Introducing Keystation — end-to-end encrypted key manager for dApps built with the Cosmos SDK

David Park
Published in
6 min readSep 6, 2019


Open source, no installation. Keystation makes it simple.

It has been approximately 6 months since the Cosmos Hub mainnet launch. The Cosmos network has been running smoothly without any major chain-breaking incidents, and the ecosystem is growing day by day with more projects and builders entering the community with valuable contributions.

As one of the top-tier validators for Cosmos (ATOM), Cosmostation has also been doing its part to provide stable node operation and powerful tools for the Cosmos community as an effort to bring Tendermint and the Cosmos SDK closer to the public by lowering its entry barrier.

Below are some of the ecosystem tools and open source contributions developed and maintained by the Cosmostation team.

Cosmostation Wallet for Cosmos (ATOM)
Cosmostation iOS — Mobile wallet for iOS
Cosmostation Android— Mobile wallet for Android
Cosmostation Web— Web wallet with Ledger integration

Cosmos (ATOM) Block Explorer
Mintscan Explorer — Official Cosmos explorer trusted by most exchanges

Open Source
CosmosJS — JavaScript library for Cosmos transactions
Cosmostation iOS, Android — Swift, Java libraries for mobile wallets

Over the past few months, we’ve accomplished a lot of the milestones we have set in our roadmap. Today, we are proud to announce a new addition to our list of contributions to the Cosmos ecosystem.

Introducing Keystation

An end-to-end encrypted key manager for decentralized applications and networks built with the Cosmos SDK.

Cosmos web wallets like Cosmostation Web Wallet and Lunie allow users to connect their Ledger hardware wallet for secure transactions, but ATOM holders without Ledger often experience inconvenience because there are no other means of access.

Comparatively, Ethereum has several convenient private key authentication methods like Metamask, which Cosmos does not yet have.

Cosmostation developed Keystation to give users a more convenient method to not only log into web wallets but also access decentralized exchanges and applications. We strongly feel that Keystation could also provide better usability and accessibility for users in preparation for the expansion of the Cosmos universe post-IBC.

Keystation User Experience

Keystation securely manages your mnemonic phrase. Conveniently access any decentralized applications or networks and sign transactions with no installation required.

Below are the steps for using Keystation from a user’s perspective.

  1. Set account name and enter mnemonic phrase.
  2. Set your PIN (4 numbers + 1 alphabet).
  3. Your mnemonic phrase is encrypted using the PIN.
  4. Copy and paste your encrypted mnemonic phrase into the empty box.
  5. Press [Save] when Chrome/Safari asks permission to save your account name and encrypted mnemonic phrase.

Through the process above, the user’s mnemonic phrase is encrypted and stored in Keychain using Chrome/Safari browser’s key management system.

Allowing your stored mnemonic phrase to be immediately accessed and used for transactions could be considered dangerous. For this reason, we added an extra layer of security by requiring users to set a PIN.

This PIN is used to encrypt the user’s mnemonic phrase using JavaScript AES encryption before the user’s mnemonic phrase is stored in the browser’s Keychain.

AES Encryption (Advanced Encryption Standard)

Simple and powerful encryption and decryption method for JavaScript.

As you can see in the example below, a message entered by the user is encrypted with the combination of the message and a password.

For Keystation, the message would be the user mnemonic phrase, and the password would be the PIN set by the user.

code.encryptMessage('Mnemonic Phrase','User PIN');
code.decryptMessage('Encrypted Mnemonic Phrase','User PIN')

With this extra layer of security, Keystation prevents the browser Keychain from saving the actual mnemonic phrase and instead stores the encrypted mnemonic phrase.

The PIN set by the user is not only used for encryption but also as a password for user authentication.

*It is important to remember also not to share this encrypted mnemonic phrase to prevent any type of brute force attack. Make sure you are the only person with access to the device you are using (laptop, mobile phone, etc.). If you are using a device shared by multiple people, always remember to log out of your Chrome/Safari account.

Keystation Under The Hood

Secure, open source. All processes are operated in the client side. Here’s an explanation of how Keystation works under the hood.

In the client side, bundle.js is included to allow using CosmosJS on browserify in the browser. With the user mnemonic phrase, CosmosJS signs and broadcasts transactions.

Keystation stores user mnemonic phrase in the user’s computer browser. More specifically, this mnemonic phrase is stored in Chrome/Safari’s Keychain. For a simpler explanation, Keychain is Google and Apple’s password storage space (just like saving your ID and PW to your favorite website on Google Chrome for easier access).

When a user requests to send ATOM, Keystation generates a send transaction and requests the user to sign the transaction. The user is then required to enter the PIN to complete signing the transaction, and Keystation broadcasts the transaction to the network. The client then displays the results of the transaction.

Must-Know & Precautions

What you need to know before implementing Keystation to your decentralized application.

  • No user input (mnemonic phrase, PIN) is controlled by Keystation. User input in stored in Chrome/Safari’s key management system, only accessible by the owner of the account logged into the browser.
  • When using Keystation, make sure that you are the only person with access to the device you are using. If you use a device shared by multiple people, always remember to log out of your account on the browser.
  • Keystation is open source. Feel free to implement Keystation as a key management, log-in, authentication system for your decentralized application built with the Cosmos SDK.
  • Any network supported by CosmosJS developed/maintained by Cosmostation can be supported on Keychain.


Keystation on Cosmostation Web Wallet

The first implementation of Keychain on an application will most likely be Cosmostation Web Wallet (Unless you are interested in integrating Keychain for your decentralized application before us!).

Please stay tuned to our next update on Cosmostation Web Wallet. Soon users without Ledger will be able to securely & conveniently access their Cosmos (ATOM) accounts to sign transactions.


What Keystation does is allow you to store your mnemonic phrase in a secure location for a more convenient way to sign and broadcast your transactions.

We believe that developers who create decentralized applications need services with convenient UX like Keystation to attract the general public. We welcome you to use Keystation as a log-in/authentication method for your decentralized applcation, decentralized exchange, wallet, etc.

About Cosmostation

Welcome, Cosmonaut. FUEL UP on Atom at Cosmostation!

Cosmostation is a Cosmos Validator based in Seoul, South Korea. We are a team of 10 developers, engineers, and dreamers united with one objective — to provide a universe full of useful tools and solutions for Tendermint-based projects.

Unlike most blockchains, which require you to use an opinionated scripting language or environment, Tendermint makes no assumptions about the application, giving developers the utmost freedom to express their business logic using the tools right for them.

We make no assumptions about the power and potential of Tendermint-based networks can bring to the blockchain ecosystem, and we are ready to stay on the grind to do everything we can to contribute to the community.

Cosmostation’s operation philosophy is geared by and for the community. You’ve put your trust on us, and so should we. Along with high security, development of projects within the Cosmos ecosystem, and our promise to delegators, Cosmostation will constantly update and research better ways to fairly reward and protect our delegators to expand the Cosmos universe.

FUEL UP your wallet at Cosmostation to explore the Cosmos network.

Please visit the links below to begin this journey with Cosmostation!

Official Website:
Cosmos Web Wallet:
Cosmos Android Wallet: Android — Google Play Store
Cosmos iOS Wallet: iOS — iTunes App Store
Wallet User Guide:
Block Explorer: