Module com.hedera.hashgraph.sdk
Package com.hedera.hashgraph.sdk

Class PrivateKey

java.lang.Object
com.hedera.hashgraph.sdk.Key
com.hedera.hashgraph.sdk.PrivateKey
Direct Known Subclasses:
PrivateKeyECDSA, PrivateKeyED25519
public abstract class PrivateKey extends Key
A private key on the Hederaâ„¢ network.

  • Field Details

    • publicKey

      @Nullable protected PublicKey publicKey
      The public key derived from the private key

  • Constructor Details

    • PrivateKey

      public PrivateKey()

  • Method Details

    • generate

      public static PrivateKey generate()
      Deprecated.
      use generateED25519() or generateECDSA() instead
      Generates a new Ed25519 private key.
      Returns:
      the new Ed25519 private key.

    • generateED25519

      public static PrivateKey generateED25519()
      Extract the new ED25519 private key.
      Returns:
      the new ED25519 private key

    • generateECDSA

      public static PrivateKey generateECDSA()
      Extract the new ECDSA private key.
      Returns:
      the new ECDSA private key

    • fromSeedED25519

      public static PrivateKey fromSeedED25519(byte[] seed)
      Extract the ED25519 private key from a seed.
      Parameters:
      seed - the seed
      Returns:
      the ED25519 private key

    • fromSeedECDSAsecp256k1

      public static PrivateKey fromSeedECDSAsecp256k1(byte[] seed)
      Extract the ECDSA private key from a seed.
      Parameters:
      seed - the seed
      Returns:
      the ECDSA private key

    • fromMnemonic

      @Deprecated public static PrivateKey fromMnemonic(Mnemonic mnemonic, String passphrase)
      Deprecated.
      use Mnemonic.toStandardEd25519PrivateKey(String, int) ()} or Mnemonic.toStandardECDSAsecp256k1PrivateKey(String, int) (String, int)} instead This function uses incomplete and the key should not be used directly.

      Recover a private key from a generated mnemonic phrase and a passphrase.

      This is not compatible with the phrases generated by the Android and iOS wallets; use the no-passphrase version instead.

      Parameters:
      mnemonic - the mnemonic phrase which should be a 24 byte list of words.
      passphrase - the passphrase used to protect the mnemonic (not used in the mobile wallets, use fromMnemonic(Mnemonic) instead.)
      Returns:
      the recovered key; use derive(int) to get a key for an account index (0 for default account)

    • fromMnemonic

      @Deprecated public static PrivateKey fromMnemonic(Mnemonic mnemonic)
      Deprecated.
      use Mnemonic.toStandardEd25519PrivateKey(String, int) ()} or Mnemonic.toStandardECDSAsecp256k1PrivateKey(String, int) (String, int)} instead Recover a private key from a mnemonic phrase compatible with the iOS and Android wallets.

      An overload of fromMnemonic(Mnemonic, String) which uses an empty string for the passphrase.

      Parameters:
      mnemonic - the mnemonic phrase which should be a 24 byte list of words.
      Returns:
      the recovered key; use derive(int) to get a key for an account index (0 for default account)

    • fromString

      public static PrivateKey fromString(String privateKey)
      Retrieve a private key from a string.
      Parameters:
      privateKey - string representing a private key
      Returns:
      the private key

    • fromStringDER

      public static PrivateKey fromStringDER(String privateKey)
      Retrieve a private key from a DER encoded string.
      Parameters:
      privateKey - DER encoded string representing a private key
      Returns:
      the private key

    • fromStringED25519

      public static PrivateKey fromStringED25519(String privateKey)
      Retrieve a private key from an ED25519 encoded string.
      Parameters:
      privateKey - ED25519 encoded string representing a private key
      Returns:
      the private key

    • fromStringECDSA

      public static PrivateKey fromStringECDSA(String privateKey)
      Retrieve a private key from an ECDSA encoded string.
      Parameters:
      privateKey - ECDSA encoded string representing a private key
      Returns:
      the private key

    • fromBytes

      public static PrivateKey fromBytes(byte[] privateKey)
      Retrieve a private key from a byte array.
      Parameters:
      privateKey - byte array representing a private key
      Returns:
      the private key

    • fromBytesED25519

      public static PrivateKey fromBytesED25519(byte[] privateKey)
      Retrieve a private key from an ED25519 encoded byte array.
      Parameters:
      privateKey - ED25519 encoded byte array representing a private key
      Returns:
      the private key

    • fromBytesECDSA

      public static PrivateKey fromBytesECDSA(byte[] privateKey)
      Retrieve a private key from an ECDSA encoded byte array.
      Parameters:
      privateKey - ECDSA encoded byte array representing a private key
      Returns:
      the private key

    • fromBytesDER

      public static PrivateKey fromBytesDER(byte[] privateKey)
      Retrieve a private key from a DER encoded byte array.
      Parameters:
      privateKey - DER encoded byte array representing a private key
      Returns:
      the private key

    • readPem

      public static PrivateKey readPem(Reader pemFile) throws IOException
      Parse a private key from a PEM encoded reader.

      This will read the first "PRIVATE KEY" section in the stream as an Ed25519 private key.

      Parameters:
      pemFile - The Reader containing the pem file
      Returns:
      PrivateKey
      Throws:
      IOException - if one occurred while reading.
      BadKeyException - if no "PRIVATE KEY" section was found or the key was not an Ed25519 private key.

