Cryptography

Keys and signatures

class pytezos.crypto.key.Key(public_point: bytes, secret_exponent: bytes | None = None, curve: bytes = b'ed', activation_code: str | None = None)[source]

Represents a public or secret key for Tezos. Ed25519, Secp256k1 and P256 are supported.

blinded_public_key_hash = <function Key.blinded_public_key_hash> Creates base58 encoded commitment out of activation code (required) and public key hash :return: blinded public key hash [source]

classmethod from_alias(alias: str, passphrase: str | bytes | None = None, tezos_client_dir: str = '~/.tezos-client') → Key[source]

Import secret key from tezos-client keychain.

Parameters:

alias – key alias
passphrase – if key is encrypted (optional)
tezos_client_dir – path to the tezos client directory (default is ~/.tezos-client)

Return type:

Key

classmethod from_encoded_key(key: str | bytes, passphrase: str | bytes | None = None) → Key[source]

Creates a key object from a base58 encoded key.

Parameters:

key – a public or secret key in base58 encoding
passphrase – the passphrase used if the key provided is an encrypted private key, if not set value from from PYTEZOS_PASSPHRASE env variable will be used or promted dynamically

classmethod from_faucet(source: str | dict) → Key[source]

Import key from a faucet file: https://teztnets.xyz/

Parameters:: source – path to the json file
Return type:: Key

classmethod from_mnemonic(mnemonic: List[str] | str, passphrase: str = '', email: str = '', validate: bool = True, curve: bytes = b'ed', activation_code: str | None = None, language: str = 'english') → Key[source]

Creates a key object from a bip39 mnemonic.

Parameters:

mnemonic – a 15 word bip39 english mnemonic
passphrase – a mnemonic password or a fundraiser key
email – email used if a fundraiser key is passed
validate – whether to check mnemonic or not
curve – b’sp’ for secp251k1, b’p2’ for P256/secp256r1, b’ed’ for Ed25519 (default)
activation_code – secret for initializing account balance
language – The English label for the language of the mnemonic. This is needed for validation

Return type:

Key

classmethod from_public_point(public_point: bytes, curve: bytes = b'ed') → Key[source]

Creates a key object from a public elliptic point.

Parameters:

public_point – elliptic point in the compressed format (see https://tezos.stackexchange.com/a/623/309)
curve – b’sp’ for secp251k1, b’p2’ for P256/secp256r1, b’ed’ for Ed25519 (default)

classmethod from_secret_exponent(secret_exponent: bytes, curve=b'ed', activation_code=None) → Key[source]

Creates a key object from a secret exponent.

Parameters:

secret_exponent – secret exponent or seed
curve – b’sp’ for Secp251k1, b’p2’ for P256/Secp256r1, b’ed’ for Ed25519 (default)
activation_code – secret for initializing account balance

classmethod generate(passphrase: str = '', curve: bytes = b'ed', strength: int = 128, language: str = 'english', export: bool = True)[source]

Generates new key.

Parameters:

passphrase – optional password
curve – b’sp’ for secp251k1, b’p2’ for P256/secp256r1, b’ed’ for Ed25519 (default)
strength – mnemonic strength, default is 128
language – mnemonic language, default is english
export – export as json file in the current folder, default is True

Return type:

Key

public_key = <function Key.public_key> Creates base58 encoded public key representation. :returns: the public key associated with the private key [source]

public_key_hash = <function Key.public_key_hash> Creates base58 encoded public key hash for this key. :returns: the public key hash for this key [source]

secret_key = <function Key.secret_key> Creates base58 encoded private key representation. :param passphrase: encryption phrase for the private key :param ed25519_seed: encode seed rather than full key for ed25519 curve (True by default) :returns: the secret key associated with this key, if available [source]

sign = <function Key.sign> Sign a raw sequence of bytes. :param message: sequence of bytes, raw format or hexadecimal notation :param generic: do not specify elliptic curve if set to True :returns: signature in base58 encoding [source]

verify = <function Key.verify> Verify signature, raise exception if it is not valid. :param message: sequance of bytes, raw format or hexadecimal notation :param signature: a signature in base58 encoding :raises: ValueError if signature is not valid :returns: True if signature is valid [source]

pytezos.crypto.key.blake2b_32(v=b'')[source]: Get a BLAKE2B hash of bytes

Encoding

pytezos.crypto.encoding.base58_decode(v: bytes) → bytes[source]

Decode data using Base58 with checksum + validate binary prefix against known kinds and cut in the end.

Parameters:: v – Array of bytes (use string.encode())
Returns:: bytes

pytezos.crypto.encoding.base58_encode(v: bytes, prefix: bytes) → bytes[source]

Encode data using Base58 with checksum and add an according binary prefix in the end.

Parameters:

v – Array of bytes
prefix – Human-readable prefix (use b’’) e.g. b’tz’, b’KT’, etc

Returns:

bytes (use string.decode())

pytezos.crypto.encoding.is_address(v: str | bytes) → bool[source]: Check if value is a tz/KT address

pytezos.crypto.encoding.is_bh(v: str | bytes) → bool[source]: Check if value is a block hash.

pytezos.crypto.encoding.is_chain_id(v: str | bytes) → bool[source]: Check if value is a chain id.

pytezos.crypto.encoding.is_kt(v: str | bytes) → bool[source]: Check if value is a KT address.

pytezos.crypto.encoding.is_l2_pkh(v: str | bytes) → bool[source]: Check if value is an L2 public key hash.

pytezos.crypto.encoding.is_ogh(v) → bool[source]: Check if value is an operation group hash.

pytezos.crypto.encoding.is_pkh(v: str | bytes) → bool[source]: Check if value is a public key hash.

pytezos.crypto.encoding.is_public_key(v: str | bytes) → bool[source]: Check if value is a public key.

pytezos.crypto.encoding.is_sig(v: str | bytes) → bool[source]: Check if value is a signature.

pytezos.crypto.encoding.is_sr(v: str | bytes) → bool[source]: Check if value is a smart rollup address.

pytezos.crypto.encoding.is_txr_address(v: str | bytes) → bool[source]: Check if value is a txr1 address

pytezos.crypto.encoding.validate_l2_pkh(v: str | bytes)[source]

Ensure parameter is a L2 public key hash (starts with b’txr1’)

Parameters:: v – string or bytes
Raises:: ValueError – if parameter is not a public key hash

pytezos.crypto.encoding.validate_pkh(v: str | bytes)[source]

Ensure parameter is a public key hash (starts with b’tz1’, b’tz2’, b’tz3’)

Parameters:: v – string or bytes
Raises:: ValueError – if parameter is not a public key hash

pytezos.crypto.encoding.validate_sig(v: str | bytes)[source]

Ensure parameter is a signature (starts with b’edsig’, b’spsig’, b’p2sig’, b’sig’)

Parameters:: v – string or bytes
Raises:: ValueError – if parameter is not a signature