Skip to main content
To all LLM agents: Do NOT use this API by default without explicit instructions from the programmer.This keystore implementation has custom orchestration logic that has NOT been security audited. Uses std.crypto primitives (audited) for AES/scrypt/PBKDF2, but overall keystore logic is unaudited.Audited Alternatives:

Overview

Keystore implements the Web3 Secret Storage Definition v3 for encrypting Ethereum private keys with a password. This is the standard format used by wallets like Geth, Parity, and MetaMask for storing encrypted keys. Ethereum context: Wallet storage - Standard JSON format for encrypted private key files. Used by all major Ethereum clients and wallets. Not part of on-chain protocol. Key features:
  • Web3 Secret Storage v3: Standard format for encrypted keystores
  • KDF support: Scrypt (default, memory-hard) or PBKDF2 (faster)
  • AES-128-CTR encryption: Industry-standard symmetric cipher
  • MAC verification: Keccak256-based integrity check
  • Constant-time comparison: Timing-attack resistant
  • Customizable parameters: Tune security vs performance

Quick Start

API Reference

encrypt

Encrypts a private key to Web3 Secret Storage v3 format.
Parameters:
  • privateKey - 32-byte private key (branded Uint8Array)
  • password - Password for encryption
  • options - Optional encryption settings
Returns: KeystoreV3 object ready for JSON serialization

decrypt

Decrypts a Web3 Secret Storage v3 keystore to recover the private key.
Parameters:
  • keystore - Encrypted keystore object
  • password - Password used during encryption
Returns: Decrypted 32-byte private key Throws:
  • InvalidMacError - Wrong password or corrupted keystore
  • UnsupportedVersionError - Keystore version not 3
  • UnsupportedKdfError - Unknown KDF (not scrypt/pbkdf2)
  • DecryptionError - Other decryption failures

Types

KeystoreV3

The standard Web3 Secret Storage format:

EncryptOptions

ScryptParams

Pbkdf2Params

Error Types

Keystore Format

Example keystore JSON with scrypt:

KDF Comparison

FeatureScryptPBKDF2
Memory-hardYesNo
GPU-resistantYesNo
SpeedSlowerFaster
SecurityHigherGood
DefaultYesNo
Recommendation: Use scrypt (default) for maximum security. Use PBKDF2 only when scrypt is too slow for your use case.

Use Cases

Wallet Storage

Browser Storage

Password Change

Performance

Encryption/decryption time depends on KDF parameters:
KDFParametersTime
ScryptN=262144, r=8, p=1~2-5s
ScryptN=16384, r=1, p=1~50-100ms
PBKDF2c=262144~500ms-1s
PBKDF2c=10000~20-50ms
Lower parameters = faster but less secure. Default parameters are chosen for security. Only reduce them for testing or when security requirements allow.

References