Cryptography

Keys and signatures

class pytezos.crypto.key.Key(public_point: bytes, secret_exponent: bytes | None = None, curve: bytes = b'ed', activation_code: str | None = None)[source]

Represents a public or secret key for Tezos. Ed25519, Secp256k1 and P256 are supported.

blinded_public_key_hash = <function Key.blinded_public_key_hash> Creates base58 encoded commitment out of activation code (required) and public key hash  :return: blinded public key hash [source]
classmethod from_alias(alias: str, passphrase: str | bytes | None = None, tezos_client_dir: str = '~/.tezos-client') Key[source]

Import secret key from tezos-client keychain.

Parameters:
  • alias – key alias

  • passphrase – if key is encrypted (optional)

  • tezos_client_dir – path to the tezos client directory (default is ~/.tezos-client)

Return type:

Key

classmethod from_encoded_key(key: str | bytes, passphrase: str | bytes | None = None) Key[source]

Creates a key object from a base58 encoded key.

Parameters:
  • key – a public or secret key in base58 encoding

  • passphrase – the passphrase used if the key provided is an encrypted private key, if not set value from from PYTEZOS_PASSPHRASE env variable will be used or promted dynamically

classmethod from_faucet(source: str | dict) Key[source]

Import key from a faucet file: https://teztnets.xyz/

Parameters:

source – path to the json file

Return type:

Key

classmethod from_mnemonic(mnemonic: List[str] | str, passphrase: str = '', email: str = '', validate: bool = True, curve: bytes = b'ed', activation_code: str | None = None, language: str = 'english') Key[source]

Creates a key object from a bip39 mnemonic.

Parameters:
  • mnemonic – a 15 word bip39 english mnemonic

  • passphrase – a mnemonic password or a fundraiser key

  • email – email used if a fundraiser key is passed

  • validate – whether to check mnemonic or not

  • curve – b’sp’ for secp251k1, b’p2’ for P256/secp256r1, b’ed’ for Ed25519 (default)

  • activation_code – secret for initializing account balance

  • language – The English label for the language of the mnemonic. This is needed for validation

Return type:

Key

classmethod from_public_point(public_point: bytes, curve: bytes = b'ed') Key[source]

Creates a key object from a public elliptic point.

Parameters:
classmethod from_secret_exponent(secret_exponent: bytes, curve=b'ed', activation_code=None) Key[source]

Creates a key object from a secret exponent.

Parameters:
  • secret_exponent – secret exponent or seed

  • curve – b’sp’ for Secp251k1, b’p2’ for P256/Secp256r1, b’ed’ for Ed25519 (default)

  • activation_code – secret for initializing account balance

classmethod generate(passphrase: str = '', curve: bytes = b'ed', strength: int = 128, language: str = 'english', export: bool = True)[source]

Generates new key.

Parameters:
  • passphrase – optional password

  • curve – b’sp’ for secp251k1, b’p2’ for P256/secp256r1, b’ed’ for Ed25519 (default)

  • strength – mnemonic strength, default is 128

  • language – mnemonic language, default is english

  • export – export as json file in the current folder, default is True

Return type:

Key

public_key = <function Key.public_key> Creates base58 encoded public key representation.  :returns: the public key associated with the private key [source]
public_key_hash = <function Key.public_key_hash> Creates base58 encoded public key hash for this key.  :returns: the public key hash for this key [source]
secret_key = <function Key.secret_key> Creates base58 encoded private key representation.  :param passphrase: encryption phrase for the private key :param ed25519_seed: encode seed rather than full key for ed25519 curve (True by default) :returns: the secret key associated with this key, if available [source]
sign = <function Key.sign> Sign a raw sequence of bytes.  :param message: sequence of bytes, raw format or hexadecimal notation :param generic: do not specify elliptic curve if set to True :returns: signature in base58 encoding [source]
verify = <function Key.verify> Verify signature, raise exception if it is not valid.  :param message: sequance of bytes, raw format or hexadecimal notation :param signature: a signature in base58 encoding :raises: ValueError if signature is not valid :returns: True if signature is valid [source]
pytezos.crypto.key.blake2b_32(v=b'')[source]

Get a BLAKE2B hash of bytes

Encoding

pytezos.crypto.encoding.base58_decode(v: bytes) bytes[source]

Decode data using Base58 with checksum + validate binary prefix against known kinds and cut in the end.

Parameters:

v – Array of bytes (use string.encode())

Returns:

bytes

pytezos.crypto.encoding.base58_encode(v: bytes, prefix: bytes) bytes[source]

Encode data using Base58 with checksum and add an according binary prefix in the end.

Parameters:
  • v – Array of bytes

  • prefix – Human-readable prefix (use b’’) e.g. b’tz’, b’KT’, etc

Returns:

bytes (use string.decode())

pytezos.crypto.encoding.is_address(v: str | bytes) bool[source]

Check if value is a tz/KT address

pytezos.crypto.encoding.is_bh(v: str | bytes) bool[source]

Check if value is a block hash.

pytezos.crypto.encoding.is_chain_id(v: str | bytes) bool[source]

Check if value is a chain id.

pytezos.crypto.encoding.is_kt(v: str | bytes) bool[source]

Check if value is a KT address.

pytezos.crypto.encoding.is_l2_pkh(v: str | bytes) bool[source]

Check if value is an L2 public key hash.

pytezos.crypto.encoding.is_ogh(v) bool[source]

Check if value is an operation group hash.

pytezos.crypto.encoding.is_pkh(v: str | bytes) bool[source]

Check if value is a public key hash.

pytezos.crypto.encoding.is_public_key(v: str | bytes) bool[source]

Check if value is a public key.

pytezos.crypto.encoding.is_sig(v: str | bytes) bool[source]

Check if value is a signature.

pytezos.crypto.encoding.is_sr(v: str | bytes) bool[source]

Check if value is a smart rollup address.

pytezos.crypto.encoding.is_txr_address(v: str | bytes) bool[source]

Check if value is a txr1 address

pytezos.crypto.encoding.validate_l2_pkh(v: str | bytes)[source]

Ensure parameter is a L2 public key hash (starts with b’txr1’)

Parameters:

v – string or bytes

Raises:

ValueError – if parameter is not a public key hash

pytezos.crypto.encoding.validate_pkh(v: str | bytes)[source]

Ensure parameter is a public key hash (starts with b’tz1’, b’tz2’, b’tz3’)

Parameters:

v – string or bytes

Raises:

ValueError – if parameter is not a public key hash

pytezos.crypto.encoding.validate_sig(v: str | bytes)[source]

Ensure parameter is a signature (starts with b’edsig’, b’spsig’, b’p2sig’, b’sig’)

Parameters:

v – string or bytes

Raises:

ValueError – if parameter is not a signature