I’m a bit confused. In the docs, you say that when using the MPC Core Kit, you can’t reconstruct a user’s private key on the frontend but I’m seeing this code snipped on your React Firebase MPC CoreKit examples:
<button onClick={async () => uiConsole(await coreKitInstance._UNSAFE_exportTssKey())} className="card">
[CAUTION] Export TSS Private Key
</button>
When you click the button, you can then get a user’s private key that can then be exported from the application and imported somewhere else, like Metamask, where your account can be reconstructed. The method has been called _UNSAFE_exportTssKey()
. So is there a way to safely export your TssKey? And why are users ,who haven’t even enabled MFA, able to get and reconstruct their private key in this manner?