bitcoin-s/docs/key-manager/key-manager.html

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><title>Key Manager · bitcoin-s</title><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta name="generator" content="Docusaurus"/><meta name="description" content="### Key Manager"/><meta name="docsearch:version" content="1.9.10"/><meta name="docsearch:language" content="en"/><meta property="og:title" content="Key Manager · bitcoin-s"/><meta property="og:type" content="website"/><meta property="og:url" content="https://bitcoin-s.org/"/><meta property="og:description" content="### Key Manager"/><meta property="og:image" content="https://bitcoin-s.org/img/undraw_online.svg"/><meta name="twitter:card" content="summary"/><meta name="twitter:image" content="https://bitcoin-s.org/img/undraw_tweetstorm.svg"/><link rel="shortcut icon" href="/img/favicon.ico"/><link rel="stylesheet" href="https://cdn.jsdelivr.net/docsearch.js/1/docsearch.min.css"/><link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/default.min.css"/><script>
              (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
              (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
              m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
              })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

              ga('create', 'UA-61958686-2', 'auto');
              ga('send', 'pageview');
            </script><link rel="stylesheet" href="/css/code-block-buttons.css"/><script type="text/javascript" src="https://buttons.github.io/buttons.js"></script><script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.0/clipboard.min.js"></script><script type="text/javascript" src="https://fonts.googleapis.com/css?family=Montserrat:500"></script><script type="text/javascript" src="https://www.googletagmanager.com/gtag/js?id=UA-61958686-2"></script><script type="text/javascript" src="/js/code-block-buttons.js"></script><script src="/js/scrollSpy.js"></script><link rel="stylesheet" href="/css/main.css"/><script src="/js/codetabs.js"></script></head><body class="sideNavVisible separateOnPageNav"><div class="fixedHeaderContainer"><div class="headerWrapper wrapper"><header><a href="/"><img class="logo" src="/img/favicon.ico" alt="bitcoin-s"/><h2 class="headerTitleWithLogo">bitcoin-s</h2></a><a href="/versions"><h3>1.9.10</h3></a><div class="navigationWrapper navigationSlider"><nav class="slidingNav"><ul class="nav-site nav-site-internal"><li class="siteNavGroupActive"><a href="/docs/core/core-intro" target="_self">Docs</a></li><li class=""><a href="/download" target="_self">Download</a></li><li class=""><a href="/api/org/bitcoins" target="_self">API</a></li><li class=""><a href="/help" target="_self">Help</a></li><li class="navSearchWrapper reactNavSearchWrapper"><input type="text" id="search_input_react" placeholder="Search" title="Search"/></li></ul></nav></div></header></div></div><div class="navPusher"><div class="docMainWrapper wrapper"><div class="docsNavContainer" id="docsNav"><nav class="toc"><div class="toggleNav"><section class="navWrapper wrapper"><div class="navBreadcrumb wrapper"><div class="navToggle" id="navToggler"><div class="hamburger-menu"><div class="line1"></div><div class="line2"></div><div class="line3"></div></div></div><h2><i>›</i><span>Key Manager</span></h2><div class="tocToggler" id="tocToggler"><i class="icon-toc"></i></div></div><div class="navGroups"><div class="navGroup"><h3 class="navGroupCategoryTitle">Getting Started</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/getting-started">Intro and Getting Started</a></li><li class="navListItem"><a class="navItem" href="/docs/bips">Supported BIPs</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Getting Setup</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/getting-setup">Getting Bitcoin-S installed on your machine</a></li><li class="navListItem"><a class="navItem" href="/docs/ui-setup">Installing the DLC Wallet UI</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Applications</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/applications/cli">CLI</a></li><li class="navListItem"><a class="navItem" href="/docs/applications/server">Application Server</a></li><li class="navListItem"><a class="navItem" href="/docs/applications/gui">GUI</a></li><li class="navListItem"><a class="navItem" href="/docs/applications/server-systemd">Systemd installation</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Chain</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/chain/chain">Blockchain Verification</a></li><li class="navListItem"><a class="navItem" href="/docs/chain/filter-sync">Syncing Blockfilters</a></li><li class="navListItem"><a class="navItem" href="/docs/chain/chain-query-api">Chain Query API</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Configuration</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/config/configuration">Application Configuration</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Core Module</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/core/core-intro">Core Module</a></li><li class="navListItem"><a class="navItem" href="/docs/core/addresses">Generating Addresses</a></li><li class="navListItem"><a class="navItem" href="/docs/core/hd-keys">
            var coll = document.getElementsByClassName('collapsible');
            var checkActiveCategory = true;
            for (var i = 0; i < coll.length; i++) {
              var links = coll[i].nextElementSibling.getElementsByTagName('*');
              if (checkActiveCategory){
                for (var j = 0; j < links.length; j++) {
                  if (links[j].classList.contains('navListItemActive')){
                    coll[i].nextElementSibling.classList.toggle('hide');
                    coll[i].childNodes[1].classList.toggle('rotate');
                    checkActiveCategory = false;
                    break;
                  }
                }
              }

