Skip to content

Commit f519a91

Browse files
BarbatosBarbatos
authored andcommitted
docs(plugins): document keystore list address trust model
Clarify that 'keystore list' displays the declared address from each keystore's JSON without decrypting it. A tampered keystore may claim an address that does not correspond to its encrypted key; verification only happens at decryption time (e.g. 'keystore update').
1 parent 51350e8 commit f519a91

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

plugins/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -193,6 +193,8 @@ List all keystore files in a directory.
193193
java -jar Toolkit.jar keystore list --keystore-dir /data/keystores # custom directory
194194
```
195195

196+
> **Note**: `list` displays the `address` field as declared in each keystore JSON without decrypting the file. A tampered keystore can claim an address that does not correspond to its encrypted private key. The address is only cryptographically verified at decryption time (e.g. by `update` or by tools that load the credentials). Only trust keystores from sources you control.
197+
196198
#### keystore update
197199

198200
Change the password of a keystore file.

0 commit comments

Comments
 (0)