Wallet Basics: Keys and Addresses
Keys and addresses are cryptographic entities at the heart of all information flow in Cardano and other blockchains. There are many different types of keys in Cardano, but to get started we will focus on the address keys and their derived addresses on the right section of the image below.
Image courtesy of ilap
📝 Following the principles of public key/asymmetric cryptography, the terms keys and key pairs can be used interchangeably for the rest of this guide. In particular Cardano uses Ed25519 key pairs consisting of a private signing key and a public verification key.
Create address key pairs and their corresponding addresses to receive ADA and other custom tokens.
cardano-cli executable binary from our previous post Running a Full Cardano Node.
Address keys are used to derive addresses, which are destinations for values from transaction outputs. This strict association means the only way to unlock the ability to spend/withdraw values at these addresses is through a signature provided by the private signing key. This simple premise safeguards all the values from theft or confiscation.
Another powerful feature arises from the fact that these cryptographic entities can be created without connecting to or interacting with the network. The de-coupling of these entities from the network allows any one, even those without an internet connection, to create keys and their corresponding addresses that can receive ADA/custom tokens.
Two main types of address keys are used within Cardano:
- Payment Keys: For creating payment addresses to receive ADA/custom tokens, and signing transactions to spend ADA/custom tokens from these payment addresses
- Stake Keys: For creating stake/reward addresses, delegating stake, withdrawing ADA rewards from stake addresses and registering stake pools. Also used with payment keys to create base payment addresses with staking rights.
Creating Payment Keys
cardano-cli address key-gen --verification-key-file payment.vkey --signing-key-file payment.skey
This will create two files, the private signing key
payment.skey and the
public verification key
payment.vkey in the current directory.
Outside of the testnets it is EXTREMELY important to safeguard your private signing keys.
Creation of keys should be always be done in a trusted air-gapped machine with a pristine operating system (e.g. a fresh Ubuntu VirtualBox VM with no non-base-OS software apart from a verified version of cardano-cli) and no network/internet connectivity.
These key files can transferred to/from a secure USB (e.g. Apricorn Aegis) when necessary to ensure a fresh pristine environment every time. We also recommended writing down the contents of the private keys on a physical medium to be stored securely in case of software/hardware failure.
Creating Stake Keys
cardano-cli stake-address key-gen --verification-key-file stake.vkey --signing-key-file stake.skey
This will create the private signing key
stake.skey and the public
stake.vkey in the current directory.
The address keys above are then used to create two main types of addresses:
- Payment addresses: To receive ADA/custom tokens
- Stake/Reward addresses: To receive ADA staking rewards (automatically)
These are encoded representations of public verification address key(s) concatenated with other metadata (see different address types in the image above) including the network in which they are valid for (e.g. –mainnet, –testnet-magic 1097911063, etc.)
Creating a Payment Address
Payment addresses are generally created using both payment and staking verification keys to create an address known as base address. The act of re-using the same stake key to generate multiple payment addresses allow all the ADA across these addresses to be automatically staked to the same designated stake pool.
However it is also possible to create
a term for a non-staking payment address, by excluding the
--stake-verification-key-file parameter below.
cardano-cli address build \ --payment-verification-key-file payment.vkey \ --stake-verification-key-file stake.vkey \ --testnet-magic 1097911063 \ --out-file payment.addr
cardano-cli address build \ --payment-verification-key-file payment.vkey \ --stake-verification-key-file stake.vkey \ --mainnet \ --out-file payment.addr
Creating a Stake/Reward Address
A unique stake address is generated from a stake verification key.
cardano-cli stake-address build \ --stake-verification-key-file stake.vkey \ --testnet-magic 1097911063 \ --out-file stake.addr
cardano-cli stake-address build \ --stake-verification-key-file stake.vkey \ --mainnet \ --out-file stake.addr
- Cardano Docs: Cardano addresses
- Cardano Developers: Creating Keys and Addresses
- Learn me a bitcoin: Keys and Addresses
Build Your First Transaction in Cardano
With your newly created keys and addresses you can build, sign and submit transactions to learn about Transactions: UTxO and Metadata ➡️