fs.js:1333:33)
    at Object.exportToFile (D:\demo\node_modules\keythereum\index.js:566:16)
    at async.eachOfLimit.accounts.admin (D:\demo\blockchain.js:126:22)
    at replenish (D:\demo\node_modules\async\dist\async.js:881:17)
    at D:\demo\node_modules\async\dist\async.js:885:9
    at Object.eachOfLimit (D:\demo\node_modules\async\dist\async.js:912:22)
    at D:\demo\blockchain.js:118:15
    at nextTask (D:\demo\node_modules\async\dist\async.js:5070:14)

Getting the following error:

/key/node_modules/keythereum/index.js:411
    iv = this.str2buf(keyObjectCrypto.cipherparams.iv);
                                                   ^

TypeError: Cannot read properties of undefined (reading 'iv')
    at Object.recover (/Users/jawestlu/Downloads/key/node_modules/keythereum/index.js:411:52)
    at Object.<anonymous> (/Users/jawestlu/Downloads/key/test.js:8:31)
    at Module._compile (node:internal/modules/cjs/loader:1246:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1300:10)
    at Module.load (node:internal/modules/cjs/loader:1103:32)
    at Module._load (node:internal/modules/cjs/loader:942:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12)
    at node:internal/main/run_main_module:23:47

Node.js v19.5.0

Executing using this code:

const fs = require("fs");
const keythereum = require("keythereum");

const KEYSTORE = "/key/key.json";
const PASSWORD = "*****";

const keyObject = JSON.parse(fs.readFileSync(KEYSTORE, {encoding: "utf8"}));
const privateKey = keythereum.recover(PASSWORD, keyObject).toString("hex");
console.log(`0x${keyObject.address}: 0x${privateKey}`);

These are the keys in the json:

"crypto":
"kdf":
"function":
"params":
"dklen":
"salt":
"n":
"r":
"p":
"message":
"checksum":
"function":
"params":
"message":
"cipher":
"function":
"params":
"iv":
"message":
"description":
"pubkey":
"path":
"uuid":
"version":

The packge depends on "node-scrypt" package which is deprecated:

#WARNING!!! This module is deprecated. Instead, use https://nodejs.org/api/crypto.html#crypto_crypto_scrypt_password_salt_keylen_options_callback

The package fails to build in last released version and it prevents to npm install projects having that or THIS package in dependencies:
web3/web3.js#3408 (comment)
(I had the same build issue on Fedora Linux in app with keythereum dependency - the scrypt was failing to build.)

The fix for this is merged, but the package maintainer is unable to release fixed version:
barrysteyn/node-scrypt#197 (comment)

The only solution is to use version from git:

npm install github:barrysteyn/node-scrypt#fb60a8d3c158fe115a624b5ffa7480f3a24b03fb

But that is pretty complicated if your package depends indirectly, like through keythereum.
You need to hack it using npm-shrinkwrap and lock all your dependencies on specified versions. (Which is not usable for libraries.)

Also the package author recommends to not use node-scrypt:

Sorry guys, I was having a bit of trouble updating things. I do intend to publish soon though.
Quick question for anyone out there: I was under the impression that Node provides Scrypt encryption in it's own core libraries. If so, why are people still using this?

Are there any plans to remove or replace this dependency?
Thanks!

I install lib, when build with debug chrome it work, but build on device or turn off debug then error:

secure random number generation is not supported by this browser
How to solution??

Should the defaults for scrypt kdf be

p = 1
r = 8

instead of

p = 8
r = 1

Just looking at my own keystore, these defaults looked flipped.

I using Asynchronous recover:

keythereum.recover(password, keyObject, function (privateKey) {
// do stuff
});

I can't check 'message authentication code mismatch'. how to solution it?

Library version - 1.0.4
Error message - keythereum/lib/scrypt.js:2431 Linking failure in asm.js: Invalid heap size

I use keythereum.js(without nodejs) in a browser. It works good, but not each time. Almost always the first time the site down and after refreshing the second time keys are created in 10 seconds. For encrypting I use default options. Is it possible to do browser version faster by change default options, like number of cycles or type of coding?

