Function Signature
@dynamic-labs-wallet/node.
Description
Generates a P-256 (ECDSA) session key pair for the signed-session flow. PasspublicKeyHex at sign-in (the sessionPublicKey parameter of verifyOtp, wallet.signIn, or wallet.verify) to bind the session key into the minted JWT, and use privateKeyJwk with signSessionMessage to implement getSessionSignature.
Stateless and custody-agnostic: the SDK does not persist the key. You store privateKeyJwk wherever you keep secrets.
The returned JWK is extractable (so it can be handed back to you) and is therefore a convenience path, not a security boundary. If you need a non-extractable key — so a host or operator cannot exfiltrate it — do not use this function: generate the key in a KMS, HSM, or enclave, pass its compressed public key hex at sign-in, and supply a getSessionSignature that signs there.
Parameters
None.Returns
publicKeyHex(string) - The public key as 33-byte compressed SEC1, lowercase hex.privateKeyJwk(JsonWebKey) - The private key as a JWK. Store it in your secrets vault; never log it.
Example
Related Functions
signSessionMessage()- Sign messages with the generated JWKauthenticateJwt()- Use the key pair as a session signercreateAuthClient()- Sign-in flows that acceptsessionPublicKey