Skip to content
/ keyformat Public

Utility to format exported YubiHSM keys into CometBFT / Tendermint compatible JSON files.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

freshautomations/keyformat

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

keyformat

Utility to format YubiHSM private keys into CometBFT/Tendermint JSON format or TMKMS softsign format.

This utility allows unwrapped YubiHSM ed25519 asymmetric private keys to be converted into CometBFT (and Tendermint) priv_validator.json format or tmkms softsign format.

The exported YubiHSM key has to be unwrapped first using the yubihsm-unwrap utility.

How to install

go get github.com/freshautomations/keyformat

How to use

Below is an example of exporting a key from YubiHSM for plain-text use:

# Export asymmetric ed25519 key ID 9 using wrap key ID 1. The tmkms.toml file
# defines a password that gives at least operator access to the HSM device.
tmkms yubihsm keys export -i 9 -w 1 wrapped.enc -c tmkms.toml

# Unwrap the key. The wrap key is saved in a binary file.
yubihsm-unwrap --in wrapped.enc --wrapkey wrap.key --out decrypted.key

# Format the private key for CometBFT/Tendermint
keyformat -key decrypted.key -output priv_validator.json

# Format the private key for tmkms
keyformat -key decrypted.key -output softsign.key -softsign

Resources

About

Utility to format exported YubiHSM keys into CometBFT / Tendermint compatible JSON files.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages