Readonly
coin_Readonly
pathThe hexadecimal string representation of the chain code for this node.
+The 0-indexed BIP-44 path depth of this node.
+A BIP-44 path is of the form:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
The index of the node, or 0 if this is a master node.
+The fingerprint of the master node, i.e., the node at depth 0. May be +undefined if this node was created from an extended key.
+The fingerprint of the parent key, or 0 if this is a master node.
+The hexadecimal string representation of the private key for this node.
+May be undefined
if the node is a public node.
The hexadecimal string representation of the public key for this node.
+Derives a BIP-44 address_index
key corresponding to the path of this
+node and the specified account
, change
, and address_index
values.
+address_index
keys are normally the keys used to generate user account
+addresses.
Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
The BIP-44 index values to use in key derivation.
+The derived BIP-44 address_index
node.
A JSON-compatible representation of this node's data fields.
+Static
fromConstructs a BIP-44 coin_type
node. coin_type
is the index
+specifying the protocol for which deeper keys are intended. For the
+authoritative list of coin types, please see
+SLIP-44.
Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
The derivation path for the key of this node.
+Optional
network: NetworkThe network for the node. This is only used for extended
+keys, and defaults to mainnet
.
Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+A BIP44CoinType node.
+Static
fromJSONConstructs a BIP-44 coin_type
node. coin_type
is the index
+specifying the protocol for which deeper keys are intended. For the
+authoritative list of coin types, please see
+SLIP-44.
Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
The JsonBIP44Node for the key of this node.
+The coin_type index of this node. Must be a non-negative +integer.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+A BIP44CoinType node.
+Static
fromConstructs a BIP-44 coin_type
node. coin_type
is the index
+specifying the protocol for which deeper keys are intended. For the
+authoritative list of coin types, please see
+SLIP-44.
Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
A BIP44CoinType node.
+A wrapper for BIP-44 Hierarchical Deterministic (HD) tree nodes, i.e. +cryptographic keys used to generate keypairs and addresses for cryptocurrency +protocols.
+This class contains methods and fields that may not serialize well. Use +BIP44Node.toJSON to get a JSON-compatible representation.
+The hexadecimal string representation of the chain code for this node.
+The 0-indexed BIP-44 path depth of this node.
+A BIP-44 path is of the form:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
The index of the node, or 0 if this is a master node.
+The fingerprint of the master node, i.e., the node at depth 0. May be +undefined if this node was created from an extended key.
+The fingerprint of the parent key, or 0 if this is a master node.
+The hexadecimal string representation of the private key for this node.
+May be undefined
if the node is a public node.
The hexadecimal string representation of the public key for this node.
+Derives a child of the key contains be this node and returns a new +BIP44Node containing the child key.
+The specified path must be a valid HD path from this node, per BIP-44. +At present, this means that the path must consist of no more than 5 BIP-32 +nodes, depending on the depth of this node.
+Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
The partial (non-rooted) BIP-44 HD tree path will be used +to derive a child key from the parent key contained within this node.
+The BIP44Node corresponding to the derived child key.
+A JSON-compatible representation of this node's data fields.
+Static
fromCreate a new BIP-44 node from a derivation path. The derivation path
+must be rooted, i.e. it must begin with a BIP-39 node, given as a string of
+the form bip39:MNEMONIC
, where MNEMONIC
is a space-separated list of
+BIP-39 seed phrase words.
All parameters are stringently validated, and an error is thrown if +validation fails.
+Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
An object containing the derivation path.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+A BIP44 node.
+Static
fromCreate a new BIP-44 node from a key and chain code. You must specify +either a private key or a public key. When specifying a private key, +the public key will be derived from the private key.
+All parameters are stringently validated, and an error is thrown if +validation fails.
+An object containing the extended key, or an extended +public (xpub) or private (xprv) key.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+A BIP44 node.
+Static
fromJSONWrapper of the fromExtendedKey function. Refer to that function +for documentation.
+The JSON representation of a SLIP-10 node.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+A BIP44 node.
+Readonly
chainReadonly
curveThe name of the curve used by the node.
+Readonly
depthThe 0-indexed path depth of this node.
+Readonly
indexThe index of the node, or 0 if this is a master node.
+Optional
Readonly
masterThe fingerprint of the master node, i.e., the node at depth 0. May be +undefined if this node was created from an extended key.
+Readonly
networkThe network for the node. This is only used for extended keys, and defaults
+to mainnet
.
Readonly
parentThe fingerprint of the parent key, or 0 if this is a master node.
+Optional
Readonly
privateThe private key for this node, as a Uint8Array. +May be undefined if this node is a public key only node.
+Readonly
publicThe public key for this node, as a Uint8Array.
+The chain code of this node.
