Web3Keys Playground

Pure browser demo • No server • Local-only crypto

Explore SmartLedger BSV (security-hardened): generate/import mnemonics, derive keys, sign/verify, hash data, and encrypt/decrypt — all client-side with zero vulnerabilities.

Step 1: Generate or Import Keys

Generated/Imported Mnemonic (save securely!):

Password (used only locally to encrypt secrets)

Identity Derivation Path

Public Key (hex)

Address (BSV)

Sensitive (WIF / PrivateKey) – click to reveal

Private Key (WIF)

Derivation Playground

Derivation Path

Public Key (hex)

Address (BSV)

Message Signing & Verification

Message

Use WIF (optional). Leave blank to sign with current identity.

Signature (base64)

Public Key (hex) for verification (optional). Blank → use identity.

Encrypt / Decrypt (Password-based)

Plaintext JSON

Ciphertext (paste here to decrypt)

Result

Hash Utilities

Input (string)

Output (hex)

Backup / Restore (Local)

Create an encrypted JSON bundle containing your mnemonic and current identity WIF. Keep your password safe; it cannot be recovered.

Import backup JSON

Preview

Optional Server Backup (Non-custodial)

Option A: split your identity WIF into Shamir shares and upload one share to the server. Option B: encrypt a full backup client-side and upload it (server can’t decrypt without your password).

Backup API URL

If hosting the page from the same server, you can set this to empty and it will use same-origin.

Email (for confirmations)

Address (derived)

Shamir total shares

Shamir threshold

Emergency Kit (Physical Recovery Slice QR)

Generates a QR code for your offline recovery share (typically Slice 3). Print/store it offline. Never share it.

QR is generated locally in your browser.

Slice text (for QR)

Developer view (share metadata)

Recovery (Fetch server-held backup)

Request a one-time code via email, then fetch the server-held backup. For Shamir recovery you must also provide one of your offline recovery shares. Reconstruction happens locally in your browser.

Recovery kind

Address (used for backup)

Recovery request id

One-time code (6 digits)

Use the same address you used when uploading the backup. (If you derived an identity earlier, it should be pre-filled.)

Your offline recovery share (paste JSON)

Tip: use the downloaded web3keys-recovery-share-*.json file contents.

Scan from photo

Point your camera at the Emergency Kit QR code.

Recovery result

Verified Chat (ECIES + Credentials)

Prototype: two users exchange public keys and send encrypted messages using bsv.ECIES. An issuer signs a minimal “Active” credential (demo VC-like) that the recipient verifies before trusting the sender.

Issuer (University)

Signs “Active Student” credentials

PubKey

DID

Alice

PubKey

DID

Credential

Optional: VC‑JWT (University-issued)

Bob

PubKey

DID

Credential

Optional: VC‑JWT (University-issued)

VC‑JWT verification uses the pinned issuer DID + JWKS saved in 9) Identity & VCs.

Alice → Bob

Ciphertext (base64) Bob received (decrypted)

Bob → Alice

Ciphertext (base64) Alice received (decrypted)

Developer view (envelopes + verification)

Document Signing (DocuSign-like)

Upload a PDF (or any file), hash it, sign the hash with your identity key locally, and generate a compact on-chain commitment payload (OP_RETURN). Broadcasting is optional and can be done via your preferred infrastructure.

Choose document

We never upload your file. Hashing + signing happen in your browser.

Signature key (WIF)

Uses the derived identity WIF.

Transaction broadcaster (WhatsOnChain)

Network

Fee rate (sats/byte)

Typical range: 0.5–2 sats/byte.

Funding address

Uses your derived identity address. Keys never leave the browser.

This will build a 1-output tx (OP_RETURN) + change back to your address, sign locally, then broadcast via WhatsOnChain.

View on explorer

Starter sats (pilot faucet)

Optional: request 1,000 sats to your identity address (for first broadcast). Requires server faucet configuration.

Document SHA-256 (hex)

This is the “what” being signed and anchored.

Signature (DER hex)

OP_RETURN script (hex)

Commitment fields: SLDOCSIG + 32-byte hash + signer pubkey (compressed).

Anchor payload (preview)

Uses bsv.Anchor.buildAnchorPayload when available.

Developer notes

Notarization options:

1) Off-chain: store signature + hash (recommended).
2) On-chain: broadcast a tx that includes the OP_RETURN output.

This playground can broadcast via WhatsOnChain, signing locally.
Server remains non-custodial: it should never receive WIF/mnemonic.

Identity & Verifiable Credentials (VC‑JWT)

Store VC‑JWTs in your wallet and verify them locally against a pinned issuer JWKS (or fetch from your issuer server). This enables “Verified Faculty/Student/Resident” identity claims without custodial accounts.

Your DID (derived)

Prototype DID method: did:smartledger:<pubkeyHex>. (DID:web subjects also supported.)

Issuer DID (expected)

Used for issuer check + DID resolution.

Pinned issuer JWKS (JSON)

Fetch uses GET /api/issuer/didweb?issuerDid=... from the API base in Backup tab.

VC‑JWT

Verification result

Stored credentials (local)

Assets & Tokens (LTP Prototype)

Prototype “Legal Tokens” using SmartLedger’s Legal Token Protocol (LTP). This is a client-side demo: it prepares legally interpretable token objects and anchors their commitment hashes on-chain via OP_RETURN.

Demo presets

Preset

Recommended primary demo: JMU‑ACCESS (simple + non-transferable).

Your DID (derived)

Used as the default subject/beneficiary.

Your address (funding)

Used to fund anchoring transactions. Keys never leave browser RAM.

1) Mint / Issue token

Issuer DID

Issuer WIF (signing key)

For demos, you can issue using your derived identity key. In production, this is the University/City platform key.

Right type

Subject (owner) DID

Transferable

Revocable

Jurisdiction

Claim (JSON)

Tip: you can paste the Document SHA-256 from tab 8 as legalContractHash.

Mint / Anchor result

View anchor tx

2) Asset wallet (local)

Tokens are stored in localStorage for this prototype. A production wallet would use encrypted storage and optional registry sync.

Import JSON

Transfer (best-effort prototype)

Token index

New owner DID

If LTP transfer primitives reject the token, we’ll fall back to “re-issue” (issuer signs a new token to the new owner) for demo purposes.

Developer notes

This tab demonstrates LTP *preparation + anchoring*.

LTP produces legally interpretable token objects plus a commitment hash.
We anchor the commitment via an OP_RETURN transaction (broadcast via WhatsOnChain).

This is not a full token indexer/registry; ownership/balance tracking is local-only in this prototype.

Debug

CDN createHmac Issue Information

If you're seeing "createHmac is not a function" errors, this is because the CDN version uses Node.js crypto modules that don't exist in browsers.

Solution: The CDN bundles need browser-compatible PBKDF2 implementation using BSV's crypto modules instead of Node.js crypto.

Local Storage (truncated)

SDK Info

Crypto Availability Test

Client-side keygen • Optional backup API calls • Non-custodial by design