Skip to content

Secure key generation for deposits - With Azure Key Vault upload of signing key

License

Notifications You must be signed in to change notification settings

webthaumaturge/staking-deposit-cli-az-kv

 
 

Repository files navigation

staking-deposit-cli

GitPOAP Badge

Introduction

deposit-cli is a tool for creating EIP-2335 format BLS12-381 keystores and a corresponding deposit_data*.json file for Ethereum Staking Launchpad.

  • Warning: Please generate your keystores on your own safe, completely offline device.
  • Warning: Please backup your mnemonic, keystores, and password securely.

Please read Launchpad Validator FAQs before generating the keys.

You can find the audit report by Trail of Bits here.

Tutorial for users

Build requirements

For Linux or MacOS users

File Permissions

On Unix-based systems, keystores and the deposit_data*.json have 440/-r--r----- file permissions (user & group read only). This improves security by limiting which users and processes that have access to these files. If you are getting permission denied errors when handling your keystores, consider changing which user/group owns the file (with chown) or, if need be, change the file permissions with chmod.

Option 1. Download binary executable file

Step 1. Installation

See releases page to download and decompress the corresponding binary files.

Step 2. Create keys and deposit_data-*.json

Run the following command to enter the interactive CLI and generate keys from a new mnemonic:

./deposit new-mnemonic

or run the following command to enter the interactive CLI and generate keys from an existing:

./deposit existing-mnemonic
language Argument

The Launchpad offers many language/internationalization options. If you wish to select one as a CLI argument, it must be passed in before one of the commands is chosen.

Argument Type Description
--language String. Options: العربية, ελληνικά, English, Français, Bahasa melayu, Italiano, 日本語, 한국어, Português do Brasil, român, 简体中文. Default to English The language you wish to use the CLI in.
--non_interactive flag

Warning: with this flag, there will be no confirmation step(s) to verify the input value(s). Please use it carefully.

Argument Type Description
--non_interactive Flag Run CLI in non-interactive mode.
Commands

The CLI offers different commands depending on what you want to do with the tool.

Command Description
new-mnemonic (Recommended) This command is used to generate keystores with a new mnemonic.
existing-mnemonic This command is used to re-generate or derive new keys from your existing mnemonic. Use this command, if (i) you have already generated keys with this CLI before, (ii) you want to reuse your mnemonic that you know is secure that you generated elsewhere (reusing your eth1 mnemonic .etc), or (iii) you lost your keystores and need to recover your keys.
new-mnemonic Arguments

You can use new-mnemonic --help to see all arguments. Note that if there are missing arguments that the CLI needs, it will ask you for them.

Argument Type Description
--num_validators Non-negative integer The number of signing keys you want to generate. Note that the child key(s) are generated via the same master key.
--mnemonic_language String. Options: 简体中文, 繁體中文, český jazyk, English, Italiano, 한국어, Português, Español. Default to English The language of the mnemonic word list
--folder String. Pointing to ./validator_keys by default The folder path for the keystore(s) and deposit(s)
--chain String. mainnet by default The chain setting for the signing domain.
--execution_address (or --eth1_withdrawal_address) String. Eth1 address in hexadecimal encoded form If this field is set and valid, the given Eth1 address will be used to create the withdrawal credentials. Otherwise, it will generate withdrawal credentials with the mnemonic-derived withdrawal public key in ERC-2334 format.
existing-mnemonic Arguments

You can use existing-mnemonic --help to see all arguments. Note that if there are missing arguments that the CLI needs, it will ask you for them.

Argument Type Description
--validator_start_index Non-negative integer The index of the first validator's keys you wish to generate. If this is your first time generating keys with this mnemonic, use 0. If you have generated keys using this mnemonic before, use the next index from which you want to start generating keys from (eg, if you've generated 4 keys before (keys #0, #1, #2, #3), then enter 4 here.
--num_validators Non-negative integer The number of new signing keys you want to generate. Note that the child key(s) are generated via the same master key.
--folder String. Pointing to ./validator_keys by default The folder path for the keystore(s) and deposit(s)
--chain String. mainnet by default The chain setting for the signing domain.
--execution_address (or --eth1_withdrawal_address) String. Eth1 address in hexadecimal encoded form If this field is set and valid, the given Eth1 address will be used to create the withdrawal credentials. Otherwise, it will generate withdrawal credentials with the mnemonic-derived withdrawal public key in ERC-2334 format.
Successful message

You will see the following messages after successfully generated the keystore(s) and the deposit(s):

Creating your keys:               [####################################]  <N>/<N>
Creating your keystores:          [####################################]  <N>/<N>
Creating your depositdata:        [####################################]  <N>/<N>
Verifying your keystores:         [####################################]  <N>/<N>
Verifying your deposits:          [####################################]  <N>/<N>

Success!
Your keys can be found at: <YOUR_FOLDER_PATH>
generate-bls-to-execution-change Arguments

You can use bls-to-execution-change --help to see all arguments. Note that if there are missing arguments that the CLI needs, it will ask you for them.

