> ## Documentation Index
> Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Export EVM Private Key

> Export the raw EVM private key from a Dynamic MPC wallet for migration or disaster recovery

## Overview

`DynamicEvmWalletClient::export_private_key` returns the wallet's raw 32-byte EVM private key as `0x`-prefixed hex. The MPC export ceremony returns an xpriv; the SDK then derives the final private key at the wallet's BIP-44 path.

<Warning>
  Once exported, the raw private key bypasses MPC — any holder of the key can sign without your server's involvement. Treat it as a one-way operation. Only use it for migration or disaster recovery, and rotate / abandon the wallet afterward.
</Warning>

## Prerequisites

* [Created an EVM wallet](/rust/evm/create-wallet)
* Persisted `WalletProperties` and `Vec<ServerKeyShare>`

## Export the Key

```rust theme={"system"}
use dynamic_waas_sdk_evm::DynamicEvmWalletClient;

let evm = DynamicEvmWalletClient::new(&client);

let private_key_hex = evm
    .export_private_key(&wallet_properties, &external_server_key_shares)
    .await?;

// 0x-prefixed 32-byte hex, e.g. "0xabcd…"
println!("Private key: {private_key_hex}");
```

## Verifying the exported key

The exported key should derive the same address as `wallet_properties.account_address`. With `alloy`:

```rust theme={"system"}
use alloy_primitives::{hex, Address};
use k256::ecdsa::SigningKey;

let bytes = hex::decode(private_key_hex.strip_prefix("0x").unwrap())?;
let signing_key = SigningKey::from_slice(&bytes)?;
let verifying_key = signing_key.verifying_key();
let derived: Address = Address::from_public_key(verifying_key);

assert_eq!(
    derived.to_checksum(None),
    wallet_properties.account_address,
);
```

## Best Practices

* **Treat exports as a one-way operation** — don't use the same wallet through MPC after exporting; rotate to a fresh wallet.
* **Never log the key** — redact it from all logs and error messages.
* **Zero memory after use** — `zeroize::Zeroize` the `String` once you've forwarded it to its destination.
* **Transport over TLS only** — never send the key over an unencrypted channel.
