Unified, Vendor-Neutral, Unchanging, and Open BSV Blockchain Standard Wallet-to-Application Interface
Ty Everett (ty@projectbabbage.com)
Tone Engel (tone@projectbabbage.com)
Brayden Langley (brayden@projectbabbage.com)
Abstract
We define the BSV Blockchain's standard wallet-to-application interface. This interface defines a robust and secure communication protocol between BSV wallets and applications. This protocol, built on the MetaNet architectural principles, aims to standardize the interaction between wallets and decentralized applications in the BSV ecosystem. The interface is designed to be vendor-neutral, supporting a wide range of implementations, ensuring interoperability, and promoting openness across different wallet and app vendors.
Motivation
Computing has long been subject to shortfalls in the areas of information centralization and architectural cross-compatibility. Users on the internet struggle with complex and insecure authentication systems which leave them vulnerable and leak their data. Websites rely on advertising to monetize their offerings, but ads warp the incentives of platforms and creators in ways that ultimately harm everyone involved. By defining a standard interface by which users can identify themselves, protect their data and engage in e-commerce with Bitcoin, this standard offers a solution to problems that have long plagued the existing model.
Primary Objectives
Standardization: The interface provides a consistent and standardized API that ensures that any application can integrate with any compliant wallet without needing custom adaptations.
Vendor-Neutrality: The interface abstracts the underlying wallet implementation, allowing applications to work seamlessly with wallets from different vendors.
Open Specification: The interface is openly documented, encouraging community adoption, and providing a bedrock foundation atop which anyone can build with confidence, knowing the interface will remain constant.
Security and Privacy: Emphasizing secure handling of keys, transactions, and data through the use of secure cryptographic protocols and minimal exposure of sensitive information.
Comprehensive Functionality: The interface covers a broad range of functionalities, from transaction creation, signing, and broadcasting, to identity management, encryption, and digital signatures.
Foundational Requirements
SECTION TL;DR: We use the BSV Blockchain. We use the secp256k1 elliptic curve. We use compressed, DER-formatted public keys. We use BKDS key derivation. We use BRC-43 for security levels, protocol IDs, key IDs, and counterparties (with BRC-44 protocols reserved for internal wallet use). We subscribe to the BRC-45 idea that "Outputs are tokens". We use BRC-46 output baskets for tracking tokens. For categorization and filtering purposes, we allow transactions to be given a set of labels, and outputs to be given a set of tags. We utilize the BRC-67 rules for SPV validation. We use the BEEF standard outlined in BRC-62 for representing transactions. For encryption and decryption, we use the methods described in BRC-2. For creating digital signatures, we use the methods described in BRC-3. For HMACs BRC-56, we derive symmetric keys as in BRC-2, but then use them for HMAC operations instead of AES-GCM encryption. For the digital certificate structure and field encryption scheme, we use BRC-52. For internalizing payment outputs that increase the user's wallet balance, we employ the key derivation protocol described within BRC-29. For revealing key linkages, we employ the two methods described within BRC-69, and we protect this information as described in BRC-72. We incorporate BRC-97 for defining flexible proof-type fields to support emerging zero-knowledge proof (ZKP) schemes in specific key linkage revelations. We reserve specific protocol identifiers as described in BRC-98 to ensure forward compatibility with future permissioned protocols. Similarly, we reserve basket identifiers as outlined in BRC-99 to accommodate evolving wallet-managed asset permission schemes. These foundational prerequisites allow us to fully define and specify the behavior and functionality of the digital wallet system, ensuring future extensibility and compatibility across the BSV ecosystem.
Section Overview
The Wallet Interface is built upon a set of essential foundational standards and protocols that define the underlying architecture, cryptographic operations, and key management systems required for a robust and coherent wallet-to-application interface within the BSV ecosystem. This section thoroughly explains these foundational requirements, incorporating relevant content from the preceding BRCs to provide a holistic understanding of the interface's structure.
1. Key Derivation using BKDS with BRC-42
At the heart of the Wallet Interface lies the BRC-42: BSV Key Derivation Scheme. This scheme defines how keys are derived between two interacting parties. BKDS leverages the secp256k1 elliptic curve and enables participants to derive multiple unique public-private key pairs from a shared master key. All cryptographic operations, including key derivation and identity handling, adhere to the BKDS as defined in BRC-42. This specification does not support legacy key derivation schemes like BIP32 due to the foundational nature of BKDS in ensuring compatibility, privacy, and security across the BSV ecosystem. Wallets implementing this interface must migrate to BKDS and cannot rely on older derivation schemes.
