Skip to main content

Creating a Keystore

A keystore is a file that contains the cryptographic keys for a SUBFROST signing group. It is used by the subrail-cli to sign transactions on behalf of the group.

Generating a Keystore

You can generate a new keystore using the subrail-cli. The following command will create a new keystore file with a 2-of-3 threshold signature scheme:

subrail-cli frost create --threshold 2 --max-signers 3 --network testnet > keystore.json

This will create a keystore.json file in your current directory. You will need to distribute this file to the other participants in the signing group.

Keystore File Format

The keystore file is a JSON object with the following structure:

{
  "version": "1.0.0",
  "created_at": 1752360230,
  "network": "testnet",
  "threshold": 2,
  "max_signers": 3,
  "group_public_key": "1b0c0f4c42709f1bd59f344ce558f506cdadb5a5b378ecf1e2310d79a4e0325c",
  "master_fingerprint": "10fcd38c193e1f18",
  "shares": [
    {
      "identifier": 0,
      "encrypted_share": "10f8e32e2e86efcaa620a27fd23e9354f9d2a65b7bddd528243c66c3acad45a63fa3f91f3b1aa4c443df6e29c5f938d22ec5b0b209b12f7d17fe422f562044e6f5f4a6bf0681eda131ae06aaea5f2e92f6f4",
      "salt": "c616f71c776d79d2ae95dd24b21dc8ea85c5d7ceafd6cb2540ba4b2d563b673c",
      "nonce": "17e458bd4d8d003abc2851a7",
      "public_key_package": "2230323162306330663463343237303966316264353966333434636535353866353036636461646235613562333738656366316532333130643739613465303332356322",
      "derivation_info": {
        "master_fingerprint": "10fcd38c193e1f18",
        "derivation_path": "m/86'/0'/0'/0/0",
        "share_index": 0
      }
    }
  ],
  "metadata": {
    "description": "FROST participant 0",
    "tags": [
      "frost",
      "threshold"
    ],
    "properties": {}
  }
}

Fields

  • version: The version of the keystore file format.
  • created_at: The timestamp when the keystore was created.
  • network: The Bitcoin network that this keystore is for (mainnet, testnet, etc.).
  • threshold: The number of signers required to create a valid signature.
  • max_signers: The total number of signers in the group.
  • group_public_key: The public key for the entire signing group.
  • master_fingerprint: The fingerprint of the master key.
  • shares: An array of secret shares, one for each participant.
    • identifier: The unique identifier for this participant.
    • encrypted_share: The encrypted secret share.
    • salt, nonce: Cryptographic values used for encryption.
    • public_key_package: The public key package for this participant.
    • derivation_info: Information about the key derivation.
  • metadata: Additional metadata about the keystore.