You are reading GoQuorum development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

# Secure private keys using Argon2

Private keys can be encrypted with a password during key generation.

After generating password-protected keys, the password must be added to the configuration file to ensure it can be decrypted.

Passwords can be added inline using "passwords":[], or stored in an external file that is referenced by "passwordFile": "Path".

Note

The number of arguments/file-lines provided must equal the total number of private keys. For example, if there are 3 total keys and the second is not password secured, the 2nd argument/line must be blank or contain dummy data.

Tessera uses Argon2 to encrypt private keys. By default, Argon2 is configured as follows:

{
"variant": "id",
"memory": 1048576,
"iterations": 10,
"parallelism": 4
}


The Argon2 configuration can be altered by using the -keygenconfig option. Any override file must have the same format as the default configuration above, and all options must be provided.

tessera -keygen -filename /path/to/key1 -keygenconfig /path/to/argonoptions.json