I have a set of mnemonics that I want to store securely with Web3Auth.
My plan is:
Convert the mnemonics to seed using bip39.
Derive the private key from the seed using bip32.
Now I have the raw private key.
My question:
How can I specifically import this private key into Web3Auth, so that every time the user logs in with their verifier, Web3Auth reconstructs this same private key?
What’s the recommended way to securely fetch this private key during the import process (so it’s not exposed in plaintext in the frontend)?
Should this import be done via the importPrivateKey method in the @web3auth/single-factor-auth SDK, or is there a different recommended flow?
I want to make sure I’m using the most secure and correct integration path here. Any official guidance or best practices would be really helpful.
Thank you for your detailed question! Here’s a summary of your request and some guidance on securely importing a private key (derived from mnemonics) into Web3Auth, specifically with the Plug n Play (PnP) React Native SDK.
Your Goal
Import a private key (derived from mnemonics using BIP39/BIP32) into Web3Auth.
Ensure the key is securely associated with a user’s verifier so it can be reconstructed on login.
Avoid exposing the private key in the frontend.
Clarification on whether to use importPrivateKey from @web3auth/single-factor-auth or another method.
Key Points & Guidance
1. Web3Auth Plug n Play (PnP) Model
The PnP SDK (e.g., @web3auth/react-native-sdk) is built around the concept of key reconstruction via social login or custom authentication. The private key is generated and managed by Web3Auth’s network, not imported directly by the developer.
You cannot directly import a raw private key or mnemonic into the PnP flow. The key is derived from the user’s authentication (e.g., Google, Apple, custom JWT) and is reconstructed every time the user logs in with the same verifier.
2. Direct Key Import – Not Supported in PnP
The importPrivateKey method is available in the Single Factor Auth SDK (@web3auth/single-factor-auth), which is a different product and is meant for scenarios where you want to manage or import keys directly.
PnP SDK does not expose a method to import a private key or mnemonic. The flow is designed for non-custodial, passwordless onboarding.
3. Security Best Practices
Never expose the private key or mnemonic in the frontend.
If you must import a key for a user, you would need to use the Single Factor Auth SDK (see Single Factor Auth Docs), but note that this is a different integration path and comes with different security and UX trade-offs.
4. Recommended Flow
If you want to use the PnP SDK, you should onboard users via a verifier (social login, custom JWT, etc.), and let Web3Auth handle key management.
If you must import a private key, consider using the Single Factor Auth SDK and follow its secure key import guidelines.
If you have a specific use case (e.g., account migration): Please share more about your scenario, and we can suggest a migration or hybrid approach.
Let us know if you need more details on the Single Factor Auth flow or if you have a specific use case in mind!
Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours