This repository contains a set of tools designed to help canister developers as well as frontend developers integrate vetKeys into their Internet Computer (ICP) applications.
vetKeys – Verifiable Encrypted Threshold Keys – on the Internet Computer addresses the fundamental challenge of storing secrets on-chain by allowing cryptographic key derivation without exposing private keys to anyone but the user. By leveraging threshold cryptography, vetKeys make it possible to generate, transport, and use encrypted keys securely, unlocking privacy-preserving smart contracts and externally verifiable randomness.
In slightly more detail, vetKeys enables use cases such as:
- Decentralized key management, secure threshold key derivation without relying on a traditional PKI - only the user knows the key.
- Threshold BLS Signatures, enabling secure, decentralized signing of messages.
- Identity Based Encryption (IBE), enabling secure communication between users without exchanging public keys.
- Verifiable Random Beacons, providing a secure source of verifiable randomness for decentralized applications.
- Smart contract defined vetKeys, defining the constraints for obtaining derived keys/BLS signatures/verifiable randomness.
The management canister API for vetKeys exposes two endpoints, one for retrieving a public key and another one for deriving encrypted keys.
vetkd_public_key : (vetkd_public_key_args) -> (vetkd_public_key_result);
vetkd_derive_key : (vetkd_derive_key_args) -> (vetkd_derive_key_result);
For more documentation on vetKeys and the management canister API, see the vetKeys documentation.
Please share your feedback on the developer forum.
Tools to help canister developers integrate vetKeys into their Internet Computer (ICP) applications.
- KeyManager (Motoko, Rust) – a library for deriving and managing encrypted cryptographic keys.
- EncryptedMaps (Motoko, Rust) – a library for encrypting using vetkeys, and securely storing and sharing encrypted key-value pairs.
- Utils (Rust) – Utility functions for working with vetKeys.
2. vetKeys Frontend Library - Supports frontend developers
Tools for frontend developers to interact with VetKD enabled canisters.
- KeyManager – Facilitates interaction with a KeyManager-enabled canister.
- EncryptedMaps – Facilitates interaction with a EncryptedMaps-enabled canister.
- Utils – Utility functions for working with vetKeys.
- Basic BLS Signing - Demonstrates secure threshold BLS signature generation where users can only sign messages for their own identity.
- Basic IBE - Shows how to implement secure messaging using Identity Based Encryption with Internet Identity Principals as encryption keys.
- Basic Timelock IBE - Implements a secret-bid auction system where bids remain encrypted until a specified deadline.
- Password Manager - A secure, decentralized password manager using Encrypted Maps for vault-based password storage and sharing.
- Password Manager with Metadata - Extends the basic password manager to support unencrypted metadata alongside encrypted passwords.
- Encrypted Notes - A secure note-taking application that uses vetKeys for encryption and enables sharing notes between users without device management.