A comprehensive hierarchical deterministic wallet implementation in pure C++, compiled to WebAssembly for cross-platform compatibility. BIP-32/39/44 compliant with multi-curve cryptography and multi-chain support.
Core WebAssembly library. BIP-32/39/44 HD key derivation, multi-curve cryptography, X.509 certificate issuance, wallet attestations, address generation, signing, and encryption for 50+ blockchains.
npm install hd-wallet-wasm
import HDWalletWasm from 'hd-wallet-wasm';
const wallet = await HDWalletWasm();
const mnemonic = wallet.mnemonic.generate(24);
const seed = wallet.mnemonic.toSeed(mnemonic);
const master = wallet.hdkey.fromSeed(seed);
const btcKey = master.derivePath("m/84'/0'/0'/0/0");
const address = wallet.bitcoin.getAddress(btcKey.publicKey(), 2);
Drop-in modal UI for any web app. Provides login, key management, identity (vCard), trust map, and adversarial security bond modals. Attach to any button — fully styleable via CSS custom properties.
npm install hd-wallet-ui
import { createWalletUI } from 'hd-wallet-ui';
const wallet = await createWalletUI();
// Open login modal on any button click
document.getElementById('my-btn')
.addEventListener('click', () => wallet.openLogin());
// Open account/keys modal
wallet.openAccount();
// Remove all injected UI
wallet.destroy();
Headless utilities (address derivation, wallet storage) are also available via hd-wallet-ui/lib.
Full implementation of BIP-32 (HD keys), BIP-39 (mnemonic phrases), BIP-44/49/84 (account hierarchy), and SLIP-44 (coin types).
Support for secp256k1 (Bitcoin, Ethereum), Ed25519 (Solana, Polkadot), NIST P-256, P-384, and X25519 key exchange.
Bitcoin (all address types), Ethereum/EVM, Solana, Cosmos/Tendermint, Polkadot/Substrate, and 50+ coins via SLIP-44.
Compiled to WASM for browser, Node.js, and WASI runtimes. Works with Go, Rust, Python, and any WASI-compatible host.
Issue standard P-256/P-384 certificates, exchange PEM/DER/PKCS#12, and embed wallet attestations that bind a certificate to a selected crypto key.
Abstraction layer for Trezor, Ledger, and KeepKey devices with WASI bridge integration for USB/HID communication.
Secure memory wiping, optional FIPS-compliant mode, and comprehensive input validation for production use.
import HDWalletWasm from 'hd-wallet-wasm'; const wallet = await HDWalletWasm(); const mnemonic = wallet.mnemonic.generate(24); const seed = wallet.mnemonic.toSeed(mnemonic, 'optional passphrase'); const masterKey = wallet.hdkey.fromSeed(seed); const btcKey = masterKey.derivePath("m/84'/0'/0'/0/0"); const btcAddress = wallet.bitcoin.getAddress(btcKey.publicKey(), 2); const ethKey = masterKey.derivePath("m/44'/60'/0'/0/0"); const ethAddress = wallet.ethereum.getAddress(ethKey.publicKey()); console.log('Bitcoin:', btcAddress); console.log('Ethereum:', ethAddress);import HDWalletWasm from 'hd-wallet-wasm'; const wallet = await HDWalletWasm(); const seed = wallet.mnemonic.toSeed(mnemonic, 'passphrase'); const masterKey = wallet.hdkey.fromSeed(seed); // Sign a Bitcoin message (secp256k1) const btcKey = masterKey.derivePath("m/84'/0'/0'/0/0"); const btcSig = wallet.bitcoin.signMessage('Hello Bitcoin!', btcKey.privateKey()); // Sign an Ethereum message (EIP-191) const ethKey = masterKey.derivePath("m/44'/60'/0'/0/0"); const ethSig = wallet.ethereum.signMessage('Hello Ethereum!', ethKey.privateKey()); // Raw secp256k1 recoverable signature const msgHash = wallet.utils.sha256('my message'); const { signature, recoveryId } = wallet.curves.secp256k1.signRecoverable( msgHash, btcKey.privateKey() ); // Ed25519 signing (Solana) const solKey = masterKey.derivePath("m/44'/501'/0'/0/0"); const edSig = wallet.curves.ed25519.sign('payload', solKey.privateKey()); const valid = wallet.curves.ed25519.verify('payload', edSig, solKey.publicKey());import HDWalletWasm from 'hd-wallet-wasm'; const wallet = await HDWalletWasm(); // Generate a 256-bit AES key and 12-byte IV const aesKey = wallet.utils.generateAesKey(256); const iv = wallet.utils.generateIv(); // Encrypt with AES-256-GCM const plaintext = new TextEncoder().encode('Secret message'); const { ciphertext, tag } = wallet.utils.aesGcm.encrypt(aesKey, plaintext, iv); // Decrypt const decrypted = wallet.utils.aesGcm.decrypt(aesKey, ciphertext, tag, iv); console.log(new TextDecoder().decode(decrypted)); // 'Secret message' // With additional authenticated data (AAD) const aad = new TextEncoder().encode('metadata'); const encrypted = wallet.utils.aesGcm.encrypt(aesKey, plaintext, iv, aad); const result = wallet.utils.aesGcm.decrypt( aesKey, encrypted.ciphertext, encrypted.tag, iv, aad );
Standard Web PKI for TLS and device identity, with a wallet-backed attestation layer that binds certificates to HD-wallet keys.
