trust-sign API API Reference

Request Content-Types: application/json
Response Content-Types: application/json
Version: 2.1.0

Paths

Generates a wallet

POST /wallet

Generate a BIP32 wallet. The PolicyTemplate object will be used to control which devices can be used as delegate or recoverer keys (individually or multi-sig) and how long the signed template object can be used to generate an address. Optionally, a seed can be provided on debug builds to force a known master key / chain code to be generated (Note: this won't work on non-debug builds to ensure that in those environments no-one can know their master key outside of the physical HSMs.)

arguments for a call to generate wallet

Request Example
{
  "policyTemplate": {
    "expiryTimestamp": 4294967295,
    "delegateSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ],
    "recovererSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ]
  },
  "publicKeySignaturePairs": [
    {
      "publicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
      "signature": "a034e1e61da1e619f8fe2773fc9cde88980f9c10865a659905d0b362b417282ed5490d068e533c596bbc55cdf8d2ff29dc6aa43ab0a5986af0b34cd165187815"
    }
  ],
  "seed": "fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"
}
201 Created

A wallet has been generated

400 Bad Request

The arguments are syntactically invalid

401 Unauthorized

Authentication required

403 Forbidden

Unauthorised. This could be due to one or more of the following situations: Not all delegate signatures are provided in the publicKeySignaturePairs array The expiryTimestamp included in the policyTemplate has passed

422 Unprocessable Entity

The policy template object is syntactically correct but contains invalid data. This could be due to one or more of the following situations: quorumCount > the length of the keys array in any given clause A schedule with zero clauses

Response Example (201 Created)
{
  "policy": {
    "version": 2,
    "creationTimestamp": 4294967295,
    "creationDeadline": 4294967295,
    "walletId": "651d0e00-1301-4555-b125-d691c4a843d5",
    "masterPublicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
    "delegateSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ],
    "recovererSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ]
  },
  "policySignature": "37b9bb33fa38fbbf75fa3ec3f7c1d717051453882dbcecc5560496188704a1bbe30fd5371523cd08b10fa249eb618d6f34944cf01e19d1ee66ec9ceeb64df8e2"
}
Response Example (400 Bad Request)
{
  "message": "string"
}
Response Example (401 Unauthorized)
{
  "message": "string"
}
Response Example (422 Unprocessable Entity)
{
  "message": "string"
}

Sign with a key from the given wallet

POST /wallet/{walletId}/sign

Sign a digest (hash) with the private key from wallet walletId at path. This operation can only be executed when accompanied by a set of one or more signatures and public key pairs (where the signature is calculated on the DER encoding of SignData i.e. combining the digest and path. See SignRequest in Models section below.) that satisfy a delegate schedule in the policyTemplate associated with the given wallet during the generate operation. If the current policy defines zero delegates then signing will not produce a signature

arguments for a call to sign

walletId: string (uuid)
in path

wallet identifier

Request Example
{
  "path": [
    "0x80000000",
    "0x00000001"
  ],
  "digest": "string",
  "publicKeySignaturePairs": [
    {
      "publicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
      "signature": "a034e1e61da1e619f8fe2773fc9cde88980f9c10865a659905d0b362b417282ed5490d068e533c596bbc55cdf8d2ff29dc6aa43ab0a5986af0b34cd165187815"
    }
  ]
}
200 OK

Payload signed

400 Bad Request

The arguments are syntactically invalid

401 Unauthorized

Authentication required

403 Forbidden

The wallet does not exist or the public key and signature pairs given do not validate any policy delegate schedules for the given wallet

422 Unprocessable Entity

The payload or public key and signature pair array is syntactically correct but contain invalid data

Response Example (200 OK)
{
  "digestSignature": "a034e1e61da1e619f8fe2773fc9cde88980f9c10865a659905d0b362b417282ed5490d068e533c596bbc55cdf8d2ff29dc6aa43ab0a5986af0b34cd165187815"
}
Response Example (400 Bad Request)
{
  "message": "string"
}
Response Example (401 Unauthorized)
{
  "message": "string"
}
Response Example (403 Forbidden)
{
  "message": "string"
}
Response Example (422 Unprocessable Entity)
{
  "message": "string"
}

