Migrate to quill
To provide a unified user experience, we recommand quill which provide more comprehensive support for ledger and governance on the Internet Computer.
We will not add new features to keysmith or release new versions.
Please refer to this migration guide to get the quill equivalents of keysmith commands.
Note that some sophasicated functionalities are not available in quill yet. If your workflow relies on those keysmith commands, you can keep using it.
Hierarchical Deterministic Key Derivation for the Internet Computer
YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT USE OF THIS SOFTWARE IS AT YOUR SOLE RISK. AUTHORS OF THIS SOFTWARE SHALL NOT BE LIABLE FOR DAMAGES OF ANY TYPE, WHETHER DIRECT OR INDIRECT.
Keysmith lets you derive cryptographic keys and identifiers for the Internet Computer. Among these identifiers includes an account identifier, which indicates the source or destination of an ICP token transfer. Keysmith does not sign or send messages to the Internet Computer. Hence, Keysmith does not facilitate ICP token transfer, but rather only ICP token custody. For use cases other than custody, such as payments, consider using Keysmith in conjunction with other software, such as the DFINITY Canister SDK.
Download the latest tarball here.
If you want to verify the authenticity of the tarball, then please also download the supplementary SHA256.SIG and SHA256.SUM files, as well as my public key, which you can find here.
Verify the SHA256 checksum of the tarball.
grep "$(openssl dgst -sha256 keysmith-*.tar.gz)" SHA256.SUM
Verify the signature on the tarball.
openssl dgst -sha256 -verify public.key -signature SHA256.SIG SHA256.SUM
The command above should display the following output.
Verified OK
Extract the executable from the tarball.
tar -f keysmith-*.tar.gz -x
Add the executable to your PATH.
sudo install -d /usr/local/bin
sudo install keysmith /usr/local/bin
Below is list of commands and their behavior.
accountprints your account identifier.generategenerates your mnemonic seed and writes it to a file.legacy-addressprints your legacy address.principalprints your principal identifier.private-keyderives your private key and writes it to a file.public-keyprints your public key.shortlistprints the available commands.versionprints the version number.x-private-keyderives your extended private key and writes it to a file.x-public-keyprints your extended public key.
The DFINITY Canister SDK can sign and send messages to the Internet Computer. Versions 0.7.0-beta.6 and greater provide a convenient ledger command that facilitates ICP token transfer. Consider the workflow below.
# Generate your mnemonic seed.
keysmith generate
# Derive your private key.
keysmith private-key
# Create an empty project.
echo {} > dfx.json
# Import your private key.
dfx identity import alternate identity.pem
# Use your private key to sign messages.
dfx identity use alternate
# Print your account identifier.
dfx ledger account-id
# Check your balance.
dfx ledger --network=https://ic0.app balance
# Send me some tokens.
dfx ledger --network=https://ic0.app transfer \
--amount=1.23456789 \
--memo=0 \
--to=89e99f79ec4d81f77a6c8cb243e536e7b3244d7294fb803bcd77b3dd4e32ae36