Browsers, load balancers, reverse proxies, mTLS deployments, device identity systems, and keystore tooling all already speak X.509. That means if we want a certificate that real infrastructure can consume, we use normal Web PKI instead of inventing a repo-local identity format.
What `hd-wallet-wasm` adds is a second proof path: the certificate can carry a wallet attestation signed by a selected wallet key. The certificate remains interoperable for TLS, and applications that care about wallet identity can verify the extra proof.
import HDWalletWasm, { Curve, X509Encoding } from 'hd-wallet-wasm';
const wallet = await HDWalletWasm();
const now = Math.floor(Date.now() / 1000);
const certKey = wallet.x509.generatePrivateKey(Curve.P256);
const certPem = wallet.x509.createSelfSignedCertificate(
{
subjectDn: 'CN=api.example.com,O=Digital Arsenal,C=US',
serialHex: '1001',
notBeforeUnix: now - 300,
notAfterUnix: now + 31536000,
dnsNames: ['api.example.com'],
keyUsage: ['digitalSignature', 'keyEncipherment'],
extendedKeyUsage: ['serverAuth'],
walletAttestation: {
curve: Curve.SECP256K1,
privateKey: wallet.utils.decodeHex(
'000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'
),
keyLabel: 'btc-root'
}
},
Curve.P256,
certKey,
X509Encoding.PEM
);
const parsed = wallet.x509.parseCertificate(certPem);
const walletProofValid = wallet.x509.verifyWalletAttestation(certPem);
Certificate issuance stays on regular P-256 or P-384 keys. The repo can create self-signed certs, issue subordinates, convert PEM and DER, and package material as PKCS#12 for normal keystores.
Standard TLS tooling gets a normal certificate. Wallet-aware verifiers get an additional proof that the certificate was attested by a selected wallet key without replacing the existing PKI chain.
The wallet attestation signs canonical certificate fields including the SPKI digest. That creates a durable binding between the certificate and the chosen wallet identity, such as a Bitcoin-root secp256k1 key.
First validate the normal X.509 chain. Then parse the certificate and verify the embedded wallet proof. Both need to pass if you want to prove a server certificate was bound by a wallet key.
Rational actors drain compromised keys. Undrained value proves key integrity.
Cryptographic public keys can derive addresses on cryptocurrency networks. By depositing value at those derived addresses, you create a game-theoretic security bond. A rational actor who compromises the private key will drain the funds — the payout is immediate, anonymous, and risk-free. This makes the balance a real-time indicator of key integrity: undrained value implies an uncompromised key.
A public key used for signing data can mathematically derive addresses on multiple blockchain networks (BIP-32/44). One key pair serves both authentication and value custody.
Derived addresses are permissionless — anyone can deposit funds to signal trust in a key. The aggregate balance quantifies the economic cost of compromise.
Draining funds is the dominant strategy: it's immediate, irreversible, and carries zero marginal risk. Undrained value therefore implies no compromise.
Blockchain state is publicly auditable and updates every block. This provides continuous, permissionless proof of key integrity — not a certificate, but a live signal.
Login to derive addresses from your keys and check live balances across multiple blockchain networks.