Recover a wallet

POST /wallet/{walletId}/recover

Recover the wallet associated with walletId. This operation creates a new policy object from the given policyTemplate which can have a new set of delegate and recovery schedules. This operation can only be executed when accompanied by a set of one or more signatures and public key pairs (where the signature is calculated on the proposed new policyTemplate) that satisfy a recovery schedule in the existing policy associated with the given wallet. For convenience, if you're going to change an existing policy so that there are zero delegates in the newly proposed policyTemplate, then no signatures are required. A policy template on a zero delegate request must have the same recoverer schedules as the old policy

arguments for a call to recover wallet

walletId: string (uuid)
in path

wallet identifier

Request Example
{
  "policyTemplate": {
    "expiryTimestamp": 4294967295,
    "delegateSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ],
    "recovererSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ]
  },
  "publicKeySignaturePairs": [
    {
      "publicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
      "signature": "a034e1e61da1e619f8fe2773fc9cde88980f9c10865a659905d0b362b417282ed5490d068e533c596bbc55cdf8d2ff29dc6aa43ab0a5986af0b34cd165187815"
    }
  ]
}

Policy successfully updated

400 Bad Request

The arguments are syntactically invalid

401 Unauthorized

Authentication required

403 Forbidden

The pair does not exist or the public key and signature pairs given do not validate any policy recoverer schedules

422 Unprocessable Entity

The proposed policy object or public key and signature pair array is syntactically correct but contain invalid data

Response Example (200 OK)
{
  "policy": {
    "version": 2,
    "creationTimestamp": 4294967295,
    "creationDeadline": 4294967295,
    "walletId": "651d0e00-1301-4555-b125-d691c4a843d5",
    "masterPublicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
    "delegateSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ],
    "recovererSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ]
  },
  "policySignature": "37b9bb33fa38fbbf75fa3ec3f7c1d717051453882dbcecc5560496188704a1bbe30fd5371523cd08b10fa249eb618d6f34944cf01e19d1ee66ec9ceeb64df8e2"
}
Response Example (400 Bad Request)
{
  "message": "string"
}
Response Example (401 Unauthorized)
{
  "message": "string"
}
Response Example (403 Forbidden)
{
  "message": "string"
}
Response Example (422 Unprocessable Entity)
{
  "message": "string"
}

Retrieve a public key from a location in a wallet

POST /wallet/{walletId}/publickey

This end point can be used to retrieve public keys at any given path in the wallet

arguments for a call to publickey

walletId: string (uuid)
in path

wallet identifier

Request Example
{
  "path": [
    "0x80000000",
    "0x00000001"
  ]
}

Successfully generated public key at the given path

400 Bad Request

The arguments are syntactically invalid

401 Unauthorized

Authentication required

403 Forbidden

The wallet ID does not exist or the encrypted private key

422 Unprocessable Entity

Invalid path array

Response Example (200 OK)
{
  "publicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
  "provenanceSignature": "37b9bb33fa38fbbf75fa3ec3f7c1d717051453882dbcecc5560496188704a1bbe30fd5371523cd08b10fa249eb618d6f34944cf01e19d1ee66ec9ceeb64df8e2"
}
Response Example (400 Bad Request)
{
  "message": "string"
}
Response Example (401 Unauthorized)
{
  "message": "string"
}
Response Example (403 Forbidden)
{
  "message": "string"
}
Response Example (422 Unprocessable Entity)
{
  "message": "string"
}

Audit a location on a wallet

POST /wallet/{walletId}/audit

This end point can be used to audit a wallet. For a given seed, the auditor can request a known message (defined by Trustology) to be signed by a private key at a requested index. secp256k1(SHA_256(predefinedConstantMessage))). This proves that Trustology can sign with any private key for a wallet. Auditors can be confident that Trustology have not pregenerated all possible signatures for a wallet against the predefinedConstantMessage because it would be computationally infeasible for us to do so. It is important to note that in order to verify that the signature is correct for a given path, the client will need to know what the corresponding public key is. trust-sign offers clients this functionality via the publickey endpoint. However, this means that clients are still relying on the integrity of Trustology''s responses. A comprehensive audit is not possible until Trustology offer clients their master chain-code. Only at this point can clients independent verify attestations made by Trustology. The current functionality should suffice unless a more thorough audit is requested. Audit functionality can also be used in conjuntion with the authenticated sign functionality

Arguments for a call to audit

walletId: string (uuid)
in path

wallet identifier

Request Example
{
  "path": [
    "0x80000000",
    "0x00000001"
  ]
}
200 OK

Digest Signed

400 Bad Request

The arguments are syntactically invalid

401 Unauthorized

Authentication required

403 Forbidden

The wallet Id does not exist or the encrypted private key

422 Unprocessable Entity

Invalid path array

Response Example (200 OK)
{
  "digest": "string",
  "custodySignature": "string"
}
Response Example (400 Bad Request)
{
  "message": "string"
}
Response Example (401 Unauthorized)
{
  "message": "string"
}
Response Example (403 Forbidden)
{
  "message": "string"
}
Response Example (422 Unprocessable Entity)
{
  "message": "string"
}