+Get the extended public or private key for the SLIP-10 node. SLIP-10 +doesn't specify a format for extended keys, so we use the BIP-32 format.
+This property is only supported for secp256k1
nodes, as other curves
+don't specify a standard format for extended keys.
The extended public or private key for the node.
+The (optional) private key of this node.
+The public key of this node.
+Derives a child of the key contains be this node and returns a new +SLIP10Node containing the child key.
+The specified path must be a valid HD path from this node, per SLIP-10.
+The partial (non-rooted) SLIP-10 HD tree path will be used +to derive a child key from the parent key contained within this node.
+The SLIP10Node corresponding to the derived child key.
+Get a neutered version of this node, i.e. a node without a private key.
+A neutered version of this node.
+A JSON-compatible representation of this node's data fields.
+Static
fromCreate a new SLIP-10 node from a derivation path. The derivation path
+must be rooted, i.e. it must begin with a BIP-39 node, given as a string of
+the form bip39:MNEMONIC
, where MNEMONIC
is a space-separated list of
+BIP-39 seed phrase words.
All parameters are stringently validated, and an error is thrown if +validation fails.
+Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
The options for the new node.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+A new SLIP-10 node.
+Static
fromCreate a new SLIP-10 node from a BIP-32 serialised extended key string.
+The key may be either public or private. Note that secp256k1
is assumed
+as the curve for the key.
All parameters are stringently validated, and an error is thrown if +validation fails.
+The BIP-32 extended key string.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+A SLIP10 node.
+Create a new SLIP-10 node from a key and chain code. You must specify +either a private key or a public key. When specifying a private key, +the public key will be derived from the private key.
+All parameters are stringently validated, and an error is thrown if +validation fails.
+The options for the new node.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+A SLIP10 node.
+Static
fromJSONWrapper of the fromExtendedKey function. Refer to that function +for documentation.
+The JSON representation of a SLIP-10 node.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+A SLIP10 node.
+Create a SLIP10Node from a BIP-39 seed.
+The cryptographic seed bytes.
+The curve to use.
+Optional
network: NetworkThe network for the node. This is only used for extended
+keys, and defaults to mainnet
.
Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+An object containing the corresponding BIP-39 master key and chain +code.
+Derives a BIP-44 address key corresponding to the specified derivation path, +given either by a BIP44CoinTypeNode or derivation path tuple.
+Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
The coin_type
parent key to derive from.
The BIP-44 index values to use in key derivation.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+The derived address_index
key for the specified derivation path.
Calculates the public key corresponding to a given private key.
+Multiplies the given key with the base point on the Edwards curve. +equivalent to https://github.com/jedisct1/libsodium/blob/93a6e79750a31bc0b946bf483b2ba1c77f9e94ce/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c#L105 . +which is used by cardano-js-sdk/crypto https://github.com/input-output-hk/cardano-js-sdk/blob/8a6db2a251cd1c956f52730a0d35de2b7fc67404/packages/crypto/src/Bip32/Bip32PrivateKey.ts#L161 .
+Creates a function that derives BIP-44 address keys corresponding to the +specified derivation path, given either by a BIP44CoinTypeNode or +derivation path tuple.
+Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
The BIP44CoinTypeNode to derive address keys from.
+This node contains a BIP-44 key of depth 2, coin_type
.
Optional
accountAndChangeIndices: Omit<CoinTypeToAddressIndices, "address_index">The account
and change
indices that
+will be used to derive addresses.
Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+The deriver function for the derivation path specified by the
+coin_type
node, account
, and change
indices.
Gets a BIP-44 path tuple of the form account' / change / address_index
,
+which can be used to derive address keys together with a coin_type
key.
The BIP-44 derivation index values.
+The account' / change / address_index
path corresponding to the
+specified indices.
Get a secret recovery phrase (or mnemonic phrase) in string form as a
+Uint8Array
. The secret recovery phrase is split into words, and each word
+is converted to a number using the BIP-39 word list. The numbers are then
+converted to bytes, and the bytes are concatenated into a single
+Uint8Array
.
The secret recovery phrase to convert.
+The Uint8Array
corresponding to the secret recovery phrase.
Convert a BIP-39 mnemonic phrase to a seed.
+The BIP-39 mnemonic phrase to convert. If the mnemonic is a
+Uint8Array
, it is assumed to contain the indices of the words in the
+English wordlist.
The passphrase to use.
+Optional
cryptographicFunctions: CryptographicFunctionsThe cryptographic functions to use. If +provided, these will be used instead of the built-in implementations.
+The seed.
+An interface over SLIP-10, BIP-32, and BIP-44 key derivation paths.
+This library was audited by Cure53 in February 2023, and April 2024. The audit reports can be found here.
