Key Derivation Types

PrimusHSM supports multiple key derivation types based on the Key-Algorithm and bip-0032 & slip-0010 key attribute. When creating a key, you must select the derivation type, as it cannot be changed after creation.

Creating an EC Key with SLIP-0010 Derivation

Below is a table listing the combinations of Bip-0032 and SLIP-0010 derivation types for both EC (Elliptic Curve) and ED (Edwards-curve Digital Signature Algorithm) keys.

ED (Edwards-Curve Digital Signature Algorithm) Key Derivation Types

Bip-0032	SLIP-0010	Derivation Type
0	0	None
0	1	ADA/SLIP-10
1	0	ADA
1	1	ADA/SLIP-10

EC (Elliptic Curve Cryptography) Key Derivation Types

Bip-0032	SLIP-0010	Derivation Type
0	0	None
0	1	SLIP-10
1	0	SLIP-10
1	1	SLIP-10

How to Create EC / ED Keys

Endpoint: POST: /v1/key

Description: This API endpoint is used to create a key. Below is a sample request to create a key. Replace <keyname> and password with your desired values. Note that the password is optional and can be omitted.

For More Information

For supported EC or ED Key-Curves, refer to the Supported Curve-OID's documentation.
When creating ED-Keys, ensure to replace both the algorithm and curveOid fields with the appropriate values.

    {
        "label": "<keyname>",
        "password": [ "R","E","P","L","A","C","E" ],
        "algorithm": "EC",
        "curveOid": "1.3.132.0.10",
        "attributes": {
            "encrypt": true,
            "decrypt": true,
            "verify": true,
            "sign": true,
            "wrap": true,
            "unwrap": true,
            "derive": true,
            "bip32": false,
            "slip10": true,
            "extractable": false,
            "modifiable": true,
            "destroyable": true,
            "sensitive": true,
            "copyable": false
        }
    }

Response:

  {   
    "derivedAttributes": {
      "derivationType": "SLIP-10",
      "derivationValue": "43CB755D8B3D0D72CCEE2CE608082146CF48B83DF1A513D4FE66087B138F89A6"
    }, 
  }

Sign a Payload with temporary derived key (/44'/0'/0'/0')

POST: /v1/synchronousSign

{
    "signRequest": {
        "payload": "U2lnblBheWxvYWREZW1v",
        "payloadType": "UNSPECIFIED",
        "signKeyName": "ec_slip_10/44'/0'/0'/0'",
        "keyPassword": null,
        "metaData": "U29tZU1ldGFEYXRh",
        "metaDataSignature": "TWV0YURhdGFTaWduYXR1cmU=",
        "signatureAlgorithm": "SHA256_WITH_ECDSA",
        "signatureType": null
    },
    "requestSignature": null
}

Response:

{
  "signature": "MEQCIE/3O9poWWby9o+DRyC6INWPK2eZX4dFhrgdIFsokhWxAiBPHCdsPtRM4uRVpxAbQQEIWUMUVRIh7OMQfAEzw4TH7g=="
}

Verify

POST: /v1/verify

Description Verify signature of a payload

Replace signature from the previous response and set the initial payload

{
  "verifySignatureRequest": {
    "signKeyName": "ec_slip_10/44'/0'/0'/0'",    
    "signatureAlgorithm": "SHA256_WITH_ECDSA",
    "payload": "U2lnblBheWxvYWREZW1v",
    "signature": "MEQCIE/3O9poWWby9o+DRyC6INWPK2eZX4dFhrgdIFsokhWxAiBPHCdsPtRM4uRVpxAbQQEIWUMUVRIh7OMQfAEzw4TH7g=="
  }
}

Response

{
  "signatureValid": true
}

Creating an EC Key with SLIP-0010 Derivation​

ED (Edwards-Curve Digital Signature Algorithm) Key Derivation Types​

EC (Elliptic Curve Cryptography) Key Derivation Types​

How to Create EC / ED Keys​

Sign a Payload with temporary derived key (/44'/0'/0'/0')​

Verify​