Identity Keys:
Each wallet has an everyday master private key and a corresponding master public key derived from the secp256k1 elliptic curve. The public key is known as the "identity key".
Additionally, there's a whole secondary "privileged mode" keyring for sensitive operations, allowing these privileged keys to be treated with higher security than the user's everyday keyring.
Key Derivation Process:
When deriving a key for a payment or exchange, the sender computes an elliptic curve Diffie-Hellman (ECDH) shared secret using their private key and the recipient's public key.
The shared secret is then used to generate a scalar through HMAC and convert it to a point on the elliptic curve.
This point is combined with the recipient's master public key to produce a child public key.
Key Privacy:
No information about the derived private key is exposed until actually used. This ensures that only the recipient can derive the private key corresponding to the public key provided by the sender.
Expanding Key Universes:
With BKDS, wallets can create a virtually unlimited number of unique key pairs through simple modifications of the derivation inputs (e.g., invoice numbers). This open-ended invoice numbering scheme is baked into the Wallet Interface, facilitating custom, flexible key derivation for transactions, signatures, and encryption.
2. Security Levels and Protocol IDs with BRC-43
BRC-43 plays a vital role in organizing how keys are used and accessed in the wallet. This standard introduces Security Levels, Protocol IDs, Key IDs, and Counterparties rules that govern key derivation, permissions, and data access within standard wallets.
Security Levels:
Security levels determine the required user permissions and access controls for a derived key:
Level 0: No restrictions, open access.
Level 1: Requires a level of user authorization that applies across all counterparties who use the same protocol.
Level 2: Restricts key usage to specific counterparties and requires individual permission for each.
Protocol IDs & Key IDs:
Protocol IDs further define the usage context for a derived key, such as "Document Signing" or "Encryption".
A Key ID is a unique identifier that differentiates specific keys under the same Protocol ID, allowing numerous derived keys under the same context but with different purposes.
Counterparties:
Counterparties are entities with whom keys are shared (sender, receiver, etc.). For instance, the interface allows single-party self-derivations where a sender and receiver are the same (useful for internal key operations) and anyone-derivations denoted by the private key
1(for public operations).
Permission System:
Permission grants are managed transparently by the wallet and include expiration times, user notifications, and granularity based on the security level. This ensures that applications receive only the delineated keys they need and no more.
3. Reserved Internal Protocols with BRC-44
BRC-44 discusses Admin-reserved and Prohibited Key Derivation Protocols that are exclusive to administrative use by the wallet. These reserved protocols prevent application access to key derivation operations that are inherently internal and crucial to wallet security and integrity.
Internal Protocol Guidelines:
Any protocol ID that begins with
adminis off-limits for external applications.The Wallet Interface requires that this reserved protocol space is never exposed to or invoked by third-party applications, maintaining the separation between user-facing operations and internal wallet functionalities.
4. Tokenization of UTXOs with BRC-45
BRC-45 defines UTXOs as Tokens, asserting that Unspent Transaction Outputs (UTXOs) are the base units of tokenization within Bitcoin. This principle is integral to the interface, where UTXOs serve as tokens that can be managed within wallets using custom baskets, as discussed below.
Transaction Outputs as Tokens:
UTXOs represent discrete token units that can be transferred directly from sender to recipient. Their validity and legitimacy can be independently verified by anyone receiving the transaction.
The Wallet Interface relies on the UTXO model to enhance scalability, ensure decentralization, and promote trustlessness by enabling transparent and verifiable transactions without reliance on intermediaries.
Simplified Payment Verification (SPV):
The wallet interface integrates transaction validation protocols that follow BRC-67's SPV method. By validating UTXOs through matching
txidand proof inclusion within the blockchain, wallets can quickly confirm that tokens are genuine without needing the entire chain. This eliminates the reliance on tracing tokens back to their genesis, addressing the Back To Genesis (BTG) problem. Instead, the Wallet Interface ensures validity and provenance by leveraging SPV proofs and state-based validation, allowing efficient token verification while maintaining scalability, reducing computational overhead, and preserving user privacy. As a result, tokens can be securely and rapidly transacted without the inefficiencies and complexities historically associated with the BTG issue.
