Skip to main content

Keypairs and Wallets


Fact Sheet

  • Sui keys, on disk for Sui binaries, are in file: $HOME/sui_config/sui.keystore
  • Keys are persisted in the file as a JSON array
  • Entries in the array are base64 encoded strings e.g.: AIUPxQveY18QxhDDdTO0D0OD6PNV+et50068d1g/rIyl
  • The byte count of a base64 decoded string is 33
  • The first byte of the decoded key indicates the key type followed by the 32 byte private key seed
  • Key types:
    • 0 -> ed25519 keytype
    • 1 -> secp256k1 keytype
    • 2 -> secp256r1 keytype
  • Public keys are generated from the private keys. The length of the public key in bytes:
    • ed25519 -> 32 bytes
    • secp256k1 -> 33 bytes
    • secp256r1 -> 33 bytes
  • Sui addresses are hex strings 66 characters long with prefix '0x', e.g.: 0xa9e2db385f055cc0215a3cde268b76270535b9443807514f183be86926c219f4
  • Sui addresses are generated by hashing the key type and the public key bytes, converting to a hex string
    and prefixing with '0x'
  • blake2b is used for hashing

Suggested additions:

  • How to verify a Keypair
  • How to import/export (explain sui.keystore hexa need 'sui keytool convert' for wallet import).

How to get a list of keypairs and addresses

sui keytool list

How to generate a new Keypair

Different actions that you make with Sui libraries require a keypair. A keypair can be generated by using cryptographic algorithms such as: Ed25519, ECDSA Secp256k1 & ECDSA Secp256r1.

# Create ED25519 keypair scheme
sui client new-address ed25519

# Create SECP256K1 keypair scheme
sui client new-address secp256k1

# Create SECP256R1 keypair scheme
sui client new-address secp256r1

How to restore a Keypair from a secret

If you already have your secret, you can get your Keypair and you can use it to perform different actions.

  1. From Bytes
Not supported
  1. From Base64 String
Not supported

How to verify a Keypair

If you are given a keypair, you can verify whether or not the secret matches the given public key

  1. Verify with Secp256k1
import { Secp256k1Keypair } from "@mysten/sui.js/keypairs/secp256k1";

const publicKey = "Ah0VIwfGtysO0EGLDnDNgOf1KVuNhvVyLT9SE/vSOU82";

const keypair = Secp256k1Keypair.fromSecretKey(
  new Uint8Array([
    59, 148, 11, 85, 134, 130, 61, 253, 2, 174, 59, 70, 27, 180, 51, 107, 94,
    203, 174, 253, 102, 39, 170, 146, 46, 252, 4, 143, 236, 12, 136, 28,

console.log(keypair.getPublicKey().toBase64() == publicKey);
// true
  1. Verify with Ed25519
import { Ed25519Keypair } from '@mysten/sui.js/keypairs/ed25519';
import { fromB64 } from "@mysten/bcs";

const publicKey = "Gy9JCW4+Xb0Pz6nAwM2S2as7IVRLNNXdSmXZi4eLmSI=";

const keypair = Ed25519Keypair.fromSecretKey(

console.log(keypair.getPublicKey().toBase64() == publicKey);
// true

How to generate a mnemonic phrase

If you're creating a wallet, you will need to generate a mnemonic phrase so that the user can save it as a backup.

# When creating a new address/keypair, as noted above, mnemonics are
# autogenerated if not provided. Either way, create_new_keypair_and_address
# returns both the mnemonics used to generate the keypair seed  and the new address

How to restore a Keypair from a mnemonic phrase

Some virtual wallets use mnemonics to represent their secret keys. You can convert the mnemonic to Keypairs for local testing.

  1. BIP-39
To be done. Add your contribution here.