LogoLogo
Duo SDK
  • Introduction
  • Overview
  • Code Stack
  • HOW TO
    • Silent Shard Duo SDK Example
      • Admin
      • Server Node
      • Client Node
        • React-Native
          • Installing Silent Shard Duo RN SDK
          • Quick start
          • Error handling
          • Hooks
            • useECDSAKeyGen
            • useECDSASignGen
            • useECDSAKeyRefresh
          • Functions
            • keyGenECDSA
            • signGenECDSA
            • keyRefreshECDSA
          • Classes
            • ECDSAP1PartyKeys class
            • ECDSAP1KeyshareV2 class
  • ADVANCED SETUP
    • Low Level API
      • Key Generation
      • Sign
      • Key Rotation
    • MPC + Account Abstraction Kits
      • Biconomy Smart Accounts
        • Quick Start
        • Using the CLI version
        • Experience this in a Biconomy x SL powered DApp
      • Stackup Account Abstraction SDK
        • Quick Start
        • Using the CLI version
        • Experience it in a Stackup x SL powered DApp
      • Resources
        • Structure of the repository
        • Integration and Hosting
  • REFERENCE
    • MetaMask Snap
    • Contact Us
Powered by GitBook
On this page
  • Security of the ADMIN KEY
  • Admin SDK
  • Initialise Admin class
  • Issue user token
  • User Token
  1. HOW TO
  2. Silent Shard Duo SDK Example

Admin

Authentication middleware

The Admin acts as the authentication module. Once the user authenticates with the Admin, the latter authorises the user to perform key generation and sign operations with the server Node.

This authorisation is done by issuing a userToken to the user. The userToken is a Json Web Token (JWT) generated using ADMIN_KEY as the key. The ADMIN_KEY is a shared secret between the Sigpair Admin and the Sigpair Node. The ADMIN_KEY for the node is configured when the node is deployed.

The ADMIN_KEY must be randomly generated! It must be 32 bytes in length. Secure management of the ADMIN_KEY is the responsibility of the company. Please use a cryptographically secure random number generator.

Security of the ADMIN KEY

The ADMIN_KEY must be stored securely. Compromise of the token can lead to loss of the server share. Compromise of the token does not lead to compromise of the user secret shard wallet.

Admin SDK

We provide SDKs to perform admin actions.

Initialise Admin class

import { SigpairAdmin } from "sigpair-admin-v2";

// Example admin token.
// DO NOT hardcode in production code!
const adminToken =
    "1ec3804afc23258f767b9d38825dc7ab0a2ea44ef4adf3254e4d7c6059c3b55a";
    
// Base url of the server node
const baseUrl = "http://localhost:8080";
const admin = new SigpairAdmin(adminToken, baseUrl);

After authentication is complete, the Admin can use the SDK to create a new user. 

// Create a new user with the sigpair node
// userId is a number. Unique for each new user. 
const userId = await admin.createUser("user-name");

Issue user token

User Token

This is the token issued to the a user, which they can use to authenticate themselves with the Server Node for MPC operations:

export type UserToken = {
  user_id: number;
  iat: number;
  exp: number;
  // Hex string
  public_key: string;
};

  • user_id : User Id of the user. Generated when creating a user.

  • iat: Issued at timestamp as per JWT standard. Unix timestamp.

  • exp: Expiry timestamp as per JWT standard. Unix timestamp.

  • public_key : Signing public key of the user. (ED25519 public key). This is key is not an MPC key. It's a normal ED25519 signing public key. The Sigpair Node will only accept messages signed by this public key.

public_keyis the signing public key of the client. The client has a signing key-pair which it uses to sign all messages which is verified by the Node. This is done to verify the source of each message passed between the parties. That key is different from the MPC wallet key/public key.

The signing key-pair is a ED25519 signing key-pair. So the public key is a ED25519 public key which is 32 bytes in length. (64 hex chars)

The Admin can issue a User Token that can be used by the client to authenticate with the server Node. This action requires no interaction with the server Node. It's just generation of a JWT by the Admin using the ADMIN_KEY

// Using the @noble/ed25519 library
import * as ed from "@noble/ed25519";
import { SigpairAdmin } from "sigpair-admin-v2";

// Example admin token.
// DO NOT hardcode in production code!
const adminToken =
    "1ec3804afc23258f767b9d38825dc7ab0a2ea44ef4adf3254e4d7c6059c3b55a";
    
// Base url of the sigpair node
const baseUrl = "http://localhost:8080";
const admin = new SigpairAdmin(adminToken, baseUrl);

// Create a new user with the sigpair node
// userId is a number. Unique for each new user. 
const userId = await admin.createUser("user-name");

// Generate a new signing key pair for the user
// In a real application, the user keys should be generated on the client side by
// the user, and the public key must be passed to the admin.
const sk = ed.utils.randomPrivateKey();

// Get the public key from the private key
const pk = await ed.getPublicKeyAsync(sk);

// Generate a new userToken using 
const token = admin.genUserToken(userId, ed.etc.bytesToHex(pk));

Delete Key

Key deletion is a dangerous operation.

Some recommendations:

  • Admin must verify the delete request using 2fa or request re-authentication.

  • Admin must notify the user of this request before deleting.

  • Admin optionally can wait for a period before deleting the key.

Last updated 10 months ago

Admin issues a User Token
Delete key