              coll[i].addEventListener('click', function() {
                var arrow = this.childNodes[1];
                arrow.classList.toggle('rotate');
                var content = this.nextElementSibling;
                content.classList.toggle('hide');
              });
            }

            document.addEventListener('DOMContentLoaded', function() {
              createToggler('#navToggler', '#docsNav', 'docsSliderActive');
              createToggler('#tocToggler', 'body', 'tocActive');

              var headings = document.querySelector('.toc-headings');
              headings && headings.addEventListener('click', function(event) {
                var el = event.target;
                while(el !== headings){
                  if (el.tagName === 'A') {
                    document.body.classList.remove('tocActive');
                    break;
                  } else{
                    el = el.parentNode;
                  }
                }
              }, false);

              function createToggler(togglerSelector, targetSelector, className) {
                var toggler = document.querySelector(togglerSelector);
                var target = document.querySelector(targetSelector);

                if (!toggler) {
                  return;
                }

                toggler.onclick = function(event) {
                  event.preventDefault();

                  target.classList.toggle(className);
                };
              }
            });
        </script></nav></div><div class="container mainContainer docsContainer"><div class="wrapper"><div class="post"><header class="postHeader"><a class="edit-page-link button" href="https://github.com/bitcoin-s/bitcoin-s/blob/master/docs/key-manager/key-manager.md" target="_blank" rel="noreferrer noopener">Edit</a><h1 id="__docusaurus" class="postHeaderTitle">Key Manager</h1></header><article><div><span><h3><a class="anchor" aria-hidden="true" id="key-manager"></a><a href="#key-manager" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Key Manager</h3>
<p>The key manager module's goal is to encapsulate all private key interactions with the <a href="/docs/wallet/wallet">wallet</a> project.</p>
<p>As of this writing, there is only one type of <code>KeyManager</code> - <a href="/api/org/bitcoins/keymanager/bip39/BIP39KeyManager"><code>BIP39KeyManager</code></a>.</p>
<p>The <a href="/api/org/bitcoins/keymanager/bip39/BIP39KeyManager"><code>BIP39KeyManager</code></a> stores a <a href="/api/org/bitcoins/core/crypto/MnemonicCode"><code>MnemonicCode</code></a> on disk which can be decrypted and used as a hot wallet.</p>
<p>Over the long run, we want to make it so that the wallet project needs to communicate with the key-manager to access private keys.</p>
<p>This means that ALL SIGNING should be done inside of the key-manager, and private keys should not leave the key manager.</p>
<p>This makes it easier to reason about the security characteristics of our private keys, and a way to provide a uniform interface for alternative key storage systems (hsm, cloud based key storage, etc) to be plugged into the bitcoin-s library.</p>
<h4><a class="anchor" aria-hidden="true" id="creating-a-key-manager"></a><a href="#creating-a-key-manager" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Creating a key manager</h4>
<p>The first thing you need create a key manager is some entropy.</p>
<p>A popular way for bitcoin wallet's to represent entropy is <a href="https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki">BIP39</a> which you <a href="/api/org/bitcoins/core/crypto/BIP39Seed">can use in bitcoin-s</a></p>
<p>You can generate a <code>MnemonicCode</code> in bitcoin-s with the following code</p>
<pre><code class="hljs css language-scala"><span class="hljs-keyword">import</span> org.bitcoins.core.crypto._

