Utilities

Helper components for age encryption key management — used alongside EXPORT_KEY_SHARE and IMPORT_KEY_SHARE to create secure backup and migration workflows.

GENERATE_AGE_ENCRYPTION

GENERATE_AGE_ENCRYPTION MPC Workflow Component

Generate a fresh age identity. Returns a public key for wrapping and an encrypted private key for secure storage.

Config

None.

Inputs

None.

Outputs

Field	Type	Description
`publicKey`	`string`	Age public key (`age1...`) — safe to store publicly; use as `ageRecipient` in `EXPORT_KEY_SHARE`
`encryptedPrivateKey`	`string`	Encrypted age private key — store securely; required to decrypt wrapped key shares

SDK example

import { WorkspaceClient, ComponentModule } from 'caller-sdk';
const workspace = new WorkspaceClient({ apiKey: process.env.WR_API_KEY! });

const { publicKey, encryptedPrivateKey } = await workspace
  .call(ComponentModule.GENERATE_AGE_ENCRYPTION, {})
  .promise();

// publicKey → pass as ageRecipient to EXPORT_KEY_SHARE
// encryptedPrivateKey → store securely (vault, HSM, etc.)
console.log(publicKey);           // age1...
console.log(encryptedPrivateKey); // encrypted age identity

GET_NODE_RECIPIENT_KEY

GET_NODE_RECIPIENT_KEY MPC Workflow Component

Fetch the MPC node's age public key. Use this as the recipient when exporting key shares to the node network — the node can then decrypt and import the wrapped share.

Config

Field	Type	Required	Description
`server`	`'OFFICIAL_1' \| 'OFFICIAL_2' \| 'OFFICIAL_3'`	Yes	MPC server whose age public key to fetch

Inputs

None.

Outputs

Field	Type	Description
`recipientKey`	`string`	Node's age public key (`age1...`)

SDK example

import { WorkspaceClient, ComponentModule } from 'caller-sdk';
const workspace = new WorkspaceClient({ apiKey: process.env.WR_API_KEY! });

const { recipientKey } = await workspace
  .call(ComponentModule.GET_NODE_RECIPIENT_KEY, {})
  .promise();

// Use recipientKey as ageRecipient in EXPORT_KEY_SHARE
console.log(recipientKey); // age1...

Typical usage pattern

These utilities are always used together with the key management components:

GET_NODE_RECIPIENT_KEY ← server config
        │ recipientKey
        ▼
EXPORT_KEY_SHARE ← keyId + ageRecipient: recipientKey
        │ wrappedKeyShare
        ▼
IMPORT_KEY_SHARE ← wrappedKeyShare + server config
        │ keyId
        ▼
    [Key migrated to new node]

GENERATE_AGE_ENCRYPTION
        │ publicKey            │ encryptedPrivateKey
        ▼                      ▼
EXPORT_KEY_SHARE          [Store securely]
  ← ageRecipient: publicKey
        │ wrappedKeyShare
        ▼
    [Off-chain backup]

GENERATE_AGE_ENCRYPTION​

Config​

Inputs​

Outputs​

SDK example​

GET_NODE_RECIPIENT_KEY​

Config​

Inputs​

Outputs​

SDK example​

Typical usage pattern​

GENERATE_AGE_ENCRYPTION

Config

Inputs

Outputs

SDK example

GET_NODE_RECIPIENT_KEY

Config

Inputs

Outputs

SDK example

Typical usage pattern