Export Key
IBM Digital Asset Haven secures private keys by generating them as MPC key shares within its decentralized key management network. This design removes single points of failure associated with blockchain private keys.
In some circumstances, customers may require IBM Digital Asset Haven to export a private key. This endpoint enables key export and must be used together with the IBM Digital Asset Haven export SDK. IBM Digital Asset Haven cannot guarantee the security of exported keys because it cannot control how the reconstituted private key is used after export. For this reason, key export is restricted to customers who have signed a contractual addendum limiting IBM Digital Asset Haven liability. By default, exported keys can no longer be used to sign within the IBM Digital Asset Haven platform. Contact your sales representative for more information.
- HTTP request
- POST /keys/{keyId}/export
- Authorization requirements
-
Header Type Required Description Authorizationstring Yes Bearer token used to authenticate the request. See Authentication flows for instructions on generating this token. X-DFNS-USERACTIONstring Yes User action signature used to authorize change-inducing requests. See User Action Signing flows for instructions on generating this signature. - Request body
-
Field Type Required encryptionKey string Yes supportedSchemes object[] Yes curl --request POST \ --url https://api.digitalassets.ibm.com/keys/{keyId}/export \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --header 'X-DFNS-USERACTION: <api-key>' \ --data ' { "encryptionKey": "<string>", "supportedSchemes": [ { "protocol": "CGGMP24", "curve": "ed25519" } ] } ' - Response
- 200: Success
Example response:
{ "publicKey": "<string>", "protocol": "CGGMP24", "curve": "ed25519", "minSigners": 123, "encryptedKeyShares": [ { "signerId": "<string>", "encryptedKeyShare": "<string>" } ] }