KeyWallet Shared Secret Key Exchange (SSKE)

This guide walks you through how to use the KeyWallet's Shared Secret Key Exchange (SSKE) tool to securely exchange encrypted secrets between two parties (e.g., buyer - recipient of the secrets and seller - sender of the secret).

Step 1: Both Parties Generate KeyWallet

Click "Generate Wallet".
Save the (WIF) private key in a secure location. You can import it later.

Step 2: Buyer - Receiver of the Secret

Copy the wallet public key and send it via message, email, social media post, or blockchain transaction to the other party (Seller - Sender of the Secret).

Step 3: Seller - Sender of the Secret

Enter the buyer's public key into the KeyWallet "Seller Encrypt Panel" public key input field.
Enter the message you want to encrypt. Encryption uses AES, with a key derived from a shared secret generated from the seller's private key and the buyer's public key. The encryption process also includes an initialization vector (iv) for added security.
Click "Encrypt".
A JSON payload is created that contains the seller's public key, the encrypted message, and the iv. A SHA-256 hash of the payload is calculated for verification.
Copy the resulting JSON payload (which can be shared publicly) and send this output to the buyer via message, email, social media post, or blockchain transaction.
The JSON payload output can be adjusted for specific applications (e.g., NFT metadata) or does not have to be in JSON format.

Step 4: Buyer - Receiver of the Secret

Paste the JSON payload received from the seller into the "Buyer Decrypt Panel".
Click "Decrypt".
The buyer automatically generates the same shared secret using their private key and the seller's public key from the payload, allowing them to decrypt the message.

Use Cases in Cryptocurrencies & NFTs

Private NFT Unlockables: Send unlockable content (e.g., high-res artwork, metadata, or redemption codes) to an NFT buyer - only they can decrypt it.
Secure Airdrops: Share claim codes, tokens, or redemption links that only specific wallet owners can access securely.
Over-the-Counter (OTC) Deals: Share price or contract terms that only the counterparty can view, signed to ensure authenticity.
Private Auctions or Whitelist Keys: Sellers can share keys or allowlist tokens with selected addresses without leaking access.

SSKE vs. Simple Encryption (Why It Matters)

    Encrypting a message with a shared password (e.g., AES + a passphrase) is not a secure protocol. KeyWallet's SSKE addresses these core problems.
  

No Password Sharing: SSKE does not rely on weak passphrases. Keys are derived securely using Nexa's libnexa-ts. KeyWallet uses ECDH via secp256k1 for key exchange and AES for secret encryption.
Authenticity: The payload hash should be successfully verified to ensure the integrity of the communication.
Public Sharing is Safe: SSKE payloads can be posted publicly - only the buyer can decrypt them.

Security Notes

All cryptographic operations are performed in the browser.
The output (JSON payload) is safe to share publicly - only the intended buyer can unlock the secret.