+yarn add @metamask/key-tree
or
+npm install @metamask/key-tree
This package is designed to accommodate the creation of keys for any level of a SLIP-10 or BIP-44 path. +Recall that a BIP-44 HD tree path consists of the following nodes (and depths):
++++
m / 44' / coin_type' / account' / change / address_index
+
0 / 1 / 2 / 3 / 4 / 5
Where m
is the "master" or seed node, coin_type
indicates the protocol for which deeper keys are intended,
+and address_index
usually furnishes key pairs intended for user addresses / accounts.
+For details, refer to the BIP-44 specification.
+For the authoritative list of protocol coin_type
indices, see SLIP-44.
The SLIP-10 interface provides a more generic way for deriving keys, which is not constrained to the BIP-44 path +nodes. Currently only Secp256k1 and Ed25519 are supported for SLIP-10, but NIST P-256 may be added if there is +sufficient demand for it.
+This package exports a few classes intended to facilitate the creation of keys in contexts with different privileges. +They are used as follows.
+import { BIP44CoinTypeNode } from '@metamask/key-tree';
// Per SLIP-44, Ethereum has a coin_type of 60.
// Ethereum is only used by way of example.
const coinType = 60;
// Imagine that this takes place in some privileged context with access to
// the user's secret recovery phrase.
const secretRecoveryPhrase = getSecretRecoveryPhrase();
const coinTypeNode = await BIP44CoinTypeNode.fromDerivationPath([
`bip39:${secretRecoveryPhrase}`,
`bip32:44'`, // By BIP-44, the "purpose" node must be "44'"
`bip32:${coinType}'`,
]);
// Imagine that this is some Node.js stream, but it could be anything that
// can transmit JSON messages, such as window.postMessage.
// Alternatively you can use `coinTypeNode.extendedKey` as well.
stream.write(coinTypeNode.toJSON());
//===============================
// Then, on the receiving end...
//===============================
import { getBIP44AddressKeyDeriver } from '@metamask/key-tree';
// Get the node sent from the privileged context.
// It will have the following shape:
// {
// privateKey, // A hexadecimal string of the private key
// publicKey, // A hexadecimal string of the public key
// chainCode, // A hexadecimal string of the chain code
// depth, // The number 2, which is the depth of coin_type nodes
// parentFingerprint, // The fingerprint of the parent node as number
// index, // The index of the node as number
// coin_type, // In this case, the number 60
// path, // For visualization only. In this case: m / 44' / 60'
// }
const coinTypeNode = await getCoinTypeNode();
// Get an address key deriver for the coin_type node.
// In this case, its path will be: m / 44' / 60' / 0' / 0 / address_index
// Alternatively you can use an extended key (`xprv`) as well.
const addressKeyDeriver = getBIP44AddressKeyDeriver(coinTypeNode);
// These are Uint8Array representations of the extended private keys for
// the respective addresses.
// m / 44' / 60' / 0' / 0 / 0
const addressKey0 = await addressKeyDeriver(0);
// m / 44' / 60' / 0' / 0 / 1
const addressKey1 = await addressKeyDeriver(1);
// m / 44' / 60' / 0' / 0 / 2'
const addressKey2 = await addressKeyDeriver(2, true);
// Now, the extended private keys can be used to derive the corresponding public
// keys and protocol addresses.
+
+
+You can derive SLIP-10 keys as follows.
+import { SLIP10Node } from '@metamask/key-tree';
// Create a SLIP10Node from a derivation path. You can also specify a key and depth instead.
const node = await SLIP10Node.fromDerivationPath({
curve: 'secp256k1',
derivationPath: [`bip39:${secretRecoveryPhrase}`, `slip10:0'`],
});
// SLIP-10 supports Ed25519 as well.
const ed25519Node = await SLIP10Node.fromDerivationPath({
curve: 'ed25519',
derivationPath: [`bip39:${secretRecoveryPhrase}`, `slip10:0'`],
});
// Derive the child node at m / 0' / 1' / 2'. This results in a new SLIP10Node.
// Note that you cannot derive unhardened child nodes when using Ed25519.
const childNode = await node.derive([`slip10:1'`, `slip10:2'`]);
+
+
+The SLIP10Node
class supports both bip32:
and slip10:
paths. While BIP-32 and SLIP-10 are mostly compatible with
+each other, there are some differences:
slip10:
paths when deriving Ed25519 keys.If you require full compatibility with one or the other, you can choose between the bip32:
and slip10:
path types.
There are other ways of deriving keys in addition to the above example. +See the docstrings in the BIP44Node, BIP44CoinTypeNode and +SLIP10Node files for details.
