curl --request POST \
--url https://api.privy.io/v1/wallets/{wallet_id}/export \
--header 'Authorization: Basic <encoded-value>' \
--header 'Content-Type: application/json' \
--header 'privy-app-id: <privy-app-id>' \
--data '{
"encryption_type": "HPKE",
"recipient_public_key": "<base64-encoded-recipient-public-key>"
}'
{
"encryption_type": "HPKE",
"ciphertext": "N3rWFx85foeomDu8054VcwNBIwPkVNt4i5m2av1sXsXeWrIicVGwutFist12MmnI",
"encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE="
}
This endpoint exports a wallet’s private key using Hybrid Public Key Encryption (HPKE). The following HPKE configuration is supported:
- KEM (Key Encapsulation Mechanism): DHKEM_P256_HKDF_SHA256
- KDF (Key Derivation Function): HKDF_SHA256
- AEAD (Authenticated Encryption with Associated Data): CHACHA20_POLY1305
- Mode: BASE
curl --request POST \
--url https://api.privy.io/v1/wallets/{wallet_id}/export \
--header 'Authorization: Basic <encoded-value>' \
--header 'Content-Type: application/json' \
--header 'privy-app-id: <privy-app-id>' \
--data '{
"encryption_type": "HPKE",
"recipient_public_key": "<base64-encoded-recipient-public-key>"
}'
{
"encryption_type": "HPKE",
"ciphertext": "N3rWFx85foeomDu8054VcwNBIwPkVNt4i5m2av1sXsXeWrIicVGwutFist12MmnI",
"encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE="
}
privy-authorization-signature
Request authorization signature. If multiple signatures are required, they should be comma
separated.
Path Parameters
ID of the wallet to export.
Body
Currently only supports HPKE (Hybrid Public Key Encryption).
Base64-encoded public key of the recipient who will decrypt the private key. This key must be
generated securely and kept confidential.
Response
Will be HPKE to indicate Hybrid Public Key Encryption was used.
Base64-encoded encrypted private key.
Base64-encoded ephemeral public key used in the HPKE encryption process. Required for decryption.
