A keystore file is en encrypted version of your unique private key that you will use to sign your transactions. If you lose this file your lose your assets.
Thses fields mean:
cipher: The name of a symmetric AES algorithm
cipherparams: The parameters required for the “cipher” algorithm above
ciphertext: The private key encrypted using the “cipher” algorithm above
kdf: A key derivation function used to let you encrypt your keystore file with a password
kdfparams: The parameters required for the “kdf” algorithm above
mac: A code used to verify your password
- Encrypting your private key
These symmetric algorithms use a key to encrypt some data. The resulting data is encrypted and can be decrypted with the same method and the same key.
The relation between cipher, cipherparams, ciphertext:
cipher is the symmetric algorithm used to encrypt the private key.
cipherparams are the parameters required for teh symmetric algorithm.
ciphertext is the encrypted input of the symmetric input.
You get the decryption-key as the output of the kdf.
By this, you need to retrieve your decryption-key(namely the key used in encryption) to decrypt your private key.
- Protect with your passphrase
To make sure unlocking your account is easy, you don’t need to remember your very long and non-user-friendly decrption-key that is used to decrypt ciphertext. Instead, the developers have opted for a passphrase-based protection.
The keystore use a kdf(key derivation function) that computes the decryption-key given a passphrase and a list of parameters.
kdf is the key derivation function used to compute the decryption-key from your passphrase.
kdfparams are the parameters required for the function
By the passphrase with kdfparams, the kdf returns your decrption-key.
- Make sure your passphrase is right
We need to guarantee that the passphrase typed to unlock the account is right, that it is the same one as the one entered when the keystore is generated.
This is where the field mac in the keystore works. Just after the kdf is executed, its result(decryption-key) and ciphertext are processed and compared to mac. If the result is the same as mac, then the passphrase was right and the decrption-key is correct.