Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt

Use this file to discover all available pages before exploring further.

Overview

DynamicEvmWalletClient::export_private_key returns the wallet’s raw 32-byte EVM private key as 0x-prefixed hex. The MPC export ceremony returns an xpriv; the SDK then derives the final private key at the wallet’s BIP-44 path.
Once exported, the raw private key bypasses MPC — any holder of the key can sign without your server’s involvement. Treat it as a one-way operation. Only use it for migration or disaster recovery, and rotate / abandon the wallet afterward.

Prerequisites

Export the Key

use dynamic_waas_sdk_evm::DynamicEvmWalletClient;

let evm = DynamicEvmWalletClient::new(&client);

let private_key_hex = evm
    .export_private_key(&wallet_properties, &external_server_key_shares)
    .await?;

// 0x-prefixed 32-byte hex, e.g. "0xabcd…"
println!("Private key: {private_key_hex}");

Verifying the exported key

The exported key should derive the same address as wallet_properties.account_address. With alloy: 
use alloy_primitives::{hex, Address};
use k256::ecdsa::SigningKey;

let bytes = hex::decode(private_key_hex.strip_prefix("0x").unwrap())?;
let signing_key = SigningKey::from_slice(&bytes)?;
let verifying_key = signing_key.verifying_key();
let derived: Address = Address::from_public_key(verifying_key);

assert_eq!(
    derived.to_checksum(None),
    wallet_properties.account_address,
);

Best Practices

  • Treat exports as a one-way operation — don’t use the same wallet through MPC after exporting; rotate to a fresh wallet.
  • Never log the key — redact it from all logs and error messages.
  • Zero memory after usezeroize::Zeroize the String once you’ve forwarded it to its destination.
  • Transport over TLS only — never send the key over an unencrypted channel.