<span class="hljs-comment">//get 256 bits of random entropy</span>
<span class="hljs-keyword">val</span> entropy = <span class="hljs-type">MnemonicCode</span>.getEntropy256Bits
<span class="hljs-comment">// entropy: scodec.bits.BitVector = BitVector(256 bits, 0x9ba4b4807f51e44896476132619b17344aa9ca6e557c3546f030b85be97ebac4)</span>

<span class="hljs-keyword">val</span> mnemonic = <span class="hljs-type">MnemonicCode</span>.fromEntropy(entropy)
<span class="hljs-comment">// mnemonic: MnemonicCode = Masked(MnemonicCodeImpl)</span>

<span class="hljs-comment">//you can print that mnemonic seed with this</span>
println(mnemonic.words)
<span class="hljs-comment">// Vector(option, certain, cactus, wrong, bundle, cattle, flip, umbrella, crash, art, shift, hammer, pride, topple, rich, question, crystal, daring, around, idle, salon, satisfy, twelve, october)</span>
</code></pre>
<p>Now that we have a <code>MnemonicCode</code> that was securely generated, we need to now create <code>KeyManagerParams</code> which tells us how to generate
generate specific kinds of addresses for wallets.</p>
<p><code>KeyManagerParams</code> takes 3 parameters:</p>
<ol>
<li><code>seedPath</code> there is where we store the <code>MnemonicCode</code> on your file system</li>
<li><a href="/api/org/bitcoins/core/hd/HDPurpose"><code>purpose</code></a> which represents what type of utxo this <code>KeyManager</code> is associated with. The specification for this is in <a href="https://github.com/bitcoin/bips/blob/master/bip-0043.mediawiki">BIP43</a></li>
<li><a href="/api/org/bitcoins/core/config/NetworkParameters"><code>network</code></a> what cryptocurrency network this key manager is associated with</li>
</ol>
<p>This controls how the root key is defined. The combination of <code>purpose</code> and <code>network</code> determine how the root <code>ExtKey</code> is serialized. For more information on how this works please see <a href="/docs/core/hd-keys">hd-keys</a></p>
<p>Now we can construct a native segwit key manager for the regtest network!</p>
<pre><code class="hljs css language-scala"><span class="hljs-comment">//this will create a temp directory with the prefix 'key-manager-example` that will</span>
<span class="hljs-comment">//have a file in it called "encrypted-bitcoin-s-seed.json"</span>
<span class="hljs-keyword">val</span> seedPath = <span class="hljs-type">Files</span>.createTempDirectory(<span class="hljs-string">"key-manager-example"</span>).resolve(<span class="hljs-type">WalletStorage</span>.<span class="hljs-type">ENCRYPTED_SEED_FILE_NAME</span>)
<span class="hljs-comment">// seedPath: Path = /var/folders/00/27b127nj25q8gnjhjqfnw9040000gn/T/key-manager-example1363737922298881160/encrypted-bitcoin-s-seed.json</span>

<span class="hljs-comment">//let's create a native segwit key manager</span>
<span class="hljs-keyword">val</span> purpose = <span class="hljs-type">HDPurpose</span>.<span class="hljs-type">SegWit</span>
<span class="hljs-comment">// purpose: HDPurpose = m/84'</span>

<span class="hljs-comment">//let's choose regtest as our network</span>
<span class="hljs-keyword">val</span> network = <span class="hljs-type">RegTest</span>
<span class="hljs-comment">// network: RegTest.type = RegTest</span>

