General KeyStash Questions


How do I know my client software is authentic?

When new clients are released by the development team, they also publish an SHA256 hash of the file. This basically serves as a “digital signature” for the download. If even one byte of the software is altered or tampered with, the hash value will completely change. Because Nxt is open-source, it is easy for malicious attackers to create “fake” downloads of the software that include backdoors and other exploits. When you download the software, and particularly if you're not getting it from the original developer release, you should generate an SHA256 has and verify that it matches the one that is posted by the development team. The current version of the client and it's current SHA256 has can be found in the corresponding thread⇒Projects⇒KeyStash⇒KeyStash Core Releases subforum.

If you've never calculated an SHA256 hash before, here's how:

  • On Windows, an online calculator is easiest or HashTab
  • On Mac OS X, a SHA-256 can be calculated using the openssl command in an open Terminal (the terminal is located in /Applications/Utilities). The openssl command would look something like this: openssl sha256 [FILE_NAME]
  • On GNU/Linux, the program sha256sum is standard on most versions of the OS. Using the sha256sum command in a terminal would look something like this: sha256sum [FILE_NAME]

What format and encryption has the wallet file?

The KeyStash wallet file is based on H2 database system and (optional) can be encrypted using the AES-128 encryption algorithm. To make regulary backups of your wallet file is highly recommanded, especially if you made changes like creating a new account.

  • The wallet file is stored in your operating system “home/user/keystash/wallet” folder.

Using SSL?

  • A tutorial how to setup SSL you find here

How is the passphrase generated and encrypted?


The private passphrase gives you ownership of the Nxt account(allows you to spend Nxt). Misremember (encryption password) or revealing the phrase can cause losing of all Nxt inside the account. KeyStash generates the passphrase in blocks. Each block/character takes a new secure random seed(SHA1PRNG), entropy will be obtained from the underlying operating system. Blocks can be optional seperated by a whitespace.

  • The final entropy in bits is messured with shannon entropy , the standard value should reach around or above (6.0).
  • The phrase character length should exceed a minimum of 35 chars (standard is around 200-300 characters) to be safe against brute force attacks.

Every block has random attributes that can optional be customised ((B) boolean, (N) numerary):

  • PhraseBlocks (N)
  • EnableANSI (B)
  • EnableWhitespace (B)
  • LengthMinimumMin (N)
  • LengthMinimumMax (N)
  • LengthMaximumMin (N)
  • LengthMaximumMax (N)
  • LowerCaseMin (N)
  • LowerCaseMax (N)
  • LengthMinimumMax (N)
  • LengthMinimumMax (N)
  • UpperCaseMin (N)
  • UpperCaseMax (N)
  • NumeraryMin (N)
  • NumeraryMax (N)
  • UpperCaseMax (N)
  • UpperCaseMax (N)
  • SpecialANSICharMin (N)
  • SpecialANSICharMax (N)


  • A UpperCaseMin = 0 and UpperCaseMax = 20, would mean that there could be occuring between 0 and 20 upper case characters in each block.
  • A UpperCaseMin = 5 and UpperCaseMax = 5, would mean that there could be occuring 5 upper case characters in a block.
  • A UpperCaseMin = 0 and UpperCaseMax = 0, would mean that there are no upper case characters occuring in a block.



Every passphrase is AES encrypted with a password(8 characters minimum). KeyStash is supporting following key generator algorithms:

  • PBKDF2–WithHmac–SHA1(java7)
  • PBKDF2–WithHmac–SHA224(java8)
  • PBKDF2–WithHmac–SHA256(java8)
  • PBKDF2–WithHmac–SHA384(java8)
  • PBKDF2–WithHmac–SHA512(java8)

Collisions generally are not a problem for key derivation functions (in their proper use). SHA1 hashing has a better performance than SHA512 but in order for that it is slightly less secure.


  • AES

The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. read more here

  • PBKDF2

Stands for Password-based-Key-Derivative-Function, a successor of PBKDF1 and is used to implement a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. read more here

  • HMAC

Stands for Keyed-Hash Message Authentication Code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. Any cryptographic hash function,may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. read more here

  • SHA

SHA stands for Secure Hash Algorithm. read more here

  • Salt

In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase. The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks. KeyStash uses a new secure randomly generated salt for each encryption. In a typical setting, the salt and the password are concatenated and processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt in a database. Hashing allows for later authentication while defending against compromise of the plaintext password in the event that the database is somehow compromised. read more here

  • IV

In cryptography, an initialization vector (IV) is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by so-called modes of operation. Randomization is also required for other primitives, such as universal hash functions and message authentication codes based thereon. read more here

  • Iteration

You should use the maximum number of rounds which is tolerable, performance-wise, in your usecase. The number of rounds is a slowdown factor against bruteforcing. KeyStash plugins(browser/javascript) might be stop working with a iteration count above 5000, for more security and less performance choose for example 200 000.

  • KeySize

In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm (such as a cipher). An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits. KeyStash supports 128bit and 256bit AES encryption. To enable 256 bit you have to install java unlimited strength jurisdiction policy files java7 or java8.