Vault

Secure key and secrets management

The Vault service offers state-of-the-art key management with a focus on providing advanced privacy and messaging capabilities (i.e., zero-knowledge proofs, SNARK-friendly hash functions, double-ratchet algorithm, etc.) in a single enterprise-grade API.

Supported Key Specs

This section describes the elliptic curves and key specifications which are currently supported by the API. Supported curves and key specs are defined with a type of either or symmetric or asymmetric. Certain symmetric keys support key derivation (i.e., such as the ChaCha20 stream cipher). Other key specs, such as RSA, are provided for convenience and to achieve table-stakes feature-parity with industry-standard key management solutions such as AWS Key Management Service, Azure Key Vault, Hashicorp Vault, etc.

Symmetric

Key SpecDescription

AES-256-GCM

default encryption for the master key of each Vault instance

ChaCha20

stream cipher useful with double-ratchet messaging algorithm

RSA

2048, 3072 and 4096-bit RSASSA-PSS and RSASSA-PKCS1-V1_5-SIGN for sign/verify operations; RSAES_OAEP_SHA_256 for encrypt/decrypt operations

Asymmetric

Key SpecDescription

babyJubJub

a twisted Edwards elliptic curve designed for zk-SNARK circuits

BIP39

BIP39 hierarchical deterministic (HD) wallet for deriving secp256k1 keys

C25519

elliptic curve designed for Diffie-Hellman (ECDH) key exchange

Ed25519

EdDSA signature scheme using SHA-512 (SHA-2)

Ed25519-nkey

public key signature system based on Ed25519 for the NATS community

RSA

2048, 3072 and 4096-bit PSS and PKCS for sign/verify operations OAEPSHA256 for encrypt/decrypt operations

secp256k1

elliptic curve used with ECDSA (i.e., ETH, BTC)

PreviousGnarkNextHD Wallets

Last updated