<span class="hljs-keyword">val</span> kmParams = <span class="hljs-type">KeyManagerParams</span>(seedPath, purpose, network)
<span class="hljs-comment">// kmParams: KeyManagerParams = KeyManagerParams(/var/folders/00/27b127nj25q8gnjhjqfnw9040000gn/T/key-manager-example1363737922298881160/encrypted-bitcoin-s-seed.json,m/84',RegTest)</span>

<span class="hljs-keyword">val</span> aesPasswordOpt = <span class="hljs-type">Some</span>(<span class="hljs-type">AesPassword</span>.fromString(<span class="hljs-string">"password"</span>))
<span class="hljs-comment">// aesPasswordOpt: Some[AesPassword] = Some(Masked(AesPassword))</span>

<span class="hljs-keyword">val</span> km = <span class="hljs-type">BIP39KeyManager</span>.initializeWithMnemonic(aesPasswordOpt, mnemonic, <span class="hljs-type">None</span>, kmParams)
<span class="hljs-comment">// km: Either[KeyManagerInitializeError, BIP39KeyManager] = Right(org.bitcoins.keymanager.bip39.BIP39KeyManager@6193b3a0)</span>

<span class="hljs-keyword">val</span> rootXPub = km.right.get.getRootXPub
<span class="hljs-comment">// rootXPub: ExtPublicKey = vpub5SLqN2bLY4WeYyJciwbDBryLWynBtFkAEAUVwe4cRQmcFE5XTNtsirupkSarg1mfkXyySF3ycA3t78hPeG52Gfi8VZYcqbJ8zXJrAAavdak</span>

println(rootXPub)
<span class="hljs-comment">// vpub5SLqN2bLY4WeYyJciwbDBryLWynBtFkAEAUVwe4cRQmcFE5XTNtsirupkSarg1mfkXyySF3ycA3t78hPeG52Gfi8VZYcqbJ8zXJrAAavdak</span>
</code></pre>
<p>Which should print something that looks like this</p>
<p><code>vpub5SLqN2bLY4WeXxMqwJHJFBEwxSscGB2uDUnsTS3edVjZEwTrQDFDNqoR2xLqARQPabGaXsHSTenTRcqm2EnB9MpuC4vSk3LqSgNmGGZtuq7</code></p>
<p>which is a native segwit <code>ExtPubKey</code> for the regtest network!</p>
<p>You can always change the <code>network</code> or <code>purpose</code> to support different things. You do <em>not</em> need to initialize the key manager
again after initializing it once. You can use the same <code>mnemonic</code> for different networks, which you control <code>KeyManagerParams</code>.</p>
<pre><code class="hljs css language-scala"><span class="hljs-comment">//let's create a nested segwit key manager for mainnet</span>
<span class="hljs-keyword">val</span> mainnetKmParams = <span class="hljs-type">KeyManagerParams</span>(seedPath, <span class="hljs-type">HDPurpose</span>.<span class="hljs-type">SegWit</span>, <span class="hljs-type">MainNet</span>)
<span class="hljs-comment">// mainnetKmParams: KeyManagerParams = KeyManagerParams(/var/folders/00/27b127nj25q8gnjhjqfnw9040000gn/T/key-manager-example1363737922298881160/encrypted-bitcoin-s-seed.json,m/84',MainNet)</span>

<span class="hljs-comment">//we do not need to all `initializeWithMnemonic()` again as we have saved the seed to dis</span>
<span class="hljs-keyword">val</span> mainnetKeyManager = <span class="hljs-type">BIP39KeyManager</span>.fromMnemonic(mnemonic, mainnetKmParams, <span class="hljs-type">None</span>, <span class="hljs-type">Instant</span>.now, <span class="hljs-literal">false</span>)
<span class="hljs-comment">// mainnetKeyManager: BIP39KeyManager = org.bitcoins.keymanager.bip39.BIP39KeyManager@6960fc61</span>

