Addresses and Keys

In cryptography, a key is a string of characters used within an encryption algorithm for altering data so that it appears random. Like a physical key, it locks (encrypts) data so that only someone with the right key can unlock (decrypt) it.

Table of Content


Cardano uses asymmetric encryption for the majority of its encryption. Symmetric encryption, also known as public-key encryption, uses a public key-private key pairing: data encrypted with the private key can only be decrypted with the public key, and vice versa.

To make this concept clear, we can try a visual example.

Imagine a trunk with a lock that two people, Bob and Alice, use to ship documents back and forth. A typical lock has only two states: locked and unlocked. Anyone with a copy of the key can unlock the trunk if it's locked, and vice versa. When Bob locks the trunk and sends it to Alice, he knows that Alice can use her copy of the key to unlock the trunk. This is essentially how what's known as symmetric cryptography works: one secret key is used for both encrypting and decrypting, and both sides of a conversation use the same key.

Now, imagine, instead, that Bob makes a trunk with a special kind of lock. This lock has three states instead of two:

A. Locked, key turned all the way to the left
B. Unlocked, in the middle.
C. Locked, key turned all the way to the right.


Instead of one key, two keys go with this lock:

Key No. 1 can only turn to the left
Key No. 2 can only turn to the right

This means that if the trunk is locked and the key is turned to position A, only key No. 2 can unlock it by turning right, to position B (unlocked). If the trunk is locked in position C, only key No. 1 can unlock it by turning the lock left, to position B.

In other words, either key can lock the trunk – but once it is locked, only the other key can unlock it.

Now let's say Bob makes a few dozen copies of key No. 2, the key that only turns right, and shares them with everyone he knows and anyone who wants a copy, making it his public key. He keeps key No. 1 for himself – it's his private key. What does this accomplish?

Alice can send Bob confidential data via the trunk and be confident that only Bob can unlock it. Once Alice has locked the trunk with the public key, which turns from left to right, only a key that can turn right to left can unlock it. That means only Bob's private key can unlock it.

Alice can be sure that the trunk is actually from Bob, and not an impersonator, if it's locked with his private key. There's only one key that can lock the trunk so that the lock is in position A, or turned all the way to the left: Bob's private key. True, anyone can unlock it with the public key by turning the key to the right, but it's guaranteed that the trunk is from Bob.

Substitute plaintext data for the trunk and cryptographic keys for the physical keys from this analogy, and this is how public key cryptography works. Only the owner of the private key can encrypt data so that the public key decrypts it; meanwhile, anyone can encrypt data with the public key, but only the owner of the private key can decrypt it.

Therefore, anyone can send data securely to the private key owner. Also, anyone can verify that data they receive from the owner of the private key is actually from that source, and not from an impersonator

In Cardano, there are two main key types:

  • Address keys
  • Node keys

Address Keys

Every user of Cardano can have two sets of keys and addresses:

  • Payment Keys and addresses: To send and receive transactions
  • Stake Keys and addresses: To control protocol participation, create a stake pool, delegate and receive rewards

Each set of keys has a private and a public key. They are sometimes referred to as .skey and .vkey

Payment Keys

To generate the Payment keys so that we can then receive and make payments we run:

cardano-cli address key-gen \
--verification-key-file payment.vkey \
--signing-key-file payment.skey

This creates two files payment.vkey (the public verification key) and payment.skey (the private signing key).

Generate the hash of a payment verification key. This is a hash of a public key

cardano-cli address key-hash \
--payment-verification-key-file payment.vkey \
--out-file payment.pkh

Stake Keys

Then we need to generate a pair of stake keys. These keys are needed when delegating ADA to a stake pool

cardano-cli stake-address key-gen \
--verification-key-file stake.vkey \
--signing-key-file stake.skey

Both verification keys (payment.vkey and stake.vkey) are used to build the address and the resulting payment address is associated with these keys.

Payment Address

cardano-cli address build \
--payment-verification-key-file payment.vkey \
--stake-verification-key-file stake.vkey \
--out-file payment.addr \
--testnet-magic 2

With the address created you can now receive payments into. The address should look something like this: addr_test1qpkpxq5vn8uvwdkfels8vujft6x80w62lq6suwxck29m23azauccre8p54n33jswltx0wh56kukger4fjjvghtmy8ajquzhlr5

To query the balance of your account:

cardano-cli query utxo \
--address $(cat payment.addr) \
--testnet-magic 2

Stake Address

To generate the stake address to participate in staking

cardano-cli stake-address build \
--stake-verification-key-file stake.vkey \
--out-file stake.addr \
--testnet-magic 2

Test ADA

To get some test ada into your wallet go to the Cardano Faucet and request tADA into the address that you created in the previous step

In a few seconds, you should receive 1 000 tADA at you address. Query the UTXO to check that you have received it

cardano-cli query utxo \
--address $(cat payment.addr) \
--testnet-magic 2


Cardano keys - Cardano Docs

What is a Cryptographic Key

How does public key encryption encryption work

Explaining public-key cryptography to non-geeks

Cardano Test ADA Faucet


This work is distributed under a Creative Commons Attribution 4.0 International (CC BY 4.0) The license allows you to copy and redistribute the material in any medium or format, as well as remix, transform, and build upon the material for any purpose, including commercial, as long as you give appropriate credit to the creator.