Schema Definitions

AuditRequest:

Arguments for a call to audit

path: Path
Example
{
  "path": [
    "0x80000000",
    "0x00000001"
  ]
}

AuditResponse: object

Successful response from a call to audit

digest: Digest
custodySignature: CustodySignature
Example
{
  "digest": "string",
  "custodySignature": "string"
}

Bytes: string

Any number of bytes in hex encoding

Clause: object

A clause defines a set of keys and the minimum number of those keys required to satisfy this clause. When incorporated in data signing operations the clause object should be DER encoded according to the following ASN.1 specification: Clause ::= SEQUENCE { quorumCount INTEGER(1..100), keys SEQUENCE(SIZE(1..100)) OF OCTET STRING(SIZE(65)) }

quorumCount: integer

The number of signatures, s, required by this schedule where 1 <= s <= keys.length

keys: PublicKey

The keys associated with this schedule

PublicKey
Example
{
  "quorumCount": 1,
  "keys": [
    "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
  ]
}

CustodySignature: string

An ECDSA signature representing the points r and s, exactly 128 hex characters (i.e. 64 bytes). A CustodySignature is calculated as the signature of the Custody Private Key over the expression secp256k1(SHA_256(auditPrefix || SHA_256(auditMessage)))

Digest: string

The output from a hash function. Currently expected to be either 20 or 32 bytes (40 or 64 hex characters)

DigestSignature: string

An ECDSA signature representing the points r and s, exactly 128 hex characters (i.e. 64 bytes). A DigestSignature is calculated over a hash value resulting from a number of possible hash algorithms (including but not limited to SHA-1, SHA-256, RIPEMD-160, SHA-256 applied twice, SHA-256 over RIPEMD-160 and Ethereum's variation on SHA3-256 known as keccak)

Error: object

Returned for any 4xx or 5xx response

message: string
Example
{
  "message": "string"
}

GenerateRequest: object

Arguments for a call to generate wallet. The request should be signed by all delegates in the PolicyTemplate object. Signatures in publicKeySignaturePairs should be calculated over the SHA_256(der(PolicyTemplate))

policyTemplate: PolicyTemplate
publicKeySignaturePairs: PublicKeySignaturePair
PublicKeySignaturePair
seed: Seed
Example
{
  "policyTemplate": {
    "expiryTimestamp": 4294967295,
    "delegateSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ],
    "recovererSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ]
  },
  "publicKeySignaturePairs": [
    {
      "publicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
      "signature": "a034e1e61da1e619f8fe2773fc9cde88980f9c10865a659905d0b362b417282ed5490d068e533c596bbc55cdf8d2ff29dc6aa43ab0a5986af0b34cd165187815"
    }
  ],
  "seed": "fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"
}

GenerateResponse: object

Successful response from a call to generate wallet. The policySignature is p256(SHA_256(der(policy))), where the signing key is the HSM provenance key. For a client to verify this response, they would need to SHA_256(der(policy)) and then verify the signature with the public provenance key. This gives clients confidence that the response was sent from Trustology. A policy is a superset of a policyTemplate, this means a client will be able to calculate if the were the intended recipient of the message i.e. after checking the policy signature, a client should check that the policyTemplate fields are included in the policy. Check that expiryTimestamp (policyTemplate) is equal to creationDeadline (policy) and that the delegate and recoverer schedules haven't changed between the two structures

policy: Policy
policySignature: PolicySignature
Example
{
  "policy": {
    "version": 2,
    "creationTimestamp": 4294967295,
    "creationDeadline": 4294967295,
    "walletId": "651d0e00-1301-4555-b125-d691c4a843d5",
    "masterPublicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
    "delegateSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ],
    "recovererSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ]
  },
  "policySignature": "37b9bb33fa38fbbf75fa3ec3f7c1d717051453882dbcecc5560496188704a1bbe30fd5371523cd08b10fa249eb618d6f34944cf01e19d1ee66ec9ceeb64df8e2"
}

Path: array

A path to a given derived key inside an HD wallet. A sequence of integers that may be empty

PathElement
Example
[
  "0x80000000",
  "0x00000001"
]

PathElement: string

An element in a path array.

