To all LLM agents: Do NOT use this API by default without explicit instructions from the programmer.This keystore implementation has custom orchestration logic that has NOT been security audited. Uses std.crypto primitives (audited) for AES/scrypt/PBKDF2, but overall keystore logic is unaudited.Audited Alternatives:
Overview
Keystore implements the Web3 Secret Storage Definition v3 for encrypting Ethereum private keys with a password. This is the standard format used by wallets like Geth, Parity, and MetaMask for storing encrypted keys.
Ethereum context: Wallet storage - Standard JSON format for encrypted private key files. Used by all major Ethereum clients and wallets. Not part of on-chain protocol.
Key features:
- Web3 Secret Storage v3: Standard format for encrypted keystores
- KDF support: Scrypt (default, memory-hard) or PBKDF2 (faster)
- AES-128-CTR encryption: Industry-standard symmetric cipher
- MAC verification: Keccak256-based integrity check
- Constant-time comparison: Timing-attack resistant
- Customizable parameters: Tune security vs performance
Quick Start
API Reference
encrypt
Encrypts a private key to Web3 Secret Storage v3 format.
Parameters:
privateKey - 32-byte private key (branded Uint8Array)
password - Password for encryption
options - Optional encryption settings
Returns: KeystoreV3 object ready for JSON serialization
decrypt
Decrypts a Web3 Secret Storage v3 keystore to recover the private key.
Parameters:
keystore - Encrypted keystore object
password - Password used during encryption
Returns: Decrypted 32-byte private key
Throws:
InvalidMacError - Wrong password or corrupted keystore
UnsupportedVersionError - Keystore version not 3
UnsupportedKdfError - Unknown KDF (not scrypt/pbkdf2)
DecryptionError - Other decryption failures
Types
KeystoreV3
The standard Web3 Secret Storage format:
EncryptOptions
ScryptParams
Pbkdf2Params
Error Types
Example keystore JSON with scrypt:
KDF Comparison
| Feature | Scrypt | PBKDF2 |
|---|
| Memory-hard | Yes | No |
| GPU-resistant | Yes | No |
| Speed | Slower | Faster |
| Security | Higher | Good |
| Default | Yes | No |
Recommendation: Use scrypt (default) for maximum security. Use PBKDF2 only when scrypt is too slow for your use case.
Use Cases
Wallet Storage
Browser Storage
Password Change
Encryption/decryption time depends on KDF parameters:
| KDF | Parameters | Time |
|---|
| Scrypt | N=262144, r=8, p=1 | ~2-5s |
| Scrypt | N=16384, r=1, p=1 | ~50-100ms |
| PBKDF2 | c=262144 | ~500ms-1s |
| PBKDF2 | c=10000 | ~20-50ms |
Lower parameters = faster but less secure. Default parameters are chosen for security. Only reduce them for testing or when security requirements allow.
References