Importing & Exporting Embedded Wallets
Formatting
| Chain | โ Import Format | โ Export Format |
|---|---|---|
| EVM | Hexadecimal with or without 0x | Hexadecimal without 0x |
| Solana | Base58-encoded private key | Base58-encoded private key |
| Sui | Bech32-encoded private key | Bech32-encoded private key |
Importing External Keys
When importing an existing private key into Dynamicโs TSS-MPC system, we use Shamir Secret Sharing (SSS) to securely split the key into multiple shares. This process:
- Takes your existing private key as input
- Uses SSS to split it into either 2 or 3 shares (depending on your configuration)
- Distributes the shares between the relevant parties (user, server, and optionally a backup)
- Securely destroys the original private key
After import, the key exists solely in its distributed form, and all future operations are performed using TSS-MPC. The complete private key is never reconstructed, preserving the security benefits of TSS-MPC while enabling seamless migration from traditional wallets.
Import Functions
importPrivateKey(options)
Imports a private key. Available from the useDynamicWaas hook.
Parameters:
privateKey: string - The private key to importthresholdSignatureScheme: string - Defaults to โTWO_OF_TWOโ
Exporting Keys
Key export should be treated with caution as it temporarily reconstructs the complete private key. We recommend using the MPC system for normal operations and only exporting when absolutely necessary.
For maximum user control and portability, Dynamic allows users to export their private keys. During export:
- The key shares are temporarily recombined on the userโs device using secure MPC
- The private key is constructed client side and provided to the user
This ensures users maintain true self-custody and can always access their assets, even outside of Dynamicโs ecosystem.
When implementing Dynamic in headless mode, please ensure you are surfacing this flow to your end-users, so that they always maintain control of their wallet.
End-User Experience
The Dynamic export flow reveals the private key/seed phrase in an secure isolated iFrame to limit the ability of Dynamic, the developer, or anyone in the flow to view the exported key. For more details on the security of the iframe and cryptographic flows go to our FAQs.
Programmatically Triggering Wallet Export Flow
To open the export wallet flow on behalf of your users, you can call the initExportProcess method from the useEmbeddedReveal hook. This will open the flow described above. Only the end-user will be able to see the private key or seed phrase.
You can see the experience by going to demo.dynamic.xyz and creating an embedded wallet.
Export Functions
You can also trigger export flows programmatically using the wallet connector.
exportPrivateKey(options)
Exports the private key for a specific account. Available from the wallet connector.
Parameters:
accountAddress: string - The address of the account to exportdisplayContainer: HTMLIFrameElement - The container to display the private key in
exportClientKeyshares(options)
Exports client keyshares for a specific account. Available from the wallet connector.
Parameters:
accountAddress: string - The address of the account to export keyshares for
You should always provide your end-users with a path to reveal and replicate their keys from their embedded wallet. When using the headless embedded wallet flow, please ensure you add a path for users to complete this step using the programmatic option described above.
End-users should be aware that replicating their wallet credentials can expose their wallet to risk if the credentials are not stored securely. Users are advised to store their credentials in a secure location and not share them with anyone. When implementing Dynamic in headless mode, we recommend communicating these warnings to users.