Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt

Use this file to discover all available pages before exploring further.

Overview

DynamicEvmWalletClient::exportPrivateKey returns the wallet’s raw 32-byte EVM private key as 0x-prefixed hex. The MPC export ceremony returns an xpriv; the SDK then BIP-32-derives the final private key at the wallet’s recorded derivation path.
Once exported, the raw private key bypasses MPC — any holder of the key can sign without your server’s involvement. Treat it as a one-way operation. Only use it for migration or disaster recovery, and rotate / abandon the wallet afterward.

Prerequisites

Export the Key

import xyz.dynamic.waas.evm.DynamicEvmWalletClient;

String privateKeyHex = client.exportPrivateKey(
    walletProperties,
    externalServerKeyShares
).join();

// 0x-prefixed 32-byte hex, e.g. "0xabcd…"
System.out.println("Private key: " + privateKeyHex);

Verifying the exported key

The exported key should derive the same address as walletProperties.accountAddress(). With web3j: 
import org.web3j.crypto.Credentials;
import org.web3j.crypto.ECKeyPair;
import org.web3j.utils.Numeric;

ECKeyPair pair    = ECKeyPair.create(Numeric.toBigInt(privateKeyHex));
Credentials creds = Credentials.create(pair);
String derived    = creds.getAddress();   // EIP-55 checksum form

assert derived.equalsIgnoreCase(walletProperties.accountAddress());

Best Practices

  • Treat exports as a one-way operation — don’t use the same wallet through MPC after exporting; rotate to a fresh wallet.
  • Never log the key — redact it from all logs and error messages. The SDK’s tracing instrumentation already skips this arg; do the same in your own code.
  • Zero memory after use — keep the key as char[] / byte[] where possible and explicitly zero it after forwarding to its destination.
  • Transport over TLS only — never send the key over an unencrypted channel.

Next Steps