← Back to all products
$10
Validator Key Manager
Securely manage validator keys with HSM integration, key generation, and backup recovery.
TOMLPythonMarkdown
📁 File Structure 10 files
validator-key-manager/
├── LICENSE
├── README.md
├── pyproject.toml
├── security-notes.md
├── src/
│ ├── backup.py
│ ├── cli.py
│ ├── keygen.py
│ ├── keystore.py
│ └── models.py
└── tests/
└── test_keygen.py
📖 Documentation Preview README excerpt
validator-key-manager
CLI tool to generate, backup, rotate, and manage Ethereum validator BLS keys.
Price: $9.99 | Store: staking-kit | Product #9
Overview
validator-key-manager is a Python CLI for managing Ethereum Beacon Chain validator keys. It generates BLS12-381 keys following EIP-2333/2334, stores them as EIP-2335 encrypted keystores, creates encrypted backups, and exports deposit data for the Ethereum Deposit Contract.
Features
| Feature | Description |
|---|---|
| Generate | Create BLS12-381 validator keys from BIP-39 mnemonics |
| Keystores | EIP-2335 encrypted JSON keystores (scrypt + AES-128-CTR) |
| Backup | AES-256-GCM encrypted tar archives of keystore directories |
| Restore | Decrypt and extract keystores from encrypted backups |
| List | View all keys in a keystore directory with metadata |
| Verify | Test keystore integrity and password correctness |
| Deposit Data | Export deposit data JSON for the Ethereum Deposit Contract |
| Networks | Mainnet, Goerli, Holesky, Sepolia |
Installation
# Install from source
pip install -e .
# Or install dependencies manually
pip install click rich pyyaml python-dotenv py_ecc eth-typing cryptography
Prerequisites
- Python 3.10+
py_eccfor BLS12-381 operations (optional — falls back to hash-based derivation for demo)cryptographyfor AES-256-GCM backup encryption (optional — falls back to XOR for demo)
Quick Start
1. Generate validator keys
# Generate 3 keys for mainnet
validator-keys generate --count 3 --output ./keys --network mainnet
# Generate with a specific mnemonic
validator-keys generate --count 1 --mnemonic "your 24 word mnemonic phrase here..."
# Generate starting from index 5 (for adding more validators)
validator-keys generate --count 2 --start-index 5 --output ./keys
... continues with setup instructions, usage examples, and more.
📄 Code Sample .py preview
src/backup.py
"""
validator-key-manager — Encrypted backup and restore
Creates AES-256-GCM encrypted tar archives of keystore directories.
Uses PBKDF2-HMAC-SHA256 with 600,000 iterations for key derivation.
"""
from __future__ import annotations
import hashlib
import io
import os
import secrets
import tarfile
from pathlib import Path
# ---------------------------------------------------------------------------
# Constants
# ---------------------------------------------------------------------------
PBKDF2_ITERATIONS = 600_000
SALT_LENGTH = 32
NONCE_LENGTH = 12
TAG_LENGTH = 16
MAGIC_HEADER = b"CFVKM\x01" # CryptoForge Validator Key Manager v1
# ---------------------------------------------------------------------------
# Key derivation
# ---------------------------------------------------------------------------
def _derive_encryption_key(password: str, salt: bytes) -> bytes:
"""
Derive a 32-byte encryption key from a password using PBKDF2.
Args:
password: User password
salt: Random salt (32 bytes)
Returns:
32-byte AES-256 encryption key
"""
return hashlib.pbkdf2_hmac(
"sha256",
password.encode("utf-8"),
salt,
iterations=PBKDF2_ITERATIONS,
dklen=32,
)
# ... 151 more lines ...