+This package also has methods for deriving arbitrary SLIP-10 and BIP-32 keys, and generating seeds from BIP-39
+secret recovery phrases.
+These methods do not constitute a safe key derivation API, and their use is strongly discouraged.
+Nevertheless, since those methods were the main exports of this package prior to version 3.0.0
, consumers can
+still access them by importing @metamask/key-tree/derivation
.
This package is rigorously tested against reference implementations and the SLIP-10 and BIP-32 specifications. +See the reference implementation tests for details.
+The coin_type
index of addresses derived by this deriver function.
A human-readable representation of the derivation path of this deriver
+function, excluding the address_index
, which is parameterized.
Recall that a BIP-44 HD tree path consists of the following nodes:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
A JSON-compatible representation of this node's data fields.
+Optional
hmacCompute the HMAC-SHA-512 of the given data using the given key.
+The key to use.
+The data to hash.
+The HMAC-SHA-512 of the data.
+Optional
pbkdf2Compute the PBKDF2 of the given password, salt, iterations, and key length. +The hash function used is SHA-512.
+The password to hash.
+The salt to use.
+The number of iterations.
+The desired key length in bytes.
+The PBKDF2 of the password.
+Every ordered subset of a full HD path tuple.
+A wrapper for BIP-44 Hierarchical Deterministic (HD) tree nodes, i.e. +cryptographic keys used to generate keypairs and addresses for cryptocurrency +protocols.
+Readonly
chainThe hexadecimal string representation of the chain code for this node.
+Readonly
depth: BIP44DepthThe 0-indexed BIP-44 path depth of this node.
+A BIP-44 path is of the form:
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+0 / 1 / 2 / 3 / 4 / 5
Readonly
index: numberThe index of the node, or 0 if this is a master node.
+Optional
Readonly
masterThe fingerprint of the master node, i.e., the node at depth 0. May be +undefined if this node was created from an extended key.
+Optional
Readonly
network?: NetworkThe network for the node. This is only used for extended keys, and defaults
+to mainnet
.
Readonly
parentThe fingerprint of the parent key, or 0 if this is a master node.
+Optional
Readonly
privateThe hexadecimal string representation of the private key for this node.
+May be undefined
if the node is a public node.
Readonly
publicThe hexadecimal string representation of the public key for this node.
+A wrapper for SLIP-10 Hierarchical Deterministic (HD) tree nodes, i.e. +cryptographic keys used to generate key pairs and addresses for cryptocurrency +protocols.
+Readonly
chainThe chain code of this node.
+Readonly
curve: SupportedCurveThe name of the curve used by the node.
+Readonly
depth: numberThe 0-indexed path depth of this node.
+Readonly
index: numberThe index of the node, or 0 if this is a master node.
+Optional
Readonly
masterThe fingerprint of the master node, i.e., the node at depth 0. May be +undefined if this node was created from an extended key.
+Optional
Readonly
network?: NetworkThe network for the node. This is only used for extended keys, and defaults
+to mainnet
.
Readonly
parentThe fingerprint of the parent key, or 0 if this is a master node.
+Optional
Readonly
privateThe (optional) private key of this node.
+Readonly
publicThe public key of this node.
+The network for which the HD path is intended.
+Optional
privateThe private key for this node, as a Uint8Array. +May be undefined if this node is a public key only node.
+The public key for this node, as a Uint8Array.
+A JSON-compatible representation of this node's data fields.
+Const
Const
Const
e.g.
+Const
bip39:<SPACE_DELMITED_SEED_PHRASE>
+The seed phrase must consist of 12 <= 24 words.
+Const
Const
Const
e.g.
+Const
Const
Const
Const
Const
e.g.
+Const
e.g.
+Const
Const
Const
Const
Const
Const
Const
Const
Const
Const
Const
Const
Const
Const
Named after whitepaper: BIP32-Ed25519 Hierarchical Deterministic Keys over a Non-linear Keyspace +https://input-output-hk.github.io/adrestia/static/Ed25519_BIP.pdf +"vanilla" "ed25519" curve follows SLIP10: https://tezos.stackexchange.com/questions/2837/can-i-use-bip32-hd-key-pairs-to-derive-ed25519-addresses +note that that the important difference of the "bip32" version is that it allows unhardened key derivation
+Const
Const
Const
Const
Const
Const
Const
Const
Const
Const
Const
A wrapper object for BIP-44
+coin_type
keys.coin_type
is the index +specifying the protocol for which deeper keys are intended. For the +authoritative list of coin types, please see +SLIP-44.Recall that a BIP-44 HD tree path consists of the following nodes:
+
+m / 44' / coin_type' / account' / change / address_index
With the following depths:
+
+0 / 1 / 2 / 3 / 4 / 5