Export Key

IBM Digital Asset Haven secures private keys by generating them as MPC key shares within its decentralized key management network. This design removes single points of failure associated with blockchain private keys.

In some circumstances, customers may require IBM Digital Asset Haven to export a private key. This endpoint enables key export and must be used together with the IBM Digital Asset Haven export SDK. IBM Digital Asset Haven cannot guarantee the security of exported keys because it cannot control how the reconstituted private key is used after export. For this reason, key export is restricted to customers who have signed a contractual addendum limiting IBM Digital Asset Haven liability. By default, exported keys can no longer be used to sign within the IBM Digital Asset Haven platform. Contact your sales representative for more information.

HTTP request
POST /keys/{keyId}/export
Authorization requirements
Header Type Required Description
Authorization string Yes Bearer token used to authenticate the request. See Authentication flows for instructions on generating this token.
X-DFNS-USERACTION string Yes User action signature used to authorize change-inducing requests. See User Action Signing flows for instructions on generating this signature.
Request body
Field Type Required
encryptionKey string Yes
supportedSchemes object[] Yes
curl --request POST \
  --url https://api.digitalassets.ibm.com/keys/{keyId}/export \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "encryptionKey": "<string>",
  "supportedSchemes": [
    {
      "protocol": "CGGMP24",
      "curve": "ed25519"
    }
  ]
}
'
Response
200: Success

Example response:

{
  "publicKey": "<string>",
  "protocol": "CGGMP24",
  "curve": "ed25519",
  "minSigners": 123,
  "encryptedKeyShares": [
    {
      "signerId": "<string>",
      "encryptedKeyShare": "<string>"
    }
  ]
}