Argument Type Description
--bls_to_execution_changes_folder String. Pointing to ./bls_to_execution_changes by default The folder path for the bls_to_execution_change-* JSON file(s)
--chain String. mainnet by default The chain setting for the signing domain.
--mnemonic String. mnemonic split by space. The mnemonic you used to create withdrawal credentials.
--mnemonic_password Optional string. Empty by default. The mnemonic password you used in your key generation. Note: It's not the keystore password.
--validator_start_index Non-negative integer The index position for the keys to start generating withdrawal credentials in ERC-2334 format.
--validator_indices String of integer(s) A list of the chosen validator index number(s) as identified on the beacon chain. Split multiple items with whitespaces or commas.
--bls_withdrawal_credentials_list String of hexstring(s). A list of the old BLS withdrawal credentials of the given validator(s). It is for confirming you are using the correct keys. Split multiple items with whitespaces or commas.
--execution_address (or --eth1_withdrawal_address) String. Eth1 address in hexadecimal encoded form If this field is set and valid, the given Eth1 address will be used to create the withdrawal credentials. Otherwise, it will generate withdrawal credentials with the mnemonic-derived withdrawal public key in ERC-2334 format.
--devnet_chain_setting String. JSON string '{"network_name": "<NETWORK_NAME>", "genesis_fork_version": "<GENESIS_FORK_VERSION>", "genesis_validator_root": "<GENESIS_VALIDATOR_ROOT>"}' The custom chain setting of a devnet or testnet. Note that it will override your --chain choice.

Option 2. Build deposit-cli with native Python

Step 0. Python version checking

Ensure you are using Python version >= Python3.8:

python3 -V
Step 1. Installation

Install the dependencies:

pip3 install -r requirements.txt
python3 setup.py install

Or use the helper script:

./deposit.sh install
Step 2. Create keys and deposit_data-*.json

Run one of the following command to enter the interactive CLI:

./deposit.sh new-mnemonic

or

./deposit.sh existing-mnemonic

You can also run the tool with optional arguments:

./deposit.sh new-mnemonic --num_validators=<NUM_VALIDATORS> --mnemonic_language=english --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
./deposit.sh existing-mnemonic --num_validators=<NUM_VALIDATORS> --validator_start_index=<START_INDEX> --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
Language Argument

See here for --language arguments.

Commands

See here

Arguments

See here for new-mnemonic arguments See here for existing-mnemonic arguments See here for generate-bls-to-execution-change arguments

Successful message

See here

Option 3. Build deposit-cli with virtualenv

Step 0. Python version checking

Ensure you are using Python version >= Python3.8:

python3 -V
Step 1. Installation

For the virtualenv users, you can create a new venv:

pip3 install virtualenv
virtualenv venv
source venv/bin/activate

and install the dependencies:

python3 setup.py install
pip3 install -r requirements.txt
Step 2. Create keys and deposit_data-*.json

Run one of the following command to enter the interactive CLI:

python3 ./staking_deposit/deposit.py new-mnemonic

or

python3 ./staking_deposit/deposit.py existing-mnemonic

You can also run the tool with optional arguments:

python3 ./staking_deposit/deposit.py new-mnemonic --num_validators=<NUM_VALIDATORS> --mnemonic_language=english --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
python3 ./staking_deposit/deposit.py existing-mnemonic --num_validators=<NUM_VALIDATORS> --validator_start_index=<START_INDEX> --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
Language Argument

See here for --language arguments.

