Admin
Authentication middleware
The Admin acts as the authentication module. Once the user authenticates with the Admin, the latter authorises the user to perform key generation and sign operations with the server Node.
This authorisation is done by issuing a userToken to the user. The userToken is a Json Web Token (JWT) generated using ADMIN_KEY as the key. The ADMIN_KEY is a shared secret between the Sigpair Admin and the Sigpair Node. The ADMIN_KEY for the node is configured when the node is deployed.
The ADMIN_KEY must be randomly generated! It must be 32 bytes in length. Secure management of the ADMIN_KEY is the responsibility of the company. Please use a cryptographically secure random number generator.
Security of the ADMIN KEY
The ADMIN_KEY must be stored securely. Compromise of the token can lead to loss of the server share. Compromise of the token does not lead to compromise of the user secret shard wallet.
Admin SDK
We provide SDKs to perform admin actions.
Initialise Admin class
import { SigpairAdmin } from "sigpair-admin-v2";
// Example admin token.
// DO NOT hardcode in production code!
const adminToken =
"1ec3804afc23258f767b9d38825dc7ab0a2ea44ef4adf3254e4d7c6059c3b55a";
// Base url of the server node
const baseUrl = "http://localhost:8080";
const admin = new SigpairAdmin(adminToken, baseUrl);
After authentication is complete, the Admin can use the SDK to create a new user.
// Create a new user with the sigpair node
// userId is a number. Unique for each new user.
const userId = await admin.createUser("user-name");Issue user token
User Token
This is the token issued to the a user, which they can use to authenticate themselves with the Server Node for MPC operations:
export type UserToken = {
user_id: number;
iat: number;
exp: number;
// Hex string
public_key: string;
};user_id: User Id of the user. Generated when creating a user.iat: Issued at timestamp as per JWT standard. Unix timestamp.exp: Expiry timestamp as per JWT standard. Unix timestamp.public_key: Signing public key of the user. (ED25519 public key). This is key is not an MPC key. It's a normal ED25519 signing public key. The Sigpair Node will only accept messages signed by this public key.
The Admin can issue a User Token that can be used by the client to authenticate with the server Node. This action requires no interaction with the server Node. It's just generation of a JWT by the Admin using the ADMIN_KEY
// Using the @noble/ed25519 library
import * as ed from "@noble/ed25519";
import { SigpairAdmin } from "sigpair-admin-v2";
// Example admin token.
// DO NOT hardcode in production code!
const adminToken =
"1ec3804afc23258f767b9d38825dc7ab0a2ea44ef4adf3254e4d7c6059c3b55a";
// Base url of the sigpair node
const baseUrl = "http://localhost:8080";
const admin = new SigpairAdmin(adminToken, baseUrl);
// Create a new user with the sigpair node
// userId is a number. Unique for each new user.
const userId = await admin.createUser("user-name");
// Generate a new signing key pair for the user
// In a real application, the user keys should be generated on the client side by
// the user, and the public key must be passed to the admin.
const sk = ed.utils.randomPrivateKey();
// Get the public key from the private key
const pk = await ed.getPublicKeyAsync(sk);
// Generate a new userToken using
const token = admin.genUserToken(userId, ed.etc.bytesToHex(pk));Delete Key
Last updated