Using keythereum to recover plaintext private key with jSON string,when the hash round in key derivation is 1<<18,it spends about 20 minutes to recover,is it nomal?
Here is the implementation.

https://github.com/NedColin/Web3jsDemo/blob/master/Web3jsDemo/web3jsDemo/Web3SecretStore.m

//hash times 16, cost few seconds
NSString * p1 = [[Web3SecretStore sharedInstance] recovery:@"{\"address\":\"7daa0942447a2b6f6a749a2e3591178571cec52c\",\"crypto\":{\"cipher\":\"aes-128-ctr\",\"ciphertext\":\"376148c453bede9949db2089e24dd4b4b683f00f151aaad9b17802b435ad0f64\",\"cipherparams\":{\"iv\":\"427ad6ebb106f463746f78cc7680d4fe\"},\"mac\":\"9cfe0ac9e5dbf6913bbbcbd38932f5a17c97b970bdb7578f7d17c6e34e5f5fa2\",\"kdf\":\"scrypt\",\"kdfparams\":{\"dklen\":32,\"n\":16,\"r\":8,\"p\":1,\"salt\":\"14b081b2affed113a8639a2ef93a0e0fb82cdd7a1ffe04fb547b921ac65376e9\"}},\"id\":\"d7bae128-05e9-4975-98c7-e6c6dc7d2422\",\"version\":3}" password:@"1111"];

//hash times 262144 cost about 20 minitus
NSString * p2 =[[Web3SecretStore sharedInstance] recovery:@"{\"address\":\"a3b8b5b4b1efd9d52b6ecfe2d1802ffe397fee9a\",\"crypto\":{\"cipher\":\"aes-128-ctr\",\"ciphertext\":\"875aeaccf8799027bd3fdb6f41f92ca822987db4d53e4eb6d900f5ff9cb3b733\",\"cipherparams\":{\"iv\":\"6d14d4bbbb6e3c62bf28ddffba547bf5\"},\"mac\":\"92f37ef9359ebd2932a1adaa644013b1fef3fcd3d093e3569c8b4371b937522b\",\"kdf\":\"scrypt\",\"kdfparams\":{\"dklen\":32,\"n\":262144,\"r\":8,\"p\":1,\"salt\":\"eb2079cc1d4b1d4a05cb23b79c032edc376461b92b5f33144b5c66889107f865\"}},\"id\":\"e357f84f-3eb0-4e17-bd93-29f7044f41d7\",\"version\":3}" password:@"9999"];

Is there a way to disable logs like path where address data is saved after creation?
Also I cannot catch error, it just logs it in console which is a bit annoying.

keythereum.js:421 
Uncaught Error: message authentication code mismatch
    at verifyAndDecrypt (keythereum.js:421)
    at keythereum.js:445
    at keythereum.js:278
    at keythereum.js:30847
    at Item.run (keythereum.js:31226)
    at drainQueue (keythereum.js:31196)

and

Saved to file:
/home/user/parity/keys/chain/UTC--2018-03-01T15:32:02.766Z--c7a168b127181d4b8750aa4015058ff530b8c8b6
To use with geth, copy this file to your Ethereum keystore folder (usually ~/.ethereum/keystore).

I guess that console.log() and console.error() are used and I think it's not a good idea.

$ node unlock.js 
/Users/megatv/CODE/ETHEREUM/unlock-acc/node_modules/keythereum/index.js:471
        var iv = keyObject.Crypto.cipherparams.iv;
                                 ^

TypeError: Cannot read property 'cipherparams' of undefined
    at Object.module.exports.recover (/Users/megatv/CODE/ETHEREUM/unlock-acc/node_modules/keythereum/index.js:471:34)
    at Object.<anonymous> (/Users/megatv/CODE/ETHEREUM/unlock-acc/unlock.js:4:13)
    at Module._compile (module.js:425:26)
    at Object.Module._extensions..js (module.js:432:10)
    at Module.load (module.js:356:32)
    at Function.Module._load (module.js:313:12)
    at Function.Module.runMain (module.js:457:10)
    at startup (node.js:138:18)
    at node.js:974:3

$ cat unlock.js 
var key = require("./key.json"),
    keyethereum = require("keythereum");

keyethereum.recover("password", key);

osx, keyethereum version 0.2.1

I install keythereum in react native, but when import keythereum then error:

Unable to resolve module fs from '....node_modules/keythereum/lib/scrypt.js:Module fs` does not exist in the Haste module map.

