The chain-key testing canister is a canister smart contract that provides a fake implementation of the APIs of various chain-key-related features including threshold ECDSA, threshold Schnorr, and threshold key derivation (vetKeys) for testing purposes. The shortcut that this canister takes (compared to the production APIs) is that it relies on a cryptographic key that is hard-coded into the canister, rather than relying on a key that is distributed among the subnet nodes. With this, the implementation is inherently insecure: see Disclaimer.
The main advantage of using this canister is to save costs during testing, because there are fees associated with using the chain-key features via the Internet Computer's management canister APIs.
In particular, the canister provides fake implementations of the following Internet Computer features:
- Threshold ECDSA
- Threshold Schnorr
- Preview: Threshold Key Derivation (vetKeys)
vetkd_public_key,vetkd_encrypted_key(see API proposal PR)
The canister is deployed on mainnet: the canister ID is vrqyr-saaaa-aaaan-qzn4q-cai (dashboard, candid-ui).
All APIs support a single key ID: insecure_test_key_1.
For the IDs of the test keys and production keys that are deployed on mainnet and distributed among subnet nodes, see the Threshold signatures feature reference in the Internet Computer developer docs.
For the time being, no fees are charged. If canister usage becomes excessive, we will introduce fees but aim to keep these fees significantly lower than the fees of the production APIs. The community is invited to top up the canister with cycles.
As this repository contains the canister's source code, developers can also deploy their own, private instance of this canister.
The implementation underlying the chain-key testing canister is unsafe and for testing purposes only: the master secret keys are hard-coded in the canister, rather than distributed among the subnet nodes. Do not use this in production or for sensitive data!.
Please see the LICENSE and Contribution guidelines.