> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.
# Export Key
> Dfns secures private keys by generating them as MPC key shares in our decentralized key management network. Our goal is to eliminate all single points of failure (SPOFs) associated with blockchain private keys.
In certain circumstances, however, customers require Dfns to export a private key. In this case, Dfns exposes the following endpoint which can be used in conjunction with our [export SDK](https://github.com/dfns/dfns-sdk-ts/tree/m/examples/sdk/export-wallet).
Dfns can not guarantee the security of exported keys as we have no way to control blockchain transactions once the single point of failure has been reconstituted. For this reason, this feature is restricted to customers who have signed a contractual addendum limiting our liability for exported keys. Additionally, by default exported keys can no longer be used to sign within the Dfns platform. Please contact your sales representative for more information.
## OpenAPI
````yaml /openapi.yaml post /keys/{keyId}/export
openapi: 3.1.0
info:
version: 1.807.0
title: Dfns
servers:
- url: https://api.dfns.io
description: Default - Europe
- url: https://api.uae.dfns.io
description: UAE
- url: https://api.dfns.ninja
description: Staging
security: []
paths:
/keys/{keyId}/export:
post:
tags:
- Keys
summary: Export Key
description: >-
Dfns secures private keys by generating them as MPC key shares in our
decentralized key management network. Our goal is to eliminate all
single points of failure (SPOFs) associated with blockchain private
keys.
In certain circumstances, however, customers require Dfns to export a
private key. In this case, Dfns exposes the following endpoint which can
be used in conjunction with our [export
SDK](https://github.com/dfns/dfns-sdk-ts/tree/m/examples/sdk/export-wallet).
Dfns can not guarantee the security of exported keys as we have no way
to control blockchain transactions once the single point of failure has
been reconstituted. For this reason, this feature is restricted to
customers who have signed a contractual addendum limiting our liability
for exported keys. Additionally, by default exported keys can no longer
be used to sign within the Dfns platform. Please contact your sales
representative for more information.
parameters:
- schema:
type: string
minLength: 1
required: true
name: keyId
in: path
requestBody:
content:
application/json:
schema:
type: object
properties:
encryptionKey:
type: string
minLength: 1
supportedSchemes:
type: array
items:
type: object
properties:
protocol:
anyOf:
- type: string
enum:
- CGGMP24
- FROST
- FROST_BITCOIN
- GLOW20_DH
- KU23
- type: string
enum:
- CGGMP21
curve:
type: string
enum:
- ed25519
- secp256k1
- stark
required:
- protocol
- curve
additionalProperties: false
required:
- encryptionKey
- supportedSchemes
additionalProperties: false
responses:
'200':
description: Success
content:
application/json:
schema:
type: object
properties:
publicKey:
type: string
protocol:
anyOf:
- type: string
enum:
- CGGMP24
- FROST
- FROST_BITCOIN
- GLOW20_DH
- KU23
- type: string
enum:
- CGGMP21
curve:
type: string
enum:
- ed25519
- secp256k1
- stark
minSigners:
type: number
description: The TSS threshold of the wallet private signing key shares
encryptedKeyShares:
type: array
items:
type: object
properties:
signerId:
type: string
description: >-
Base64-encoded ID of the signer exported the
encrypted keyshare
encryptedKeyShare:
type: string
description: Base64-encoded keyshare
required:
- signerId
- encryptedKeyShare
description: >-
Keyshares of the exported wallet. They are encrypted with
the provided encryption key. The exported private key is
re-constructed from these keyshares.
required:
- publicKey
- protocol
- curve
- minSigners
- encryptedKeyShares
security:
- authenticationToken: []
userActionSignature: []
components:
securitySchemes:
authenticationToken:
type: http
scheme: bearer
bearerFormat: JWT
description: >-
**Bearer Token:** Used to authenticate API requests.
More details how to generate the token: [Authentication
flows](https://docs.dfns.co/api-reference/auth/login-flows)
userActionSignature:
type: apiKey
in: header
name: X-DFNS-USERACTION
description: >-
**User Action Signature:** Used to sign the change-inducing API
requests.
More details how to generate the token: [User Action Signing
flows](https://docs.dfns.co/api-reference/auth/signing-flows)
````