The tKey SDK manages private keys by generating shares of it using Shamir Secret Sharing. Multi-party computation of shares is also planned for this SDK and is currently in an advanced stage of development but not quite ready to be merged into the main codebase yet.
The companion example application is here.
If you are instead seeking the iOS implementation, please see here.
-
Compile the project
-
Import the built AAR file into your application.
./gradlew javadoc && open ./tkey/build/docs/javadoc/index.html
This standalone package can be used with CustomAuth. Please refer to the example application for a more comprehensive overview of the code.
The integration process is simple:
-
Log in with CustomAuth, for detailed documentation on how to do this please refer to the documentation here.
-
Use the methods
getPrivateKey().toString(16)
on theTorusLoginResponse
object as the postbox key when setting up the ServiceProvider. -
Continue initialization as normal.
-
Remember to save the device share or the account will need to be reset. For existing accounts, shares will need to be imported, either by making use of a security share or via manual entry depending on how the ThresholdKey was initially setup.
The design of the SDK is relatively straight forward.
- It makes use of the underlying NDK build which contains binaries for arm64-v8, armeabi-v7a, x86 and x86_64 architectures.
- These binaries are built from a common cross-compilable codebase which is a native port of the original implementation of (tkey)[https://github.com/tkey/tkey].
- All marshalling of types across the foreign function interface and JNI as well as memory safety is handled by the SDK.
This SDK can be split into methods which are synchronous and methods which are asynchronous:
- Methods which are synchronous are expected to return immediately with no underlying network operations.
- Methods which are asyncronous are dispatched to a single-threaded Executor, return the result via callbacks and perform network operations with the Metadata Server. The relevant network implementation is already supplied as part of the SDK.
All classes that are part of the modules namespace are static in nature and can only operate on a ThresholdKey object which has been properly setup.
Currently only the Secp256k1 curve is supported.
Please note that all code examples are minimilistic in nature, this is intentionally done for clarity, since most functions can throw.
The instance of tkey, this can be considered the most important object in the SDK.
To create a ThresholdKey object at minimum a StorageLayer is required, however it is more practical to use a ServiceProvider as well.
PrivateKey postboxKey = PrivateKey.generate();
StorageLayer storageLayer = new StorageLayer(false, "https://metadata.tor.us", 2);
ServiceProvider serviceProvider = new ServiceProvider(false, postboxKey.hex);
ThresholdKey thresholdKey = new ThresholdKey(null, null, storageLayer, serviceProvider, null, null, false, false);
Once you have created a ThresholdKey object, it can then be initialized.
A KeyDetails object is returned from the initialization call.
PrivateKey key = PrivateKey.generate();
thresholdKey.initialize(key.hex, null, false, false, result -> {
if (result instanceof com.web3auth.tkey.ThresholdKey.Common.Result.Error) {
//Error handling here
} else if (result instanceof com.web3auth.tkey.ThresholdKey.Common.Result.Success) {
KeyDetails details = ((Result.Success<KeyDetails>) result).data;
}
});
Additionally the following optional parameters can be supplied to this call
Parameter | Type | Description |
---|---|---|
import_share | String | Initialise tkey with an existing share. This allows you to directly initialise tKey without using the service provider login. |
input | ShareStore | Import an existing ShareStore into tkey. |
Once the required number of shares are available to the ThresholdKey object or existing shares have been inserted into it, the private key can then be reconstructed.
This method returns a KeyReconstructionResult.
thresholdKey.reconstruct(reconstruct_result -> {
if (reconstruct_result instanceof com.web3auth.tkey.ThresholdKey.Common.Result.Error) {
//Error handling here
} else if (reconstruct_result instanceof com.web3auth.tkey.ThresholdKey.Common.Result.Success) {
KeyReconstructionDetails reconstructionDetails = ((com.web3auth.tkey.ThresholdKey.Common.Result.Success<KeyReconstructionDetails>) reconstruct_result).data;
}
});
KeyDetails details = thresholdKey.getKeyDetails();
This returns a KeyDetails object.
Whenever a method is called which affects the state of the ThresholdKey, this method will need to be called again if updated details of the ThresholdKey is needed.
Shares are generated on the same threshold (e.g, 2/3 -> 2/4). A GenerateShareStoreResult object is returned by the function.
thresholdKey.generateNewShare(result -> {
if (result instanceof com.web3auth.tkey.ThresholdKey.Common.Result.Error) {
// Error handling here
} else if (result instanceof com.web3auth.tkey.ThresholdKey.Common.Result.Success) {
GenerateShareStoreResult shareStoreResult = ((com.web3auth.tkey.ThresholdKey.Common.Result.Success<GenerateShareStoreResult>) result).data;
}
});
Shares can be deleted by their share index. Note that deleting a share will invaidate any persisted share.
thresholdKey.deleteShare(index, result -> {
if (result instanceof com.web3auth.tkey.ThresholdKey.Common.Result.Error) {
// Error handling here
} else if (result instanceof com.web3auth.tkey.ThresholdKey.Common.Result.Success) {
// Sucess here, void return type
}
});
For more advanced operations on a ThresholdKey object, you can make use of the provided modules.
This module provides an interface for setting, getting and managing private keys for a ThresholdKey object.
This module allows the creation of a security share with a password. This is particularly useful to recover a ThresholdKey
This module provides functionality for setting, changing, getting, and deleting seed phrases for a ThresholdKey object.
The ShareSerializationModule allows the serialization and deserialization of shares between mnemonic and hex formats.
The ShareTransferModule is used to transfering an existing share to another device.