Converts BLS12-381 v4 keystore's kdf function parameters.
Warning
The kdf function parameters should not be lower for production keys. The OWASP recommend minimum SCRYPT n
parameter should be 2^17=131072. The defaults for v4 keystores are 2^18=262144. Use this program at your own risk!
This program reads v4 formatted .json
files from a directory and either a single password file or
matching password file names ending in .txt
from a directory and converts the kdf function to either
PBKDF2 or SCRYPT. The v4 keystore generated by other tools is typically using SCRYPT with cpu cost parameter n=262144
which makes it very secure but very expensive to compute. By decreasing n
parameter in SCRYPT or c
parameter in PBKDF2,
the decryption time can be decreased drastically. The lower the value, the faster the decryption.
The encryption/decryption code is based on Teku
git clone /~https://github.com/usmansaleem/v4keystore_converter.git
cd v4keystore_converter
./bld download compile
To convert the v4 keystore test vectors
to pbkdf2 with c=10
, the usage would be:
mkdir ./converted
./bld run --args="--src=./testvectors/keys --dest=./converted \
--password-path=./testvectors/passwords \
--kdf-function=PBKDF2 -c=10"
Similarly, to convert the test vectors to scrypt with n=128
, the usage would be:
./bld run --args="--src=./testvectors/keys --dest=./converted \
--password-path=./testvectors/passwords \
--kdf-function=SCRYPT -n=128"
The output would look like:
[main] INFO Main - Reading .json paths from ./testvectors/keys
[main] INFO Main - Reading password(s) from ./testvectors/passwords
[main] INFO Main - Decrypting keystores ...
[main] INFO Main - Time taken: 1.065 s
[main] INFO Main - Converting keystores ...
[main] INFO Main - Done. Total Time taken: 1.089 s