cardano-addresses
cardano-addresses copied to clipboard
IntersectMBO
Generate normal (non-extended keys)
With the following command I can easily generate normal (non-extended) signing/verification keys:
#cardano-cli address key-gen --verification-key-file test.vkey --signing-key-file test.skey
The result signing file looks like: { “type”: “PaymentSigningKeyShelley_ed25519”, “description”: “Payment Signing Key”, “cborHex”: “58205603938b6f6fa9acd09b692126fxxxxxxxx865c81f7ca1ddcb40b5d41xxxxxx” }
Verification key file also contains a non-extended public key.
So this is a simple signing/verification key, what I can use PyNaCl library without any problems.
How can I generate similar normal (non extended) signing/verifying keys with Cardano-addresses?
I cannot find any way to generate non-extended keys from menemonic/derivation.
hi! I created PR adding the above to the documentation -> https://github.com/input-output-hk/cardano-addresses/pull/143 I hope it answers your questions
Thanks for the explanation, but I still have a problem. In the latest step in your document:
Producing cborhash,
$ cardano-address key child 1852H/1815H/0H/0/0 --without-chain-code < root.xprv | bech32
b0bf46232c7f0f58ad333030e43ffbea7c2bb6f8135bd05fb0d343ade8453c5eacc7ac09f77e16b635832522107eaa9f56db88c615f537aa6025e6c23da98ae8
(just signing key)
So the result is NOT a signing key, this is an extended signing key, because it is 128 bytes long. The normal signing keys (generated with cardano-cli by default) is 64 bytes long, and this is the only way to sign transactions with PyNaCl library.
Is there any way to generate normal (non-extended) private key with cardano addresses?
So below is signing key + chain code (64+32=96 bytes):
$ cardano-address key child 1852H/1815H/0H/0/0 --with-chain-code < root.xprv | bech32
b0bf46232c7f0f58ad333030e43ffbea7c2bb6f8135bd05fb0d343ade8453c5eacc7ac09f77e16b635832522107eaa9f56db88c615f537aa6025e6c23da98ae8b0be1868d1c36ef9089b3b094f5fe1d783e4d5fea14e2034c0397bee50e65a1a
And below it is just signing key (64 bytes):
cardano-address key child 1852H/1815H/0H/0/0 --without-chain-code < root.xprv | bech32
b0bf46232c7f0f58ad333030e43ffbea7c2bb6f8135bd05fb0d343ade8453c5eacc7ac09f77e16b635832522107eaa9f56db88c615f537aa6025e6c23da98ae8
Please use this branch to have it : https://github.com/input-output-hk/cardano-addresses/pull/134 We are going to support extended, non-extended private keys, with/without chain code (not so straightforward like for public keys) in the future. Private keys with/without chain code change is not released though.
Is there any way to generate normal (non-extended) private key with cardano addresses?
No. Not at the moment. cardano-addresses is specifically designed to work with key derivation and extended keys.
edit: As Pawel pointed above, there's ongoing work to extend support to non-extended keys in cardano-addresses and reduce the incompatibility surface with cardano-cli, but this isn't available at the moment.
And below it is just signing key (64 bytes):
Sorry I totally confused the key length. So the normal signing key (I guess) should be 32 bytes long (64 bytes in hex encoded). If you check Cardano-cli key-gen, that also generates 32 bytes long normal secret keys (by default).
The reason why I need it: in my project we are develop an automated transaction signing service in python. We are using the PyNaCl library to sign the transactions.
signature = SigningKey(sk, encoder=HexEncoder).sign(bytes.fromhex(hexbytes))
PyNaCl is only supports 32 bytes (128 bits) long normal signing keys. source: https://pynacl.readthedocs.io/en/latest/signing/#nacl.signing.SigningKey
With cardano-cli generated signing key, I can sign and submit Cardano transactions. Although I cannot sign transactions with Cardano addresses generated extended signing keys (64 bytes long). If I just try to use the first 32 bytes, I got the following error when try to submit tx: ApplyTxError [LedgerFailure (UtxowFailure (InvalidWitnessesUTXOW [VKey (VerKeyEd25519DSIGN (PublicKey
So somehow I need a find a way to generate normal (non-extended) 32 bytes long signatures + verification keys...