search

walletShielded Wallet Client

Full-featured client with encryption, shielded writes, and signed reads

Full-featured client for Seismic that handles encryption, shielded writes, and signed reads. Extends viem's wallet client with an ECDH-derived AES encryption pipeline. On construction, it fetches the TEE public key from the node and derives a shared AES key for encrypting calldata.

hashtag
Import

import { createShieldedWalletClient } from "seismic-viem";

hashtag
Constructor

const walletClient = await createShieldedWalletClient({
  chain: seismicTestnet,
  transport: http(),
  account: privateKeyToAccount("0x..."),
});
circle-info

createShieldedWalletClient is async -- it fetches the TEE public key from the node during construction and derives the AES encryption key. Always await the result.

hashtag
Parameters

Parameter
Type
Required
Description

chain

Chain

Yes

Chain configuration (e.g., seismicTestnet)

transport

Transport

Yes

viem transport (e.g., http())

account

Account

Yes

viem account (from privateKeyToAccount or custom)

encryptionSk

Hex

No

Custom encryption private key. If not provided, generates a random secp256k1 key

publicClient

ShieldedPublicClient

No

Reuse an existing ShieldedPublicClient instead of creating a new one

hashtag
Return Type

Promise<ShieldedWalletClient>

A viem Client extended with PublicActions, WalletActions, EncryptionActions, ShieldedPublicActions, ShieldedWalletActions, DepositContractPublicActions, DepositContractWalletActions, and SRC20WalletActions.

hashtag
Usage

hashtag
Initialization Lifecycle

When you call createShieldedWalletClient(), the following steps happen:

  1. Creates a ShieldedPublicClient (or reuses the one provided via publicClient)

  2. Fetches the TEE public key from the node via seismic_getTeePublicKey RPC

  3. Generates an ephemeral secp256k1 keypair (or uses the provided encryptionSk)

  4. Derives an AES-256 key via ECDH between the client's private key and the TEE's public key

  5. Composes all action layers (PublicActions, WalletActions, EncryptionActions, ShieldedPublicActions, ShieldedWalletActions, DepositContractPublicActions, DepositContractWalletActions, SRC20WalletActions) onto a single viem client

hashtag
Actions

hashtag
Shielded Wallet Actions

Action
Description

writeContract(params)

Shielded write -- encrypts calldata with the AES key before sending

twriteContract(params)

Transparent write -- standard viem writeContract (unencrypted calldata)

dwriteContract(params)

Debug write -- returns the plaintext tx, encrypted tx, and tx hash without broadcasting

readContract(params)

Signed read -- authenticated eth_call that proves the caller's identity

treadContract(params)

Transparent read -- standard viem readContract (unsigned call)

signedCall(params)

Low-level signed eth_call

sendShieldedTransaction(params)

Low-level shielded transaction send

hashtag
Encryption Actions

Action
Description

getEncryption()

Returns the AES encryption key used for shielded operations

getEncryptionPublicKey()

Returns the client's encryption public key (the ephemeral secp256k1 public key)

encrypt(plaintext, metadata)

Manual AES-GCM encryption using the derived key

decrypt(ciphertext, metadata)

Manual AES-GCM decryption using the derived key

hashtag
Inherited Actions

The wallet client also includes all actions from ShieldedPublicClient:

  • Shielded public actions -- getTeePublicKey(), explorerUrl(), etc.

  • Precompile actions -- rng(), ecdh(), aesGcmEncryption(), aesGcmDecryption(), hdfk(), secp256k1Signature()

  • SRC20 actions -- watchSRC20Events(), watchSRC20EventsWithKey()

  • Deposit contract actions -- getDepositRoot(), getDepositCount()

  • Standard viem public actions -- getBlockNumber(), getBalance(), getBlock(), etc.

  • Standard viem wallet actions -- sendTransaction(), signMessage(), signTypedData(), etc.

circle-info

The wallet client automatically includes all public client actions -- you can call getBlockNumber(), getBalance(), etc. directly on it.

hashtag
Examples

hashtag
Shielded Write

hashtag
Signed Read

hashtag
Reusing a Public Client

hashtag
Debug Write

hashtag
Custom Encryption Key

hashtag
getEncryption() Standalone Function

The encryption derivation logic is also available as a standalone function, separate from any client:

Parameter
Type
Required
Description

networkPk

Hex

Yes

The TEE's secp256k1 public key

clientSk

Hex

No

Client's encryption private key. If not provided, generates a random one

Returns { aesKey: Hex, encryptionPrivateKey: Hex, encryptionPublicKey: Hex }.

This is useful when you need the encryption key material without constructing a full wallet client -- for example, to manually encrypt or decrypt data outside of the client's lifecycle.

hashtag
See Also

PreviousShielded Public ClientNextEncryption

Last updated