@scure/bip32
Advanced tools
Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets
Package description
@scure/bip32 is a JavaScript library for working with BIP-32 hierarchical deterministic (HD) wallets. It allows developers to generate and manage HD wallets, derive child keys, and perform various cryptographic operations related to BIP-32.
Generate a Master Key
This feature allows you to generate a master key from a mnemonic seed phrase. The code sample demonstrates how to convert a mnemonic phrase to a seed and then generate a master key from that seed.
const { mnemonicToSeedSync } = require('@scure/bip39');
const { BIP32Factory } = require('@scure/bip32');
const ecc = require('tiny-secp256k1');
const bip32 = BIP32Factory(ecc);
const seed = mnemonicToSeedSync('praise you muffin lion enable neck grocery crumble super myself license ghost');
const root = bip32.fromSeed(seed);
console.log(root.toBase58());Derive Child Keys
This feature allows you to derive child keys from the master key using a specific derivation path. The code sample shows how to derive a child key using the BIP-44 path.
const child = root.derivePath('m/44'/0'/0'/0/0');
console.log(child.toBase58());Get Public Key
This feature allows you to extract the public key from a derived key. The code sample demonstrates how to get the public key in hexadecimal format.
const publicKey = child.publicKey.toString('hex');
console.log(publicKey);Sign a Message
This feature allows you to sign a message using a derived key. The code sample shows how to sign a message and get the signature in hexadecimal format.
const message = Buffer.from('Hello, world!');
const signature = child.sign(message);
console.log(signature.toString('hex'));Verify a Signature
This feature allows you to verify a signature using a derived key. The code sample demonstrates how to verify a signature and check its validity.
const isValid = child.verify(message, signature);
console.log(isValid);The 'bip32' package is another popular library for working with BIP-32 hierarchical deterministic wallets. It provides similar functionalities such as generating master keys, deriving child keys, and performing cryptographic operations. However, it may have different dependencies and performance characteristics compared to @scure/bip32.
The 'hdkey' package is a lightweight library for handling BIP-32 HD wallets. It offers basic functionalities like key derivation and public/private key management. While it is simpler and easier to use, it may lack some advanced features provided by @scure/bip32.
The 'bitcoinjs-lib' package is a comprehensive library for Bitcoin-related operations, including BIP-32 HD wallet management. It provides a wide range of functionalities beyond just BIP-32, such as transaction creation and signing. It is more feature-rich but also more complex compared to @scure/bip32.
Readme
Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets.
Compared to popular hdkey package, scure-bip32:
Check out scure-bip39 if you need mnemonic phrases. See ed25519-keygen if you need SLIP-0010/BIP32 HDKey implementation.
scure — secure, independently audited packages for every use case.
npm install @scure/bip32
Or
yarn add @scure/bip32
This module exports a single class HDKey, which should be used like this:
const { HDKey } = require("@scure/bip32");
const hdkey1 = HDKey.fromMasterSeed(seed);
const hdkey2 = HDKey.fromExtendedKey(base58key);
const hdkey3 = HDKey.fromJSON({ xpriv: string });
// props
[hdkey1.depth, hdkey1.index, hdkey1.chainCode];
console.log(hdkey2.privateKey, hdkey2.publicKey);
console.log(hdkey3.derive("m/0/2147483647'/1"));
const sig = hdkey3.sign(hash);
hdkey3.verify(hash, sig);
Note: chainCode property is essentially a private part
of a secret "master" key, it should be guarded from unauthorized access.
The full API is:
class HDKey {
public static HARDENED_OFFSET: number;
public static fromMasterSeed(seed: Uint8Array, versions: Versions): HDKey;
public static fromExtendedKey(base58key: string, versions: Versions): HDKey;
public static fromJSON(json: { xpriv: string }): HDKey;
readonly versions: Versions;
readonly depth: number = 0;
readonly index: number = 0;
readonly chainCode: Uint8Array | null = null;
readonly parentFingerprint: number = 0;
get fingerprint(): number;
get identifier(): Uint8Array | undefined;
get pubKeyHash(): Uint8Array | undefined;
get privateKey(): Uint8Array | null;
get publicKey(): Uint8Array | null;
get privateExtendedKey(): string;
get publicExtendedKey(): string;
derive(path: string): HDKey;
deriveChild(index: number): HDKey;
sign(hash: Uint8Array): Uint8Array;
verify(hash: Uint8Array, signature: Uint8Array): boolean;
wipePrivateData(): this;
}
interface Versions {
private: number;
public: number;
}
The hdkey submodule provides a library for keys derivation according to
BIP32.
It has almost the exact same API than the version 1.x of
hdkey from cryptocoinjs,
but it's backed by this package's primitives, and has built-in TypeScript types.
Its only difference is that it has to be be used with a named import.
The implementation is loosely based on hdkey, which has MIT License.
The library has been audited by Cure53 on Jan 5, 2022. Check out the audit PDF & URL. See changes since audit.
micro-bip32@micro namespace was taken, we've renamed the package to @scure/bip32Copyright (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com)
FAQs
Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets over secp256k1
The npm package @scure/bip32 receives a total of 0 weekly downloads. As such, @scure/bip32 popularity was classified as not popular.
We found that @scure/bip32 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers have uncovered 3.7 million fake GitHub stars, highlighting a growing threat linked to scams, fraud, and malware, with these campaigns rapidly increasing over the last six months.
Security News
Deno's Standard Library has stabilized after four years of development, offering developers a collection of well-maintained tools compatible with Deno, Node.js, Cloudflare Workers, and browsers with bundlers.
Security News
Trivial packages, while convenient, can introduce significant risks such as dependency bloat, security vulnerabilities, and performance issues in modern software projects.