Policy: object

This is the resulting policy object that is derived from a policyTemplate object on a request to generate

version: Version
creationTimestamp: Timestamp
creationDeadline: Timestamp
walletId: WalletId
masterPublicKey: PublicKey
delegateSchedules: Schedule

The rule(s) for delegate key signing

Schedule
recovererSchedules: Schedule

The rule(s) for recoverer key signing

Schedule
Example
{
  "version": 2,
  "creationTimestamp": 4294967295,
  "creationDeadline": 4294967295,
  "walletId": "651d0e00-1301-4555-b125-d691c4a843d5",
  "masterPublicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
  "delegateSchedules": [
    [
      {
        "quorumCount": 1,
        "keys": [
          "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
        ]
      }
    ]
  ],
  "recovererSchedules": [
    [
      {
        "quorumCount": 1,
        "keys": [
          "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
        ]
      }
    ]
  ]
}

PolicySignature: string

An ECDSA signature representing the points r and s, exactly 128 hex characters (i.e. 64 bytes). A PolicySignature is calculated as the signature of the HSM Private Key over the DER encoding of a Policy object, according to the following ASN.1 specification - Policy ::= SEQUENCE { version INTEGER(1..9999999), creationTimestamp INTEGER(0..4294967295), creationDeadline INTEGER(0..4294967295), walletId PrintableString(SIZE(36)), masterPublicKey OCTET STRING(SIZE(65)), delegateSchedules SEQUENCE OF SEQUENCE OF Clause, recovererSchedules SEQUENCE OF SEQUENCE OF Clause } Clause ::= SEQUENCE { quorumCount INTEGER(1..100), keys SEQUENCE(SIZE(1..100)) OF OCTET STRING(SIZE(65)) }

PolicyTemplate: object

The set of rules specifying who can sign with a particular wallet, used in generate and recover requests. Any signature over a PolicyTemplate object should be calculated according to the following ASN.1 specification: PolicyTemplate ::= SEQUENCE { expiryTimestamp INTEGER(0..4294967295), delegateSchedules SEQUENCE OF SEQUENCE OF Clause, recovererSchedules SEQUENCE OF SEQUENCE OF Clause } Clause ::= SEQUENCE { quorumCount INTEGER(1..100), keys SEQUENCE(SIZE(1..100)) OF OCTET STRING(SIZE(65)) }

expiryTimestamp: Timestamp
delegateSchedules: Schedule

The rule(s) for delegate key signing

Schedule
recovererSchedules: Schedule

The rule(s) for recoverer key signing

Schedule
Example
{
  "expiryTimestamp": 4294967295,
  "delegateSchedules": [
    [
      {
        "quorumCount": 1,
        "keys": [
          "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
        ]
      }
    ]
  ],
  "recovererSchedules": [
    [
      {
        "quorumCount": 1,
        "keys": [
          "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
        ]
      }
    ]
  ]
}

ProvenanceSignature: string

An ECDSA signature representing the points r and s, exactly 128 hex characters (i.e. 64 bytes). A ProvenanceSignature is calculated as the signature of the HSM Private Key over the DER encoding of ProvenanceData, according to the following ASN.1 specification - ProvenanceData ::= SEQUENCE { walletId PrintableString(SIZE(36)), path SEQUENCE OF INTEGER(0..4294967295), publicKey OCTET STRING(SIZE(65)) } OR if path was not supplied ProvenanceData ::= SEQUENCE { walletId PrintableString(SIZE(36)), publicKey OCTET STRING(SIZE(65)) } The provenance signature acts as a proof that the public key that was returned came from Trustology. As a client, you would also want to prove that you were the intended recipient of the message. To do this, the client would verify that their walletId was included as part of the input to produce the provenance signature

PublicKey: string

An ECDSA public key in uncompressed hex format (first bytes always 04), exactly 130 hex characters (i.e. 65 bytes)

PublicKeyRequest:

Arguments for a call to publickey. The path will specify which public key should be returned

path: Path
Example
{
  "path": [
    "0x80000000",
    "0x00000001"
  ]
}

PublicKeyResponse: object

Successful response from a call to publickey

publicKey: PublicKey
provenanceSignature: ProvenanceSignature
Example
{
  "publicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
  "provenanceSignature": "37b9bb33fa38fbbf75fa3ec3f7c1d717051453882dbcecc5560496188704a1bbe30fd5371523cd08b10fa249eb618d6f34944cf01e19d1ee66ec9ceeb64df8e2"
}

