Published on

How to Generate a Public Key, a Private Key and an Address with Besu


Hyperledger Besu is an Ethereum client that can be used to connect to the Ethereum public main chain and to run and manage private Ethereum chains. One thing I have found really cool about Besu so far is how easy it is to generate a public key, private key and address.

The Besu cli tool has 2 operations related to key and address generation. In both cases the private key is output to a file called key:

  • export this will generate a pub/private key pair and output the public key both to the console and to a filename specified by --to.
  • export-address --to=someFileName.address: this will generate a pub/private key pair and output the public key to the console. The filename specified under --to is where the address associated with this pair is output.

For example to generate a public and private key (outputting the public key to the console) and outputting the address to a file:

besu --data-path=. public-key export-address --to=key.address

This outputs something like the following:

2019-11-21 15:10:10.393+02:00 | main | INFO  | KeyPairUtil | Generated new key 0xe3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333 and stored it to /Users/path/to/current/dir/key
  • --data-path: this is a path to a directory where the private key will get output to in a file called key
    • The generated private key should be 64 characters long excluding the 0x in front. With the 0x prefix, it is 66 characters long.
  • --to: This has to be a filename that does not exist. You can refer this to a path then a file name for example --to=path/to/node1/key.address. The file can be called anything but I suffixed it with .address to make it clear it is the address associated with the private key.
    • The address will be 40 characters long without the 0x prefix and 42 characters long with the 0x prefix.
  • 0xe3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333: this is the node's public key.
    • The generated public key should be 128 characters long excluding the 0x in front. With the 0x prefix, it is 130 characters long.
> ls
key  key.address

The above command output the public key to standard output and the address to a file as we used the export-address operator. If export --to was used intsead then --to would point to a file name that is used to hold the public key and no address would have been output. For example lets run the above with export instead:

> besu --data-path=. public-key export
2019-11-21 15:25:39.083+02:00 | main | INFO  | KeyPairUtil | Generated new key 0x44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 and stored it to /Users/path/to/current/dir/key

If I cat out I get the same output as stdout:

> cat
> ls

The most important file in the above is the private key. Everything else can be derived from that.

For quick reference I have created the below table to include the length of the different artefacts mentioned above:

ArtifactLength without 0x prefixLength with 0x prefix
Public Key128130
Private Key6466