@scure/bip32

What is @scure/bip32?

@scure/bip32 is a JavaScript library for working with BIP-32 hierarchical deterministic (HD) wallets. It allows developers to generate and manage HD wallets, derive child keys, and perform various cryptographic operations related to BIP-32.

What are @scure/bip32's main functionalities?

Generate a Master Key

This feature allows you to generate a master key from a mnemonic seed phrase. The code sample demonstrates how to convert a mnemonic phrase to a seed and then generate a master key from that seed.

const { mnemonicToSeedSync } = require('@scure/bip39');
const { BIP32Factory } = require('@scure/bip32');
const ecc = require('tiny-secp256k1');

const bip32 = BIP32Factory(ecc);
const seed = mnemonicToSeedSync('praise you muffin lion enable neck grocery crumble super myself license ghost');
const root = bip32.fromSeed(seed);
console.log(root.toBase58());

Derive Child Keys

This feature allows you to derive child keys from the master key using a specific derivation path. The code sample shows how to derive a child key using the BIP-44 path.

const child = root.derivePath('m/44'/0'/0'/0/0');
console.log(child.toBase58());

Get Public Key

This feature allows you to extract the public key from a derived key. The code sample demonstrates how to get the public key in hexadecimal format.

const publicKey = child.publicKey.toString('hex');
console.log(publicKey);

Sign a Message

This feature allows you to sign a message using a derived key. The code sample shows how to sign a message and get the signature in hexadecimal format.

const message = Buffer.from('Hello, world!');
const signature = child.sign(message);
console.log(signature.toString('hex'));

Verify a Signature

This feature allows you to verify a signature using a derived key. The code sample demonstrates how to verify a signature and check its validity.

const isValid = child.verify(message, signature);
console.log(isValid);

Other packages similar to @scure/bip32

bip32

The 'bip32' package is another popular library for working with BIP-32 hierarchical deterministic wallets. It provides similar functionalities such as generating master keys, deriving child keys, and performing cryptographic operations. However, it may have different dependencies and performance characteristics compared to @scure/bip32.

hdkey

The 'hdkey' package is a lightweight library for handling BIP-32 HD wallets. It offers basic functionalities like key derivation and public/private key management. While it is simpler and easier to use, it may lack some advanced features provided by @scure/bip32.

bitcoinjs-lib

The 'bitcoinjs-lib' package is a comprehensive library for Bitcoin-related operations, including BIP-32 HD wallet management. It provides a wide range of functionalities beyond just BIP-32, such as transaction creation and signing. It is more feature-rich but also more complex compared to @scure/bip32.

README

scure-bip32

Audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets over secp256k1.

• 🔒 Audited by an independent security firm
• 🔻 Tree-shakeable: unused code is excluded from your builds
• 📦 ESM and common.js
• ➰ Only 3 audited dependencies by the same author: noble-curves, noble-hashes, and scure-base
• 🪶 300 lines. 90KB with all dependencies bundled

Check out scure-bip39 if you need mnemonic phrases. See key-producer if you need SLIP-0010/BIP32 ed25519 hdkey implementation.

This library belongs to scure

scure — audited micro-libraries.

• Zero or minimal dependencies
• Highly readable TypeScript / JS code
• PGP-signed releases and transparent NPM builds
• Check out homepage & all libraries: base, bip32, bip39, btc-signer, starknet

Usage

npm install @scure/bip32

This module exports a single class HDKey, which should be used like this:

import { HDKey } from "@scure/bip32";
const hdkey1 = HDKey.fromMasterSeed(seed);
const hdkey2 = HDKey.fromExtendedKey(base58key);
const hdkey3 = HDKey.fromJSON({ xpriv: string });

// props
[hdkey1.depth, hdkey1.index, hdkey1.chainCode];
console.log(hdkey2.privateKey, hdkey2.publicKey);
console.log(hdkey3.derive("m/0/2147483647'/1"));
const sig = hdkey3.sign(hash);
hdkey3.verify(hash, sig);

Note: chainCode property is essentially a private part of a secret "master" key, it should be guarded from unauthorized access.

The full API is:

class HDKey {
  public static HARDENED_OFFSET: number;
  public static fromMasterSeed(seed: Uint8Array, versions: Versions): HDKey;
  public static fromExtendedKey(base58key: string, versions: Versions): HDKey;
  public static fromJSON(json: { xpriv: string }): HDKey;

  readonly versions: Versions;
  readonly depth: number = 0;
  readonly index: number = 0;
  readonly chainCode: Uint8Array | null = null;
  readonly parentFingerprint: number = 0;

  get fingerprint(): number;
  get identifier(): Uint8Array | undefined;
  get pubKeyHash(): Uint8Array | undefined;
  get privateKey(): Uint8Array | null;
  get publicKey(): Uint8Array | null;
  get privateExtendedKey(): string;
  get publicExtendedKey(): string;

  derive(path: string): HDKey;
  deriveChild(index: number): HDKey;
  sign(hash: Uint8Array): Uint8Array;
  verify(hash: Uint8Array, signature: Uint8Array): boolean;
  wipePrivateData(): this;
}

interface Versions {
  private: number;
  public: number;
}

The module implements bip32 standard: check it out for additional documentation.

The implementation is loosely based on cryptocoinjs/hdkey, which has MIT License.

Security

The library has been independently audited:

• at version 1.0.1, in Jan 2022, by cure53
  • PDFs: online, offline
  • Changes since audit.
  • The audit has been funded by Ethereum Foundation with help of Nomic Labs

The library was initially developed for js-ethereum-cryptography. At commit ae00e6d7, it was extracted to a separate package called micro-bip32. After the audit we've decided to use @scure NPM namespace for security.

License

MIT License

Copyright (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com)