Introduction
Exporting a private key allows users to extract the cryptographic key that controls their non-custodial wallet. This key can be imported into other wallet applications, enabling users to access their assets across different platforms. TheExportPrivateKeyButton component provides a secure interface for users to export their private keys from wallets that use email or phone signers. Other signer types (passkey, external wallet, API key) do not expose private keys by design, so export does not apply to them.
Security Warning: Exporting a private key is a sensitive operation that should be handled with extreme care. Anyone who obtains the private key has full control over the wallet and all its assets. Users should:
- Never share their private key with anyone
- Store exported keys securely in password managers or hardware wallets
- Consider the security implications before exporting
When to Export Private Keys
Users might need to export their private key in scenarios such as:- Creating a backup of their wallet credentials
- Migrating to a different wallet provider
- Accessing their wallet through alternative interfaces
Prerequisites
Before using theExportPrivateKeyButton component, ensure:
- The wallet is using an email or phone signer type
- The wallet has been successfully created and is accessible
Implementation Examples
- React
- React Native
Behavior
The component automatically:- Checks if the wallet uses an exportable signer (email or phone)
- Renders nothing if the signer type is not supported
- Loads a secure iframe that handles the export operation
- Copies the private key to the clipboard when clicked
Security Considerations
When exporting private keys, users should store them securely using password managers or hardware wallets. Anyone with access to a private key has full control over the associated wallet. As a developer integrating this component, it is important to communicate these security implications clearly to your users. Consider displaying warnings or educational content before allowing users to export their private keys, ensuring they understand the risks and best practices for secure key storage.How It Works
TheExportPrivateKeyButton component uses a secure multi-step process to export private keys:
1. Signer Validation
The component first checks if the wallet uses an exportable signer type (email or phone). If the wallet uses a different signer type, the component renders nothing.2. Secure Iframe/WebView Loading
The component loads a secure iframe (web) or WebView (mobile) from Crossmint’s TEE infrastructure. This isolated environment ensures that the private key is never exposed to the host application.3. TEE Communication Protocol
The component establishes a secure communication channel with the TEE using the handshake protocol:- The parent application initiates a handshake with the secure iframe/WebView
- Authentication credentials (JWT and API key) are passed through the secure channel
- The TEE verifies the user’s identity and authorization
4. Private Key Derivation
Inside the TEE, the private key is derived from the master secret:- The master secret is reconstructed from the device share and auth share
- The private key is derived using HKDF (HMAC-based Key Derivation Function)
- Supported cryptographic schemes: ed25519 (Solana, Stellar) and secp256k1 (EVM chains)
- Supported encoding formats: base58, hex, and strkey
5. Clipboard Copy
When the user clicks the export button, the private key is:- Formatted in the appropriate encoding for the blockchain
- Copied directly to the user’s clipboard
- Never exposed to the host application or stored in memory outside the TEE
Related Documentation
- Signers and Custody - Learn about different signer types and custody models
- Create Wallet - Create wallets with email or phone signers
- Bring Your Own Auth - Integrate custom authentication systems
- Wallets Quickstart - Get started with Crossmint Wallets