User Rating 0.0 ★★★★★

Total Usage 0 times

Category Crypto & Mining

Private Key (hex, optional — leave blank for random) 64 hex characters. If empty, a cryptographically random key is generated.

Passphrase

PBKDF2 Iterations Default: 262144. Lower values are faster but less secure.

Generated Keystore

Is this tool helpful?

Your feedback helps us improve.

★ ★ ★ ★ ★

About

An Ethereum V3 keystore file encrypts a private key using a passphrase-derived symmetric key. The standard (defined in Web3 Secret Storage) combines PBKDF2 key derivation with AES-128-CTR cipher and HMAC-SHA256 message authentication. A weak passphrase or corrupted keystore means permanent, irrecoverable loss of funds. This tool performs real cryptographic operations entirely in your browser using the Web Crypto API and a pure-JavaScript Keccak-256 implementation for Ethereum address derivation. No data leaves your machine. Limitation: this tool uses PBKDF2 exclusively. Native Scrypt is unavailable in Web Crypto; if your workflow requires Scrypt-based keystores, use a dedicated node environment.

Formulas

The keystore generation pipeline follows three stages: key derivation, encryption, and MAC computation.

dk = PBKDF2(passphrase, salt, c, dklen, HMAC-SHA256)

where dk is the derived key of length dklen = 32 bytes, c is the iteration count, and salt is 32 random bytes.

ciphertext = AES-128-CTR(dk[0..16], iv, privateKey)

The encryption key is the first 16 bytes of dk. The iv is 16 random bytes.

mac = Keccak-256(dk[16..32] || ciphertext)

The MAC ensures integrity. During recovery, the MAC is recomputed and compared. A mismatch indicates wrong passphrase or corrupted data.

address = Keccak-256(pubKey)[12..32]

where pubKey is the 64-byte uncompressed public key (without the 0x04 prefix) derived from elliptic curve point multiplication G × privateKey on the secp256k1 curve.

Reference Data

Parameter	V3 Keystore Default	Description
KDF	PBKDF2	Key derivation function
KDF Iterations (c)	262144	PBKDF2 iteration count. Higher = slower brute-force
Derived Key Length (dklen)	32 bytes	Output length of derived key
PRF	HMAC-SHA256	Pseudo-random function for PBKDF2
Cipher	AES-128-CTR	Symmetric encryption algorithm
Cipher Key Length	16 bytes	First 16 bytes of derived key
IV Length	16 bytes	Initialization vector for CTR mode
MAC Input	dk[16..32] \|\| ciphertext	Last 16 bytes of derived key concatenated with ciphertext
MAC Hash	Keccak-256	Integrity check hash
Address Hash	Keccak-256	Last 20 bytes of hash of uncompressed public key (no 0x04 prefix)
Private Key Length	32 bytes (64 hex chars)	secp256k1 scalar
Public Key (Uncompressed)	64 bytes (128 hex chars)	X and Y coordinates on secp256k1 curve
Salt Length	32 bytes	Random salt for KDF
UUID Version	v4	Random UUID for keystore ID
Keystore Version	3	Web3 Secret Storage version
Min Passphrase (recommended)	≥ 12 chars	Shorter passphrases are vulnerable to dictionary attacks
secp256k1 Order (n)	FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141	Curve order; private key must be in [1, n − 1]
secp256k1 Prime (p)	FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F	Field prime for coordinate arithmetic

Frequently Asked Questions

PBKDF2 with 262144 iterations is intentionally slow. This is a security feature: it makes brute-force attacks against your passphrase computationally expensive. Reducing iterations speeds up generation but weakens security proportionally. The operation runs in a Web Worker to keep the UI responsive.

Funds are permanently inaccessible. There is no recovery mechanism in Ethereum. The keystore is the encrypted container of your private key. Without either artifact, the corresponding account is unreachable. Always store backups in separate physical locations.

All cryptographic operations execute locally in your browser. No data is transmitted. However, browser environments carry inherent risks: malicious extensions, clipboard sniffers, and screen capture. For high-value accounts, use an air-gapped machine or a hardware wallet. This tool is best suited for development, testing, and educational purposes.

The Web Crypto API does not expose a Scrypt primitive. Implementing Scrypt in pure JavaScript is feasible but extremely slow - often 10-30 seconds for standard parameters (N = 131072, r = 8, p = 1). PBKDF2 with sufficient iterations provides comparable security for most use cases and benefits from hardware-accelerated Web Crypto.

No. This tool only supports PBKDF2-based keystores. If the keystore JSON shows "kdf": "scrypt", you need a tool with Scrypt support. Attempting recovery here will produce a clear error indicating the unsupported KDF.

During recovery, PBKDF2 derives a key from the provided passphrase and stored salt. The last 16 bytes of this derived key are concatenated with the stored ciphertext, then hashed via Keccak-256. If this computed MAC differs from the stored MAC, either the passphrase is wrong or the file is corrupted. The tool reports this as a MAC mismatch error.