ethereum-tools

A small collection of Python scripts for managing Ethereum keys and sending ETH on mainnet or Sepolia testnet.

Scripts

Script	Purpose
generate_testnet_keys.py	Generate a new keypair and get Sepolia testnet funding instructions
create_keystore.py	Encrypt a private key into a v3 keystore file
decrypt_keystore.py	Decrypt a keystore file and recover the private key
send_eth.py	Send ETH to any address (mainnet or Sepolia)

Requirements

• Python 3.10+
• web3 (see requirements.txt)

python -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Usage

1. Generate a testnet keypair

python generate_testnet_keys.py

Generates a new Ethereum address and private key, saves the key to keys/<address>.secret (chmod 600), and prints funding instructions for the Sepolia faucet.

2. Encrypt a private key into a keystore

python create_keystore.py keys/<address>.secret

# or via environment variable

read -s ETH_PRIVATE_KEY
python create_keystore.py

Saves an encrypted keystore JSON to keystores/<address>.json. The keystore is password-protected and safe to back up.

3. Decrypt a keystore

python decrypt_keystore.py keystores/<address>.json

Prompts for the password and prints the private key. Use this to recover a key or export it for use with send_eth.py.

4. Send ETH

# Via environment variable
read -s ETH_PRIVATE_KEY
python send_eth.py --destination 0xRecipient --amount 0.01

# Via keystore file
python send_eth.py --keystore keystores/<address>.json --destination 0xRecipient --amount 0.01

# Sepolia testnet
python send_eth.py --testnet --destination 0xRecipient --amount 0.01

# Dry run (simulate without submitting)
python send_eth.py --dry-run --destination 0xRecipient --amount 0.01

# With an on-chain memo (stored as tx data)
python send_eth.py --destination 0xRecipient --amount 0.01 --memo "payment for invoice #42"

Mainnet transactions require interactive confirmation before submission.

Security

Warning: Private keys provide full control over an Ethereum account. Anyone who obtains your private key can drain your funds.

• keys/ and keystores/ directories are excluded from git via .gitignore.
• Private key files are written with permissions 600 (owner read/write only).
• Private keys are never logged — only addresses and transaction hashes appear in log files.
• Transaction logs (transactions.mainnet.log, transactions.testnet.log) are also excluded from git.
• For long-term storage, prefer the encrypted keystore format over plaintext .secret files.

Networks

The scripts connect to public RPC endpoints by default — no API key required.

Network	RPC endpoints used
Mainnet	publicnode.com, eth.public-node.com, cloudflare-eth.com
Sepolia	publicnode.com, rpc.sepolia.org, blastapi.io