While this approach works, there’s a concern regarding potential security risks, such as leaks via memory dumps, etc. To mitigate these risks, is there a way to directly receive the signed message without the need to fetch users private keys into memory.
Apologies for the delay in getting back to you. I’m going to speak with the product team to ensure I can provide you with the most accurate and helpful answer possible.
Thank you for your patience, and I’ll be in touch with an update as soon as possible. If there’s anything else you need in the meantime, please feel free to reach out.
I hope you’re doing well! To address the issue you’re facing, using MPC (Multi-Party Computation) is a highly effective strategy. I’d strongly recommend checking out our documentation on this subject to gain a deeper understanding: Web3Auth MPC Core Kit Web SDK | Documentation | Web3Auth.
For MPC core kit, the key is never reconstructed as you can see in the documentation.
If you have any more questions or need further clarification after going through the docs, please don’t hesitate to reach out. I’m here to help in any way I can!