Reconstructing the Private Key

gillesjo.walther · November 6, 2023, 9:52pm

What would be the best way to reconstruct the private key after having authenticated a user in Unity given two pKey shares are available through the Unity Social Login (custom verifier) + MFA?

The goal is to offer a seamless experience to user when playing the game and avoid having to get in and out of the game while playing.

Many thanks in advance for your help

Best regards,
Gilles

vjgee · November 7, 2023, 2:48am

@gillesjo.walther Thanks for your question.

Your request has been forwarded to our Dev team and we will get back with further updates.

gaurav · November 7, 2023, 3:16am

@gillesjo.walther Pls go through this. This will help you understand keys management in Web3Auth Infra. https://web3auth.io/docs/infrastructure and Using dApp Share in PnP Unity SDK | Documentation | Web3Auth

gillesjo.walther · November 7, 2023, 10:14pm

Thanks, I’ve read this part of the documentation.

As a user I’ve logged in using MFA, so I recover the dApp and passed it along the login arguments:

        var options = new LoginParams()
        {
            loginProvider = provider,
            dappShare = dAppShare,
            curve = Curve.ED25519,
        };

        web3Auth.login(options);

where dAppShare is

string dAppShare = "list of 24 words";

However the response

{
  "ed25519PrivKey": "666523652352635....",
  "privKey": "0ajjsdsd....",
  "coreKitKey": "0ajjsdsd....",
  "coreKitEd25519PrivKey": "666523652352635....",
  "sessionId": "....",
  "error": "....",
  "userInfo": {
    "aggregateVerifier": "w3a-google",
    "email": "john@gmail.com",
    "name": "John Dash",
    "profileImage": "https://lh3.googleusercontent.com/a/Ajjjsdsmdjmnm...",
    "typeOfLogin": "google",
    "verifier": "torus",
    "verifierId": "john@gmail.com",
    "dappShare": "<24 words seed phrase>", // will be sent only incase of custom verifiers
    "idToken": "<jwtToken issued by Web3Auth>",
    "oAuthIdToken": "<jwtToken issued by OAuth Provider>", // will be sent only incase of custom verifiers
    "oAuthAccessToken": "<accessToken issued by OAuth Provider>", // will be sent only incase of custom verifiers
    "isMfaEnabled": true // returns true if user has enabled mfa
  }
}

Remains unchanged and none of the private key properties from the response are matching the actual private key that I can find when connecting to the Torus wallet from here https://app.tor.us/ > Privacy Settings > Private Key. I tried enabling and disabling curve = Curve.ED25519 but the result is the same.

What Am I doing wrong? Am I not supposed to recover the same private key as in the Torus wallet?