README.md 4.1 KB
scure-bip32
Audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets over secp256k1.
- 🔒 Audited by an independent security firm
- 🔻 Tree-shaking-friendly: use only what's necessary, other code won't be included
- 📦 ESM and common.js
- ➰ Only 3 audited dependencies by the same author: noble-curves, noble-hashes, and scure-base
- 🪶 300 lines. 90KB with all dependencies
Check out scure-bip39 if you need mnemonic phrases.
See ed25519-keygen if you need SLIP-0010/BIP32 ed25519 hdkey implementation.
This library belongs to scure
scure — audited micro-libraries.
- Zero or minimal dependencies
- Highly readable TypeScript / JS code
- PGP-signed releases and transparent NPM builds
- Check out homepage & all libraries: base, bip32, bip39, btc-signer, starknet
Usage
npm install @scure/bip32
This module exports a single class HDKey, which should be used like this:
import { HDKey } from "@scure/bip32";
const hdkey1 = HDKey.fromMasterSeed(seed);
const hdkey2 = HDKey.fromExtendedKey(base58key);
const hdkey3 = HDKey.fromJSON({ xpriv: string });
// props
[hdkey1.depth, hdkey1.index, hdkey1.chainCode];
console.log(hdkey2.privateKey, hdkey2.publicKey);
console.log(hdkey3.derive("m/0/2147483647'/1"));
const sig = hdkey3.sign(hash);
hdkey3.verify(hash, sig);
Note: chainCode property is essentially a private part
of a secret "master" key, it should be guarded from unauthorized access.
The full API is:
class HDKey {
public static HARDENED_OFFSET: number;
public static fromMasterSeed(seed: Uint8Array, versions: Versions): HDKey;
public static fromExtendedKey(base58key: string, versions: Versions): HDKey;
public static fromJSON(json: { xpriv: string }): HDKey;
readonly versions: Versions;
readonly depth: number = 0;
readonly index: number = 0;
readonly chainCode: Uint8Array | null = null;
readonly parentFingerprint: number = 0;
get fingerprint(): number;
get identifier(): Uint8Array | undefined;
get pubKeyHash(): Uint8Array | undefined;
get privateKey(): Uint8Array | null;
get publicKey(): Uint8Array | null;
get privateExtendedKey(): string;
get publicExtendedKey(): string;
derive(path: string): HDKey;
deriveChild(index: number): HDKey;
sign(hash: Uint8Array): Uint8Array;
verify(hash: Uint8Array, signature: Uint8Array): boolean;
wipePrivateData(): this;
}
interface Versions {
private: number;
public: number;
}
The module implements bip32 standard: check it out for additional documentation.
The implementation is loosely based on cryptocoinjs/hdkey, which has MIT License.
Security
The library has been independently audited:
- at version 1.0.1, in Jan 2022, by cure53
- PDFs: online, offline
- Changes since audit.
- The audit has been funded by Ethereum Foundation with help of Nomic Labs
The library was initially developed for js-ethereum-cryptography.
At commit ae00e6d7,
it was extracted to a separate package called micro-bip32.
After the audit we've decided to use @scure NPM namespace for security.
License
Copyright (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com)