How to resolve it.

So I was using keythereum to generate public and private keys.

const dk = ethereum.create();
parameters.address = ethereum.privateKeyToAddress(dk.privateKey);
parameters.pKey = dk.privateKey.toString('hex');

Now I have send some ETH to the generated wallet and it worked. The challenge I am facing is with withdrawal.

Anyone knows how I can withdraw the ETH from the generated wallet, I tried searching with no luck.

I know for BTC we can use blockchain.info to import the private keys. Is there a similar service for ETH too.

Thank you so much

https://github.com/ethereumjs/keythereum/blob/0.4.7/index.js#L8-L11

• why NODE_JS defined as (typeof module !== "undefined") && process && !process.browser? not just process.browser?
• instead var path = (NODE_JS) ? require("path") : null; will better resolve through browser field in package.json

Currently, I have to write my own await/async wrapper for the async functions in the library. Would it be possible to promisify those async functions (e.g. exportToFile, importFromFile)? It could be using the
fairly standard pattern - if cb is specified, then use callback; otherwise return a promise.

At this following line:

if (!filepath) {
    return new Error("could not find key file for address " + address);
}

I think the error should be thrown, not returned.

Created a pull request: #60

Does keythereum include a way to convert a lowercase addresses to include uppercase letters to verify the checksum?

I'm referring to the checksum algorithm outlined at this link: https://ethereum.stackexchange.com/a/19048

Thanks!

Maybe im wrong but I try to generate private key in order to be able to import them in metamask.
So I create:

var dk = keythereum.create();
var keyObject = keythereum.dump(password, dk.privateKey, dk.salt, dk.iv)

then I try to export private key in plain text by using recover:

var privateKey = keythereum.recover(password, keyObject);
var readablePrivKey = privateKey.toString('base64');
console.log(readablePrivKey);
> R4TKRCemmMaY8NtIipcrVKIQ+RumXvOOyg5VIG/lXuY=

I got this result which is not corresponding with the ethereum private key adress, so maybe i do something wrong but I try to understand.
Regards

I am trying to export key with password passed to the keyethereum module. Code is as below:

params = {
keyBytes: 32,
ivBytes: 16
};
options = {
kdf: "scrypt",
cipher: "aes-128-ctr",
kdfparams: {
dklen: 32,
n: 262144,
p: 1,
r: 8
}
};
keythereum.create(params, function (dk) {
keythereum.dump(password, dk.privateKey, dk.salt, dk.iv, options, function (keyObject) {
keythereum.exportToFile(keyObject, config.get('Application.envConfig.serverFileLocation'), function (response) {
log.info("successfully created new account:" + response);
def.resolve({error: undefined, response: response});
});
}, function (err) {
log.error("error occured while creating address:" + err);
def.reject({error: err.stack, response: undefined });
});
}, function (err) {
log.error("error occured while creating address:" + err);
def.reject({error: err.stack, response: undefined});
});

But I am facing:

"RangeError: Array buffer allocation failed",
" at new ArrayBuffer ()",
" at module.exports (/home/ubuntu/v3/v2-node-latest/node_modules/keythereum/lib/scrypt.js:357:11)",
" at Object.deriveKey (/home/ubuntu/v3/v2-node-latest/node_modules/keythereum/index.js:207:18)",
" at Object.dump (/home/ubuntu/v3/v2-node-latest/node_modules/keythereum/index.js:394:10)",

I already did npm install with keythereum="^0.2.5" in the packages (even removed all node_modules and reinstalled)
In code I simply do the following which generates the error:
var keythereum = require('keythereum');

module initialization error: Error at Module.load (module.js:356:32) at Function.Module._load (module.js:312:12) at Module.require (module.js:364:17) at require (module.js:380:17) at Object. (/var/task/node_modules/ethereumjs-util/index.js:1:76) at Module._compile (module.js:456:26) at Object.Module._extensions..js (module.js:474:10) at Module.load (module.js:356:32) at Function.Module._load (module.js:312:12) at Module.require (module.js:364:17)

Any ideas?