Skip to content

Creating a Key

To create a new key with OpenSigner, users call the create() method on the iFrame. The iFrame generates a new private key and splits it into three shares using threshold cryptography. Two shares are distributed to hot storage and cold storage respectively, while the third share is stored locally in the localStorage.

The signup process depends on the recovery method:

  • Password Recovery: User provides a password to encrypt the cold share client-side
  • Automatic Recovery: Cold share is encrypted server-side using project entropy
  • Passkey Recovery: User creates a passkey to derive an encryption key for the cold share

Password Recovery

When using password-based recovery, the user provides the entropy used to encrypt the recovery share. This ensures the system remains non-custodial and users control their keys.

Sign up user with automatic recovery

Automatic Recovery

When using automatic recovery, the entropy is managed by the cold storage service. To secure the recovery share, an encryption key is generated in the cold storage, which is then split into 2 shares with a required quorum of 2 for reconstruction. One share is kept by the cold storage, and another one is given back to the developer. The developer must secure this encryption share at all times, and it should never be exposed on the client side.

When a request to secure a new recovery share is made, the developer must POST to the cold storage /project/encryption-session endpoint with the encryption share. This endpoint returns an encryption session ID, which the developer must provide to the user during the signup process. This session ID is valid for one-time use.

This adds complexity but allows users to recover their keys without remembering a password.

For the system to remain non-custodial, the Developer (holding the encryption part) must differ from the Cold Storage Host.

Sign up user with automatic recovery

OTP with Automatic Recovery

You can enable OTP verification for your Shield project to enhance the security of automatic recovery shares. The diagram above remains valid. The key difference is that during key reconstruction, Shield requires an OTP when creating a new encrypted session. The OTP is sent to the user via SMS or email. This ensures that the cold share cannot be accessed for key reconstruction without user interaction.

Passkey Recovery

OpenSigner uses the passkey Pseudo Random Function (PRF) extension to derive an encryption key to symmetrically encrypt/decrypt the cold share.

The user needs only to follow their authenticator's flow for passkey creation and validation. OpenSigner remembers which passkey it should ask for whenever a user wants to recover their cold share.

Both the passkey's private key and the cold share are safe in this scenario, too:

  • The passkey's private key cannot leave the authenticator device
  • The cold share is encrypted and decrypted on the client side
Presented By
Openfort Logo