<span class="hljs-keyword">val</span> mainnetXpub = mainnetKeyManager.getRootXPub
<span class="hljs-comment">// mainnetXpub: ExtPublicKey = zpub6jftahH18ngZxA564Nji2DMMCrMyeji9tcZP5De9wSH8TdLSU1Z8D7YNqGRCfePMP6TCS9SDSoU5eH9eX3j5TcSXxvLKBEa65RZRiT3WiBE</span>

println(mainnetXpub)
<span class="hljs-comment">// zpub6jftahH18ngZxA564Nji2DMMCrMyeji9tcZP5De9wSH8TdLSU1Z8D7YNqGRCfePMP6TCS9SDSoU5eH9eX3j5TcSXxvLKBEa65RZRiT3WiBE</span>
</code></pre>
<p>Which gives us something that looks like this</p>
<p><code>zpub6jftahH18ngZw98KGjRo5XcxeKTQ2eztsvskb1dC9XF5TLimQquTs6Ry7nBBA425D9joXmfgJJCexmJ1u2SELJZJfRi95gcnXadLpZzYb5c</code></p>
<p>which is a p2sh wrapped segwit <code>ExtPubKey</code> for the bitcoin main network!</p>
<h4><a class="anchor" aria-hidden="true" id="creating-a-key-manager-from-existing-mnemonic"></a><a href="#creating-a-key-manager-from-existing-mnemonic" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Creating a key manager from existing mnemonic</h4>
<p>To create a <code>KeyManager</code> from existing mnemonic you need to specify the <code>seedPath</code> and then construct the <code>KeyManagerParams</code> that you would like.</p>
<p>Finally you call <code>KeyManager.fromParams()</code> that reads the mnemonic from disk and create's the key manager</p>
</span></div></article></div><div class="docLastUpdate"><em>Last updated on 5/7/2021 by Chris Stewart</em></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/key-manager/server-key-manager"><span class="arrow-prev">← </span><span>Server Key Manager</span></a><a class="docs-next button" href="/docs/node/node"><span>Light Client</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"></nav></div><footer class="nav-footer" id="footer"><section class="sitemap"><a href="/" class="nav-home"><img src="/img/favicon.ico" alt="bitcoin-s" width="66" height="58"/></a><div><h5>Docs</h5><a href="/docs/en/getting-started">Getting Started</a><a href="/docs/en/core/core-intro">Guides</a><a href="/api/org/bitcoins">API Reference</a></div><div><h5>Community</h5><a href="/en/users.html">User Showcase</a><a href="https://join.slack.com/t/suredbits/shared_invite/zt-eavycu0x-WQL7XOakzQo8tAy7jHHZUw" target="_blank" rel="noreferrer noopener">Slack</a><a href="https://gitter.im/bitcoin-s-core/">Gitter chat</a></div><div><h5>More</h5><a href="https://github.com/bitcoin-s/bitcoin-s">GitHub</a><a class="github-button" href="https://github.com/bitcoin-s/bitcoin-s" data-icon="octicon-star" data-count-href="/bitcoin-s/bitcoin-s-core/stargazers" data-show-count="true" data-count-aria-label="# stargazers on GitHub" aria-label="Star this project on GitHub">Star</a></div></section><section class="copyright">Copyright © 2025 Suredbits &amp; the bitcoin-s developers</section></footer></div><script type="text/javascript" src="https://cdn.jsdelivr.net/docsearch.js/1/docsearch.min.js"></script><script>
                document.addEventListener('keyup', function(e) {
                  if (e.target !== document.body) {
                    return;
                  }
                  // keyCode for '/' (slash)
                  if (e.keyCode === 191) {
                    const search = document.getElementById('search_input_react');
                    search && search.focus();
                  }
                });
              </script><script>
              var search = docsearch({
                
                apiKey: '0a510688bf8448e19aeb380377d328d3',
                indexName: 'bitcoin-s',
                inputSelector: '#search_input_react'
              });
            </script></body></html>