PublicKeySignaturePair: object

A pair consisting of an ECDSA public key and a signature. Avoids needing to verify every signature against every public key in the policy.

publicKey: PublicKey
signature: DigestSignature
Example
{
  "publicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
  "signature": "a034e1e61da1e619f8fe2773fc9cde88980f9c10865a659905d0b362b417282ed5490d068e533c596bbc55cdf8d2ff29dc6aa43ab0a5986af0b34cd165187815"
}

RecoverRequest: object

Arguments for a call to recover. The request should be signed by all delegates in the PolicyTemplate object and enough recoverers to satisfy at least one recovery schedule in the existing Policy object for this wallet. Signatures in publicKeySignaturePairs should be calculated over the DER encoding of the PolicyTemplate object

policyTemplate: PolicyTemplate
publicKeySignaturePairs: PublicKeySignaturePair
PublicKeySignaturePair
Example
{
  "policyTemplate": {
    "expiryTimestamp": 4294967295,
    "delegateSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ],
    "recovererSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ]
  },
  "publicKeySignaturePairs": [
    {
      "publicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
      "signature": "a034e1e61da1e619f8fe2773fc9cde88980f9c10865a659905d0b362b417282ed5490d068e533c596bbc55cdf8d2ff29dc6aa43ab0a5986af0b34cd165187815"
    }
  ]
}

RecoverResponse: object

Successful response from a call to recover

policy: Policy
policySignature: PolicySignature
Example
{
  "policy": {
    "version": 2,
    "creationTimestamp": 4294967295,
    "creationDeadline": 4294967295,
    "walletId": "651d0e00-1301-4555-b125-d691c4a843d5",
    "masterPublicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
    "delegateSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ],
    "recovererSchedules": [
      [
        {
          "quorumCount": 1,
          "keys": [
            "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
          ]
        }
      ]
    ]
  },
  "policySignature": "37b9bb33fa38fbbf75fa3ec3f7c1d717051453882dbcecc5560496188704a1bbe30fd5371523cd08b10fa249eb618d6f34944cf01e19d1ee66ec9ceeb64df8e2"
}

Schedule: array

A schedule defines a set of clauses that all must be satisfied

Clause
Example
[
  {
    "quorumCount": 1,
    "keys": [
      "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e"
    ]
  }
]

Seed: string

Random data for generating a known BIP32 wallet (this is only available in debug builds). Must be exactly 128 / 512 bits.

SignRequest:

Arguments for a call to sign. The request must be signed by a number of delegates that satisfies at least one delegate schedule in the Policy registered for this wallet in a generate or recover call. Signatures in publicKeySignaturePairs should be calculated over SignData. As per the schema below, this combines the digest and path into one piece of data for signing. Thus, the client would perform the following - p256((SHA_256(der(SignData)))). SignFunction DEFINITIONS ::= BEGIN SignData ::= SEQUENCE { digest OCTET STRING(SIZE(32)), path SEQUENCE(SIZE(0..100)) OF INTEGER(0..4294967295) } END

path: Path
digest: Digest
publicKeySignaturePairs: PublicKeySignaturePair
PublicKeySignaturePair
Example
{
  "path": [
    "0x80000000",
    "0x00000001"
  ],
  "digest": "string",
  "publicKeySignaturePairs": [
    {
      "publicKey": "044595b77dd9758d382268bac9f82f02640fab533b222e597f6c82e66d53d1faa01dc190ff17729c62763cffc7f7abc0e72d24243ff0773bfa8c70374a18b2180e",
      "signature": "a034e1e61da1e619f8fe2773fc9cde88980f9c10865a659905d0b362b417282ed5490d068e533c596bbc55cdf8d2ff29dc6aa43ab0a5986af0b34cd165187815"
    }
  ]
}

SignResponse: object

Successful response from a call to sign. The digest signature is secp256k1(digest)

digestSignature: DigestSignature
Example
{
  "digestSignature": "a034e1e61da1e619f8fe2773fc9cde88980f9c10865a659905d0b362b417282ed5490d068e533c596bbc55cdf8d2ff29dc6aa43ab0a5986af0b34cd165187815"
}

Timestamp: number

UTC seconds since epoch

Example
4294967295

Version: integer

Version assigned to a policy object. Initial value of version is 1 on policy creation. Version gets incremented by 1 every time a policy is recovered

Example
2

WalletId: string

A UUID corresponding to a wallet