Cryptography

Keys and signatures

class pytezos.crypto.key.Key(public_point: bytes, secret_exponent: Optional[bytes] = None, curve: bytes = b'ed', activation_code: Optional[str] = None)[source]

Represents a public or secret key for Tezos. Ed25519, Secp256k1 and P256 are supported.

blinded_public_key_hash()str[source]

Creates base58 encoded commitment out of activation code (required) and public key hash

Returns

blinded public key hash

classmethod from_alias(alias: str, passphrase: Optional[Union[str, bytes]] = None, tezos_client_dir: str = '~/.tezos-client')pytezos.crypto.key.Key[source]

Import secret key from tezos-client keychain.

Parameters
  • alias – key alias

  • passphrase – if key is encrypted (optional)

  • tezos_client_dir – path to the tezos client directory (default is ~/.tezos-client)

Return type

Key

classmethod from_encoded_key(key: Union[str, bytes], passphrase: Optional[Union[str, bytes]] = None)pytezos.crypto.key.Key[source]

Creates a key object from a base58 encoded key.

Parameters
  • key – a public or secret key in base58 encoding

  • passphrase – the passphrase used if the key provided is an encrypted private key, if not set value from from PYTEZOS_PASSPHRASE env variable will be used or promted dynamically

classmethod from_faucet(source: Union[str, dict])pytezos.crypto.key.Key[source]

Import key from a faucet file: https://faucet.tzalpha.net/

Parameters

source – path to the json file

Return type

Key

classmethod from_mnemonic(mnemonic: Union[List[str], str], passphrase: str = '', email: str = '', validate: bool = True, curve: bytes = b'ed', activation_code: Optional[str] = None)pytezos.crypto.key.Key[source]

Creates a key object from a bip39 mnemonic.

Parameters
  • mnemonic – a 15 word bip39 english mnemonic

  • passphrase – a mnemonic password or a fundraiser key

  • email – email used if a fundraiser key is passed

  • validate – whether to check mnemonic or not

  • curve – b’sp’ for secp251k1, b’p2’ for P256/secp256r1, b’ed’ for Ed25519 (default)

  • activation_code – secret for initializing account balance

Return type

Key

classmethod from_public_point(public_point: bytes, curve: bytes = b'ed')pytezos.crypto.key.Key[source]

Creates a key object from a public elliptic point.

Parameters
classmethod from_secret_exponent(secret_exponent: bytes, curve=b'ed', activation_code=None)pytezos.crypto.key.Key[source]

Creates a key object from a secret exponent.

Parameters
  • secret_exponent – secret exponent or seed

  • curve – b’sp’ for Secp251k1, b’p2’ for P256/Secp256r1, b’ed’ for Ed25519 (default)

  • activation_code – secret for initializing account balance

classmethod generate(passphrase: str = '', curve: bytes = b'ed', strength: int = 128, language: str = 'english', export: bool = True)[source]

Generates new key.

Parameters
  • passphrase – optional password

  • curve – b’sp’ for secp251k1, b’p2’ for P256/secp256r1, b’ed’ for Ed25519 (default)

  • strength – mnemonic strength, default is 128

  • language – mnemonic language, default is english

  • export – export as json file in the current folder, default is True

Return type

Key

public_key()str[source]

Creates base58 encoded public key representation.

Returns

the public key associated with the private key

public_key_hash()str[source]

Creates base58 encoded public key hash for this key.

Returns

the public key hash for this key

secret_key(passphrase: Optional[Union[str, bytes]] = None, ed25519_seed: bool = True)[source]

Creates base58 encoded private key representation.

Parameters
  • passphrase – encryption phrase for the private key

  • ed25519_seed – encode seed rather than full key for ed25519 curve (True by default)

Returns

the secret key associated with this key, if available

sign(message: Union[str, bytes], generic: bool = False)[source]

Sign a raw sequence of bytes.

Parameters
  • message – sequence of bytes, raw format or hexadecimal notation

  • generic – do not specify elliptic curve if set to True

Returns

signature in base58 encoding

verify(signature: Union[str, bytes], message: Union[str, bytes])None[source]

Verify signature, raise exception if it is not valid.

Parameters
  • message – sequance of bytes, raw format or hexadecimal notation

  • signature – a signature in base58 encoding

Raises

ValueError if signature is not valid

pytezos.crypto.key.blake2b_32(v=b'')[source]

Get a BLAKE2B hash of bytes

Encoding

pytezos.crypto.encoding.base58_decode(v: bytes)bytes[source]

Decode data using Base58 with checksum + validate binary prefix against known kinds and cut in the end.

Parameters

v – Array of bytes (use string.encode())

Returns

bytes

pytezos.crypto.encoding.base58_encode(v: bytes, prefix: bytes)bytes[source]

Encode data using Base58 with checksum and add an according binary prefix in the end.

Parameters
  • v – Array of bytes

  • prefix – Human-readable prefix (use b’’) e.g. b’tz’, b’KT’, etc

Returns

bytes (use string.decode())

pytezos.crypto.encoding.is_address(v: Union[str, bytes])bool[source]

Check if value is a tz/KT address

pytezos.crypto.encoding.is_bh(v: Union[str, bytes])bool[source]

Check if value is a block hash.

pytezos.crypto.encoding.is_chain_id(v: Union[str, bytes])bool[source]

Check if value is a chain id.

pytezos.crypto.encoding.is_kt(v: Union[str, bytes])bool[source]

Check if value is a KT address.

pytezos.crypto.encoding.is_ogh(v)bool[source]

Check if value is an operation group hash.

pytezos.crypto.encoding.is_pkh(v: Union[str, bytes])bool[source]

Check if value is a public key hash.

pytezos.crypto.encoding.is_public_key(v: Union[str, bytes])bool[source]

Check if value is a public key.

pytezos.crypto.encoding.is_sig(v: Union[str, bytes])bool[source]

Check if value is a signature.

pytezos.crypto.encoding.validate_pkh(v: Union[str, bytes])[source]

Ensure parameter is a public key hash (starts with b’tz1’, b’tz2’, b’tz3’)

Parameters

v – string or bytes

Raises

ValueError – if parameter is not a public key hash

pytezos.crypto.encoding.validate_sig(v: Union[str, bytes])[source]

Ensure parameter is a signature (starts with b’edsig’, b’spsig’, b’p2sig’, b’sig’)

Parameters

v – string or bytes

Raises

ValueError – if parameter is not a signature