Skip to main content

What is a signer?

A signer is a digital identity that has permission to approve actions for a wallet. When a transaction starts, the signer adds a digital signature to confirm and allow it to go through. A signer is how your users prove they own their wallet and authorize transactions. Think of it like a bank account: just as you need to sign a check or enter your PIN to withdraw money, a digital wallet needs a “signer” to approve transactions.

Which signer should I use?

Crossmint recommends email or phone number signers for most use cases. Here’s why: Non-custodial - Your users control their wallets, you never have access to their private keys
Seamless UX - Users verify once per device (via OTP), then transactions flow smoothly
No blockchain knowledge required - Users don’t need to understand wallets, gas, or signing
Perfect for financial services - Ideal for remittances, stablecoins, debit cards, and payments
Recovery built-in - Users can recover access via email/phone if they lose their device This is perfect for:
  • Fintech apps (remittances, stablecoins, payments)
  • Consumer apps where users shouldn’t think about blockchain
  • Apps that need to remain non-custodial but want smooth UX

How does signing work with email/phone?

When you create a wallet with an email or phone signer, the wallet is created instantly. The authentication flow happens later, when the user takes their first wallet action (like sending a token or signing a transaction). 1. First wallet action on a device:
  • User initiates an action (e.g., token transfer, transaction signing)
  • They receive a one-time password (OTP) via email or SMS
  • They enter the OTP to verify their identity
  • A cryptographic key is securely generated and split between their device and Crossmint’s servers using Shamir Secret Sharing (neither party can access it alone).
2. Every action after that:
  • Transactions happen smoothly without showing an OTP prompt every time
  • The user maintains full control - only they can authorize transactions from their authenticated device
3. On a new device:
  • User receives an OTP again when they take their first action on that device
  • Once verified, they can transact smoothly from that device too
Key point: Users verify their identity once per device, then transactions happen seamlessly. They never see confusing blockchain prompts, gas fees, or signing screens.

Is this non-custodial?

Yes. Email and phone signers are fully non-custodial. Here’s why:
  • Your application never has access to users’ private keys
  • Crossmint never has access to users’ private keys
  • Both parts are required to sign a transaction - neither party can do it alone
  • All cryptographic operations happen in a secure, isolated environment that you can verify
This means:
  • You can build financial services apps without needing custody licenses
  • Users have true ownership of their assets
  • You maintain compliance while offering a smooth user experience
The signer uses a master secret generated inside a Trusted Execution Environment (TEE) that runs open-source, verifiable code.This master secret is never stored or exposed outside the TEE and is protected by user-controlled credentials (email/phone authentication).Once created, the master secret is split into two parts using Shamir Secret Sharing:
  • Device share - stored securely on the user’s device
  • Auth share - stored on Crossmint’s backend
Both shares are required to reconstruct the master secret, and this only happens locally within a secure enclave on the user’s device.When a user signs a transaction:
  1. Your application sends a request to a secure iframe
  2. The device share and auth share are combined within this local secure environment
  3. The master secret is reconstructed, the keypair is derived, and the signature is produced
  4. The signing completes and the master secret is immediately discarded
At no point do you or Crossmint have access to the full master secret or private key. The signing process is isolated from both parties, ensuring sensitive cryptographic material is never exposed.
Yes. Being non-custodial means you don’t have access to users’ private keys - it doesn’t mean you can’t implement security controls.You can:
  • Screen transactions before submitting them (e.g., check against sanctions lists)
  • Block transactions to suspicious addresses
  • Require additional verification for large amounts
These controls happen before the transaction is signed, not by having access to the private keys. The user still controls their wallet - you’re just adding guardrails in your application layer.

Configuration

  • React
  • Node.js
  • React Native
  • REST
import { useWallet } from '@crossmint/client-sdk-react-ui';

const { getOrCreateWallet } = useWallet();

const wallet = await getOrCreateWallet({
    chain: "base",
    signer: {
        type: "email",
        email: "user@example.com"
    },
});

Other signer types

While we recommend email/phone signers, Crossmint supports additional signer types for specific use cases.
When to use: Games, loyalty programs, or apps where you want to handle everything automatically for users.With API key signers, your application has full control over the wallet and can make transactions without any user interaction.⚠️ Important: This is custodial - you control the private keys, not the user. Only use this if:
  • You have the proper licenses to hold user assets
  • You’re building apps where blockchain should be invisible (like games with in-game items)
  • Regulatory requirements allow custodial arrangements
Not recommended for: Financial services, stablecoins, or valuable assets.

Configuration

  • React
  • Node.js
  • React Native
  • REST
import { useWallet } from '@crossmint/client-sdk-react-ui';

const { getOrCreateWallet } = useWallet();

const wallet = await getOrCreateWallet({
    chain: "base",
    signer: {
        type: "api-key",
    },
});
When to use: Maximum security scenarios where users want to approve every single transaction.Passkeys require biometric authentication (fingerprint, face, device password) for every transaction.While this is highly secure and non-custodial, it creates friction:
  • Users must approve every transaction individually
  • Can be tedious for frequent transactions
  • Requires WebAuthn-compatible devices
Not recommended for: Most financial services apps - the UX friction usually isn’t worth the marginal security gain over email/phone signers.

Configuration

  • React
  • REST
import { useWallet } from '@crossmint/client-sdk-react-ui';

const { getOrCreateWallet } = useWallet();

const wallet = await getOrCreateWallet({
    chain: "base",
    signer: {
        type: "passkey",
    },
});
When to use: Web3-native users who want to connect their existing wallets (MetaMask, Phantom, etc.).The custody model depends entirely on the external wallet:
  • Self-custody wallets (MetaMask) = Non-custodial
  • Custodial wallets (Coinbase Wallet) = Custodial
Users must approve every transaction in their external wallet.Not recommended for: Mainstream consumer apps - most users don’t have crypto wallets and the UX is complex.

Configuration

  • React
  • Node.js
  • React Native
  • REST
import { useWallet } from '@crossmint/client-sdk-react-ui';

const { getOrCreateWallet } = useWallet();

const wallet = await getOrCreateWallet({
    chain: "base",
    signer: {
        type: "external-wallet",
        address: "0x1234567890123456789012345678901234567890",
    },
});

Signer comparison

Signer typeCustodyUser experience
Email, phone number, social loginNon-custodialUsers authenticate once per device the first time they are going to transact. Future transactions can happen without needing user interaction.
PasskeyNon-custodialTransactions need to be signed every time with the device biometrics or password manager.
External WalletNon-custodial or custodial depending on who has access to the wallet.Transactions need to be signed every time with the external wallet.
API KeyCustodialAll transactions can happen without needing user interaction.

Next steps

Create a Wallet

Learn how to create a wallet for your users.

Transfer Tokens

Send tokens between wallets.

Wallets Overview

Explore all wallet capabilities.