keyget_tee_public_key

Fetch the TEE's compressed secp256k1 public key for ECDH encryption

Fetch the TEE's (Trusted Execution Environment) compressed secp256k1 public key used for ECDH-based encryption in Seismic shielded transactions.


Overview

Every Seismic node runs a TEE that generates an ephemeral secp256k1 keypair on startup. The TEE's public key is used by clients to derive a shared AES encryption key via ECDH (Elliptic Curve Diffie-Hellman). This shared key encrypts transaction calldata end-to-end from the client to the TEE.

This method retrieves that public key from the node.


Signatures

Sync
Async

Parameters

This method takes no parameters.


Returns

Type: CompressedPublicKey (33-byte bytes)

A 33-byte compressed secp256k1 public key in SEC format:

  • First byte: 0x02 or 0x03 (y-coordinate parity)

  • Next 32 bytes: x-coordinate


Examples

Sync Usage

Async Usage

With Wallet Client


Implementation Details

RPC Call

This method calls the custom Seismic RPC method:

No parameters are required. The node returns the TEE's current public key.

Encryption State

When you create a wallet client with create_wallet_client(), the SDK:

  1. Calls get_tee_public_key() automatically

  2. Generates an ephemeral client keypair

  3. Derives a shared AES-GCMarrow-up-right key via ECDHarrow-up-right

  4. Stores the encryption state in w3.seismic.encryption

You don't need to call this method manually unless you're implementing custom encryption logic.

Key Rotation

The TEE's public key is ephemeral and regenerated when the node restarts. If the key changes:

  • Existing encryption states become invalid

  • You must recreate wallet clients to re-derive the shared key

The SDK does not automatically detect key rotation. Monitor your node's uptime or handle RPC errors that might indicate stale encryption state.


Notes

Public Method

get_tee_public_key() is available on both:

  • Public clients (create_public_client) — Read-only, no private key

  • Wallet clients (create_wallet_client) — Full capabilities

No Caching

The method queries the node every time. If you need to call it frequently, consider caching the result locally. However, be aware that the key may change if the node restarts.

Testing

In test environments, the TEE may return a deterministic key for reproducibility. Consult your node's configuration for details.


Error Handling


See Also

Last updated