This repository contains a set of tools designed to help canister developers as well as frontend developers integrate vetKeys into their Internet Computer (ICP) applications.
vetKeys – Verifiable Encrypted Threshold Keys – on the Internet Computer addresses the fundamental challenge of storing secrets on-chain by allowing cryptographic key derivation without exposing private keys to anyone but the user. By leveraging threshold cryptography, vetKeys make it possible to generate, transport, and use encrypted keys securely, unlocking privacy-preserving smart contracts and externally verifiable randomness.
In slightly more detail, vetKeys enables use cases such as:
- Decentralized key management, secure threshold key derivation without relying on a traditional PKI - only the user knows the key.
- Threshold BLS Signatures, enabling secure, decentralized signing of messages.
- Identity Based Encryption (IBE), enabling secure communication between users without exchanging public keys.
- Verifiable Random Beacons, providing a secure source of verifiable randomness for decentralized applications.
- Smart contract defined vetKeys, defining the constraints for obtaining derived keys/BLS signatures/verifiable randomness.
The management canister API for vetKeys exposes two endpoints, one for retrieving a public key and another one for deriving encrypted keys.
vetkd_public_key : (vetkd_public_key_args) -> (vetkd_public_key_result);
vetkd_derive_key : (vetkd_derive_key_args) -> (vetkd_derive_key_result);
For more documentation on vetKeys and the management canister API, see the vetKeys documentation.
Please share your feedback on the developer forum.
1. vetKeys Backend Library - Supports canister developers
Tools to help canister developers integrate vetKeys into their Internet Computer (ICP) applications.
- KeyManager – a library for deriving and managing encrypted cryptographic keys.
- EncryptedMaps – a library for encrypting using vetkeys, and securely storing and sharing encrypted key-value pairs.
- Utils – Utility functions for working with vetKeys.
2. vetKeys Frontend Library - Supports frontend developers
Tools for frontend developers to interact with VetKD enabled canisters.
- KeyManager – Facilitates interaction with a KeyManager-enabled canister.
- EncryptedMaps – Facilitates interaction with a EncryptedMaps-enabled canister.
- Utils – Utility functions for working with vetKeys.
The VetKey Password Manager is an example application demonstrating how to use vetKeys and Encrypted Maps to build a secure, decentralized password manager on the Internet Computer (IC). This application allows users to create password vaults, store encrypted passwords, and share vaults with other users via their Internet Identity Principal.
The example application is available in two versions:
- Basic Password Manager - A simpler example without metadata.
- Password Manager with Metadata - Supports unencrypted metadata alongside encrypted passwords.