Security Banner

Security Center

Security model, platform details, and vulnerability disclosure

Cryptographic Implementation

Cryptographic Operations

Algorithms & Standards

Digital Signatures

Algorithm:
ECDSA
Curve:
secp256k1
Hash:
Keccak-256
Format:
EIP-191

Message Encryption

Scheme:
ECIES
KDF:
HKDF-SHA256
Cipher:
AES-256-GCM
MAC:
HMAC-SHA256

Key Generation Example

KEY GENERATION IN TEE
// Key generation happens inside TEE
const crypto = require('crypto');
const secp256k1 = require('secp256k1');


function generateKeyPair() {
  // Generate random private key
  let privKey;
  do {
    privKey = crypto.randomBytes(32);
  } while (!secp256k1.privateKeyVerify(privKey));
  
  // Derive public key
  const pubKey = secp256k1.publicKeyCreate(privKey, false);
  
  // Derive Ethereum address
  const address = keccak256(pubKey.slice(1)).slice(-20);
  
  // Seal private key to enclave
  const sealedKey = TEE.seal(privKey);
  
  return {
    address: '0x' + address.toString('hex'),
    publicKey: '0x' + pubKey.toString('hex'),
    // Private key never leaves TEE
    sealed: sealedKey
  };
}