/urbit-key-generation

Key derivation and HD wallet generation functions for Urbit

Primary LanguageJavaScriptMIT LicenseMIT

urbit-key-generation

Build Status License: MIT npm

Key derivation and HD wallet generation functions for Urbit.

Install

Grab it from npm like so:

npm install urbit-key-generation

To include in your node project, use:

const kg = require('urbit-key-generation')

To use in the browser, you can use e.g. rollup and the rollup-plugin-node-resolve plugin, and specify the following in your rollup.config.js or similar:

plugins: [
  ..,
  resolve({
    browser: true,
  }),
  ..
]

Usage

You will probably be interested in the generateWallet function, which generates a HD wallet for Urbit keys. It expects an object argument containing the following properties:

  • ticket, a 64, 128, or 384-bit @q master ticket (you can use e.g. the appropriate patq functions from urbit-ob to create these from decimal or hex strings).
  • ship, an Urbit ship number between 0 and 2^32 - 1.
  • passphrase, an optional passphrase used to salt seeds derived from BIP39 mnemonics.
  • revision, an optional number used to salt network seeds derived from a management seed. Defaults to 0.
  • boot, an optional flag that indicates whether or not to generate Urbit network keys for the provided ship. Defaults to false.

generateWallet returns a Promise, so you can deal with it as follows, for example:

let config = {
  ticket: '~marbud-tidsev-litsut-hidfep',
  ship: 65012,
  boot: true
}

let wallet = await generateWallet(config)

This library also contains functionality for generating Arvo keyfiles, via generateKeyfile, as well as web UI login codes (|code in :dojo), via generateCode.

When using these functions to derive outputs for an on-chain ship, ensure that you're actually passing them the ship's current keypair, which usually involves specifying the ship's %life as the 'revision' parameter.

Security

Tlon runs a bug bounty program. If you believe you've discovered a vulnerability anywhere in this implementation, you can disclose it privately to security@tlon.io.

Dev

Before making a PR, you should create an updated browser bundle (generated via npm run-script build).

You can run the test suite with a simple npm test.