Commands

See here

Arguments

See here for new-mnemonic arguments See here for existing-mnemonic arguments See here for generate-bls-to-execution-change arguments

Option 4. Use Docker image

Step 1. Build the docker image

Run the following command to locally build the docker image:

make build_docker
Step 2. Create keys and deposit_data-*.json

Run the following command to enter the interactive CLI:

docker run -it --rm -v $(pwd)/validator_keys:/app/validator_keys ethereum/staking-deposit-cli

You can also run the tool with optional arguments:

docker run -it --rm -v $(pwd)/validator_keys:/app/validator_keys ethereum/staking-deposit-cli new-mnemonic --num_validators=<NUM_VALIDATORS> --mnemonic_language=english --folder=<YOUR_FOLDER_PATH>

Example for 1 validator on the Prater testnet using english:

docker run -it --rm -v $(pwd)/validator_keys:/app/validator_keys ethereum/staking-deposit-cli new-mnemonic --num_validators=1 --mnemonic_language=english --chain=prater
Arguments

See here

Successful message

See here


For Windows users

Option 1. Download binary executable file

Step 1. Installation

See releases page to download and decompress the corresponding binary files.

Step 2. Create keys and deposit_data-*.json

Run one of the following command to enter the interactive CLI:

deposit.exe new-mnemonic

or

deposit.exe existing-mnemonic

You can also run the tool with optional arguments:

deposit.exe new-mnemonic --num_validators=<NUM_VALIDATORS> --mnemonic_language=english --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
deposit.exe existing-mnemonic --num_validators=<NUM_VALIDATORS> --validator_start_index=<START_INDEX> --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
Language Argument

See here for --language arguments.

Commands

See here

Arguments

See here for new-mnemonic arguments See here for existing-mnemonic arguments See here for generate-bls-to-execution-change arguments

Option 2. Build deposit-cli with native Python

Step 0. Python version checking

Ensure you are using Python version >= Python3.8 (Assume that you've installed Python 3 as the main Python):

python -V
Step 1. Installation

Install the dependencies:

pip3 install -r requirements.txt
python setup.py install

Or use the helper script:

sh deposit.sh install
Step 2. Create keys and deposit_data-*.json

Run one of the following command to enter the interactive CLI:

./deposit.sh new-mnemonic

or

./deposit.sh existing-mnemonic

You can also run the tool with optional arguments:

./deposit.sh new-mnemonic --num_validators=<NUM_VALIDATORS> --mnemonic_language=english --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
./deposit.sh existing-mnemonic --num_validators=<NUM_VALIDATORS> --validator_start_index=<START_INDEX> --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
Language Argument

See here for --language arguments.

Commands

See here

Arguments

See here for new-mnemonic arguments See here for existing-mnemonic arguments See here for generate-bls-to-execution-change arguments

Option 3. Build deposit-cli with virtualenv

Step 0. Python version checking

Ensure you are using Python version >= Python3.8 (Assume that you've installed Python 3 as the main Python):

python -V
Step 1. Installation

For the virtualenv users, you can create a new venv:

pip3 install virtualenv
virtualenv venv
.\venv\Scripts\activate

and install the dependencies:

python setup.py install
pip3 install -r requirements.txt
Step 2. Create keys and deposit_data-*.json

Run one of the following command to enter the interactive CLI:

python .\staking_deposit\deposit.py new-mnemonic

or

python .\staking_deposit\deposit.py existing-mnemonic

You can also run the tool with optional arguments:

python .\staking_deposit\deposit.py new-mnemonic --num_validators=<NUM_VALIDATORS> --mnemonic_language=english --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
python .\staking_deposit\deposit.pyexisting-mnemonic --num_validators=<NUM_VALIDATORS> --validator_start_index=<START_INDEX> --chain=<CHAIN_NAME> --folder=<YOUR_FOLDER_PATH>
Language Argument

See here for --language arguments.

Commands

See here

Arguments

See here for new-mnemonic arguments See here for existing-mnemonic arguments See here for generate-bls-to-execution-change arguments

Development

Install basic requirements

python3 -m pip install -r requirements.txt
python3 setup.py install

Install testing requirements

python3 -m pip install -r requirements_test.txt

Run tests

python3 -m pytest .

Building Binaries

Developers Only

Mac M1 Binaries

👋This is not the section you are looking for.👋 If you are trying to build the binary on macos with an M1 Mac and you are using pyenv to manage your python version. You'll probably need to reinstall a given python version using:

env PYTHON_CONFIGURE_OPTS="--enable-framework" pyenv install 3.10.3

About

Secure key generation for deposits - With Azure Key Vault upload of signing key

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 97.9%
  • Makefile 1.3%
  • Other 0.8%