    • readPem

      public static PrivateKey readPem(Reader pemFile, @Nullable String password) throws IOException
      Parse a private key from a PEM encoded stream. The key may be encrypted, e.g. if it was generated by OpenSSL.

      If password is not null or empty, this will read the first "ENCRYPTED PRIVATE KEY" section in the stream as a PKCS#8 EncryptedPrivateKeyInfo structure and use that algorithm to decrypt the private key with the given password. Otherwise, it will read the first "PRIVATE KEY" section as DER-encoded Ed25519 private key.

      To generate an encrypted private key with OpenSSL, open a terminal and enter the following command: 

       openssl genpkey -algorithm ed25519 -aes-128-cbc > key.pem

      Then enter your password of choice when prompted. When the command completes, your encrypted key will be saved as `key.pem` in the working directory of your terminal.

      Parameters:
      pemFile - the PEM encoded file
      password - the password to decrypt the PEM file; if null or empty, no decryption is performed.
      Returns:
      PrivateKey
      Throws:
      IOException - if one occurred while reading the PEM file
      BadKeyException - if no "ENCRYPTED PRIVATE KEY" or "PRIVATE KEY" section was found, if the passphrase is wrong or the key was not an Ed25519 private key.

    • fromPem

      public static PrivateKey fromPem(String pemEncoded) throws IOException
      Parse a private key from a PEM encoded string.
      Parameters:
      pemEncoded - The String containing the pem
      Returns:
      PrivateKey
      Throws:
      IOException - if the PEM string was improperly encoded
      BadKeyException - if no "PRIVATE KEY" section was found or the key was not an Ed25519 private key.
      See Also:

    • fromPem

      public static PrivateKey fromPem(String encodedPem, @Nullable String password) throws IOException
      Parse a private key from a PEM encoded string.

      The private key may be encrypted, e.g. if it was generated by OpenSSL.

      Parameters:
      encodedPem - the encoded PEM string
      password - the password to decrypt the PEM file; if null or empty, no decryption is performed.
      Returns:
      PrivateKey
      Throws:
      IOException - if the PEM string was improperly encoded
      BadKeyException - if no "ENCRYPTED PRIVATE KEY" or "PRIVATE KEY" section was found, if the passphrase is wrong or the key was not an Ed25519 private key.
      See Also:

    • legacyDerive

      public PrivateKey legacyDerive(int index)
      Derive a child key based on the index.
      Parameters:
      index - the index
      Returns:
      the derived child key

    • legacyDerive

      public abstract PrivateKey legacyDerive(long index)
      Derive a child key based on the index.
      Parameters:
      index - the index
      Returns:
      the derived child key

    • isDerivable

      public abstract boolean isDerivable()
      Check if this private key supports derivation.

      This is currently only the case if this private key was created from a mnemonic.

      Returns:
      boolean

    • derive

      public abstract PrivateKey derive(int index)
      Given a wallet/account index, derive a child key compatible with the iOS and Android wallets.

      Use index 0 for the default account.

      Parameters:
      index - the wallet/account index of the account, 0 for the default account.
      Returns:
      the derived key
      Throws:
      IllegalStateException - if this key does not support derivation.
      See Also:

    • getPublicKey

      public abstract PublicKey getPublicKey()
      Derive a public key from this private key.

      The public key can be freely given and used by other parties to verify the signatures generated by this private key.

      Returns:
      the corresponding public key for this private key.

    • sign

      public abstract byte[] sign(byte[] message)
      Sign a message with this private key.
      Parameters:
      message - The array of bytes to sign with
      Returns:
      the signature of the message.

    • signTransaction

      public byte[] signTransaction(Transaction<?> transaction)
      Sign a transaction.
      Parameters:
      transaction - the transaction
      Returns:
      the signed transaction

    • toBytes

      public abstract byte[] toBytes()
      Description copied from class: Key
      Create the byte array.
      Overrides:
      toBytes in class Key
      Returns:
      the byte array representation

    • toBytesDER

      public abstract byte[] toBytesDER()
      Extract the byte array encoded as DER.
      Returns:
      the byte array encoded as DER

    • toBytesRaw

      public abstract byte[] toBytesRaw()
      Extract the raw byte array.
      Returns:
      the raw byte array

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • toStringDER

      public String toStringDER()
      Extract the DER encoded hex string.
      Returns:
      the DER encoded hex string

    • toStringRaw

      public String toStringRaw()
      Extract the raw hex string.
      Returns:
      the raw hex string

    • toAccountId

      public AccountId toAccountId(@Nonnegative long shard, @Nonnegative long realm)
      Retrieve the account id.
      Parameters:
      shard - the shard
      realm - the realm
      Returns:
      the account id

    • toProtobufKey

      Key toProtobufKey()
      Description copied from class: Key
      Serialize this key as a protobuf object
      Specified by:
      toProtobufKey in class Key

    • isED25519

      public abstract boolean isED25519()
      Are we an ED25519 key?
      Returns:
      are we an ED25519 key

    • isECDSA

      public abstract boolean isECDSA()
      Are we an ECDSA key?
      Returns:
      are we an ECDSA key

    • getChainCode

      public abstract org.bouncycastle.crypto.params.KeyParameter getChainCode()
      Get the chain code of the key
      Returns:
      the chainCode