Generate normal (non-extended keys)

[cscsabai]

With the following command I can easily generate normal (non-extended) signing/verification keys:

#cardano-cli address key-gen --verification-key-file test.vkey --signing-key-file test.skey

The result signing file looks like:
{
“type”: “PaymentSigningKeyShelley_ed25519”,
“description”: “Payment Signing Key”,
“cborHex”: “58205603938b6f6fa9acd09b692126fxxxxxxxx865c81f7ca1ddcb40b5d41xxxxxx”
}

Verification key file also contains a non-extended public key.

So this is a simple signing/verification key, what I can use PyNaCl library without any problems.

How can I generate similar normal (non extended) signing/verifying keys with Cardano-addresses?

I cannot find any way to generate non-extended keys from menemonic/derivation.

[paweljakubas]

hi! I created PR adding the above to the documentation -> #143
I hope it answers your questions

[paweljakubas]

also bech32 is binary from https://github.com/input-output-hk/bech32

[cscsabai]

Thanks for the explanation, but I still have a problem. In the latest step in your document:

Producing cborhash,
$ cardano-address key child 1852H/1815H/0H/0/0 --without-chain-code < root.xprv | bech32
 b0bf46232c7f0f58ad333030e43ffbea7c2bb6f8135bd05fb0d343ade8453c5eacc7ac09f77e16b635832522107eaa9f56db88c615f537aa6025e6c23da98ae8
 (just signing key)

So the result is NOT a signing key, this is an extended signing key, because it is 128 bytes long. The normal signing keys (generated with cardano-cli by default) is 64 bytes long, and this is the only way to sign transactions with PyNaCl library.

Is there any way to generate normal (non-extended) private key with cardano addresses?

[paweljakubas]

So below is signing key + chain code (64+32=96 bytes):

$ cardano-address key child 1852H/1815H/0H/0/0 --with-chain-code < root.xprv | bech32
b0bf46232c7f0f58ad333030e43ffbea7c2bb6f8135bd05fb0d343ade8453c5eacc7ac09f77e16b635832522107eaa9f56db88c615f537aa6025e6c23da98ae8b0be1868d1c36ef9089b3b094f5fe1d783e4d5fea14e2034c0397bee50e65a1a

And below it is just signing key (64 bytes):

cardano-address key child 1852H/1815H/0H/0/0 --without-chain-code < root.xprv | bech32
b0bf46232c7f0f58ad333030e43ffbea7c2bb6f8135bd05fb0d343ade8453c5eacc7ac09f77e16b635832522107eaa9f56db88c615f537aa6025e6c23da98ae8

Please use this branch to have it : #134
We are going to support extended, non-extended private keys, with/without chain code (not so straightforward like for public keys) in the future.
Private keys with/without chain code change is not released though.

[KtorZ]

Is there any way to generate normal (non-extended) private key with cardano addresses?

No. Not at the moment. cardano-addresses is specifically designed to work with key derivation and extended keys.

edit: As Pawel pointed above, there's ongoing work to extend support to non-extended keys in cardano-addresses and reduce the incompatibility surface with cardano-cli, but this isn't available at the moment.

[cscsabai]

And below it is just signing key (64 bytes):

Sorry I totally confused the key length. So the normal signing key (I guess) should be 32 bytes long (64 bytes in hex encoded). If you check Cardano-cli key-gen, that also generates 32 bytes long normal secret keys (by default).

The reason why I need it: in my project we are develop an automated transaction signing service in python. We are using the PyNaCl library to sign the transactions.

signature = SigningKey(sk, encoder=HexEncoder).sign(bytes.fromhex(hexbytes))

PyNaCl is only supports 32 bytes (128 bits) long normal signing keys. source: https://pynacl.readthedocs.io/en/latest/signing/#nacl.signing.SigningKey

With cardano-cli generated signing key, I can sign and submit Cardano transactions.
Although I cannot sign transactions with Cardano addresses generated extended signing keys (64 bytes long). If I just try to use the first 32 bytes, I got the following error when try to submit tx:
ApplyTxError [LedgerFailure (UtxowFailure (InvalidWitnessesUTXOW [VKey (VerKeyEd25519DSIGN (PublicKey

So somehow I need a find a way to generate normal (non-extended) 32 bytes long signatures + verification keys...