Create Multisignature Keys
Overview
For self-custody multisignature wallets, you can create your own user and backup keys. Key creation occurs entirely client side. At no point does BitGo have access to your private user or backup keys for self-custody wallets. However, BitGo always creates and stores the BitGo key.
Note the following difference between keys for cold and hot wallets:
- Cold wallets - Enhance your security by creating keys on an air-gapped machine, either programmatically (using the steps below) or through the Offline Vault Console (OVC). When you create a cold wallet, you send to BitGo only your public keys.
- Hot wallets - Quickly create keys, client side, on an internet-connected machine. When you create a hot wallet, you send to BitGo your public key and versions of your private keys encrypted using your passphrase.
Note: If you want to store your own keys for your self-custody hot wallets, follow the steps in Set Up External-Signing Mode.
Prerequisites
1. Create Public and Private Keys
Generate public/private key pairs.
1 2 3 4 5 6 7 8 9 10 11
const BitGoJS = require('bitgo'); const bitgo = new BitGoJS.BitGo({ env: 'test' }); // Set your access token here const accessToken = 'v2xcbe8617bd58947a9ec41cc7a92e0a9a9d81dc2780669faa59eab3016ad5792ae'; // Set your coin of choice here const coin = 'tbtc'; bitgo.authenticateWithAccessToken({ accessToken }); let key = bitgo.coin(coin).keychains().create(); console.dir(key);
Step Result
1 2 3 4
{ "pub": "xpub661MyMwAqRbcEq5qQLciVPfCyCvx9KstKVp71TxujjY9Kbapv6o2YjtRAV1tfYgQZxBaN6FfFfE3CD21ZRSsd4WkqkFWSZDTiDqf49qtkh7", "prv": "xprv9s21ZrQH143K2M1NJK5i8FiURB6TjsA2xGtWD5ZJBQ1ASoFgNZUmzwZwKC9WnyRaN2f4uAdHPdMmLbw2SsUKa6J2bWUEWihbMKcrhJSZueH" }
To create your backup key and BitGo key, repeat this step 2 more times.
Note: This step may appear to create the actual BitGo key. However, the
pub
andpriv
that you get for the BitGo key are only temporary. BitGo creates the actual public and private key pair for the BitGo key in the next step.
2. Upload Public Keys to BitGo
Upload an encrypted version of your private keys to BitGo.
Note: If you want to store your own keys for your self-custody hot wallets, follow the steps in Set Up External-Signing Mode.
1 2 3 4 5 6 7 8 9 10 11
// Creates user key let userKey = bitgo.coin("tbtc").keychains().create(); // Creates BitGo key let bitGoKey = bitgo.coin("tbtc").keychains().createBitGo(); // Creates backup key let backupKey = bitgo .coin("tbtc") .keychains() .createBackup({ provider: "coincover" });
Step Result
1 2 3 4 5 6 7
{ "id": "62e18649381037000872496848a7939f", "pub": "xpub661MyMwAqRbcEq5qQLciVPfCyCvx9KstKVp71TxujjY9Kbapv6o2YjtRAV1tfYgQZxBaN6FfFfE3CD21ZRSsd4WkqkFWSZDTiDqf49qtkh7", "ethAddress": "0x9414569b0f0678b4eb6bacf99689fe596482473b", "source": "user", "type": "independent" }
You receive an id
for each key that you will use when you create your wallets.
This call also triggers BitGo to create the actual public and private key pair for the BitGo key. This is stored by BitGo and isn't shared with you. Although you do use the id
for the BitGo key to create a wallet, you can't use the BitGo key you created in step 1 to co-sign transactions.
Next
Use the id
for each key when you Create Wallets.