Local

Create a set of key pairs for the wallets manged via the wallet API, using one of the following algorithms: ed25519, secp256k1, secp256r1, or RSA. This key will then be stored in the configured database of the wallet API.

If you are working in a production setup, it is highly recommended to use KMS providers like Hashicorp Vault or Oracle KMS to secure your key material. This will ensure that your secrets are never exposed outside of a secure environment, reducing the risk of key compromises. For a list of KMS integrations that are compatible with walt.id, please visit the overview page.

Key Creation

CURL

API Reference

POST wallet/$WALLET/keys/generate

Example Request
curl -X 'POST' \
  'http://localhost:7001/wallet-api/wallet/f01f8f55-d098-4c53-b47b-c97552829b39/keys/generate' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "backend": "jwk",
  "keyType": "Ed25519"
}'

Parameters

  • WALLET: string - The ID of the wallet to generate the key into. You can find a list of all wallets associated with an account using the following endpoint /wallet-api/wallet/accounts/wallets.

Body

{
  "backend": "jwk",
  "keyType": "Ed25519"
}

Body Parameters

  • backend: String - The location where the key is stored. In our case jwk as we want to store it locally in the database.
  • algorithm: String - The algorithm to use to generate the key with; Ed25519, secp256k1, secp256r1, RSA.
Example Response

The API will respond with the ID of the key. This ID is the internal reference and can be used in operations such as DID create or key delete.

bhyprSoN1ciRt0poVV-gDz96tB49IZ8_fUc3azdpCJc

Key Export

CURL

API Reference

POST /wallet-api/wallet/{wallet}/keys/export/{keyId}

Example Request
curl -X 'GET' \
  'https://wallet.walt.id/wallet-api/wallet/3fb5b3d5-4f2a-43fe-8734-1903512ccabd/keys/export/bhyprSoN1ciRt0poVV-gDz96tB49IZ8_fUc3azdpCJc?format=JWK&loadPrivateKey=true' \
  -H 'accept: */*'

Parameters

  • wallet: string - The ID of the wallet to generate the key into. You can find a list of all wallets associated with an account using the following endpoint /wallet-api/wallet/accounts/wallets.
  • keyId: string - The ID of the key we received after the key creation in the last step. You can also list all available keys using the /wallet-api/wallet/{wallet}/keys endpoint.

Query Parameters

  • format: string - The key export format; JWK / PEM. JWK by default.
  • loadPrivateKey: boolean - Enable to also receive the private key.
Example Response

The API will respond with the public key and/or private key in selected format based on the provided parameters. In our case, JWK.

{
  "kty": "OKP",
  "d": "gKXb33AJ54WTPSrGNb0xwtu7hBGuIrkaOQB2ux8LVMo",
  "crv": "Ed25519",
  "kid": "bhyprSoN1ciRt0poVV-gDz96tB49IZ8_fUc3azdpCJc",
  "x": "7fjYZdxTHzXHezJLsdlDdIF6wCwz2dmu6MSlXd3JWG4"
}
OverviewHashicorp Vault