5. Tracking and Managing Outputs with BRC-46
To facilitate complex tracking and interaction with UTXOs, BRC-46 establishes Wallet Transaction Output Tracking (Output Baskets) within the interface.
Baskets:
Baskets are conceptual containers for grouping UTXOs, creating an easy-to-manage structure for tracking specific outputs used across applications or protocols.
A wallet must support basket management, including returning transaction outputs from a given basket, customizing outputs with relevant instructions, and spending or relinquishing them.
Permissions:
Like with key derivation, permissioning is enforced for applications executing operations involving baskets. The security model here follows from BRC-43, ensuring consistency across the system.
Wallets must ensure that users have given consent before listing the outputs from a given basket, creating transactions that insert outputs into a basket, or internalizing transactions that facilitate output insertion into baskets.
6. Transaction Verification with BRC-67 and BRC-62
Authenticated transaction verification is critical in wallet operations, and this builds, in part, on BRC-67: Simplified Payment Verification and BRC-62: Background Evaluation Extended Format (BEEF) Transactions.
BEEF Data Structure:
The BEEF format specified in BRC-62 is optimized for SPV and designed for efficient data transmission, focusing on economy of information while retaining verification integrity.
Wallets should utilize BEEF when constructing, communicating, and validating transactions. BEEF supports streaming validation, enabling the wallet to initiate transaction verification as soon as it starts receiving the data.
Verification Steps:
BRC-67 outlines the steps to be undertaken for verifying a transaction, including script validation, fee checking, sequence, and locktime examination. These checks ensure that transactions processed through the wallet interface are legitimate and contextually accurate.
SPV Empowerment:
The SPV model allows lightweight wallet clients to verify the chain, making them resistant to fraud while not requiring them to store or access all blockchain data.
7. Data Security with BRC-2 for Encryption and Decryption
Security is paramount in the Wallet Interface, and BRC-2 defines Encryption and Decryption operations encapsulated within the interface's cryptographic functionality.
AES-256-GCM Encryption:
Wallets employ AES-256-GCM for symmetric encryption, where the derived shared secret between the sender's and recipient's child keys becomes the basis for the encryption key.
Encryption & Decryption Process:
Wallets use their private keys and their counterparty's public keys (derived through BKDS) to encrypt data under a given protocol ID and key ID. Similarly, upon receipt, the recipient decrypts the data using their private key combined with the sender's public key.
Confidentiality Assurance:
Encryption through this interface ensures the confidentiality of transmitted data and can be applied for user-specific actions like private document exchange (shielded with encryption keys derived from BKDS).
8. Authorized Digital Signatures with BRC-3
The Wallet Interface supports digital signing functionalities defined in BRC-3: Digital Signature Creation and Verification.
Digital Signature Process:
BRC-3 mandates use of ECDSA over secp256k1 keys.
Derived child keys (from BKDS) are used to sign data based on the security levels, protocol IDs, and key IDs defined in BRC-43.
Private & Public Signatures:
Wallets can create private digital signatures intended for a specified receiver, by naming them as a counterparty.
It's also possible to create publicly verifiable signatures, simply by naming
anyoneas the counterparty.
Verification:
The signature is verifiable by the recipient using derived public keys. The recipient uses BRC-43 mechanics to derive the corresponding public key and validates the signature using this key over the provided data.
9. Identity Certificates and Selective Revelation with BRC-52
BRC-52 defines Identity Certificates, which incorporate selective revelation protocols that wallets must support.
Certificate Structure:
Identity certificates encapsulate a subject's identity information, certified by a trusted entity, with fields selectively encryptable to preserve user privacy.
Selective Revelation:
Wallets must facilitate keyring management for applications to reveal or withhold certificate fields selectively. The wallet keeps a copy of the master keyring, transmitting only the necessary revelation keys to authorized parties in an encrypted form.
Revocation Mechanism:
Identity certificate revocation is implemented via UTXO tracking. If the UTXO tied to a revocation outpoint is spent, everyone considers the certificate invalid—this adds an additional layer of trust and decentralized authority, depending on the constraints placed upon the UTXO.
10. Payment Internalization with BRC-29
The Wallet Interface incorporates support for BRC-29: Simple Authenticated BSV P2PKH Payment Protocol, which standardizes how payments are derived, handled, and internalized within the wallet.
Payment Key Derivation:
BKDS Integration: Payments utilize keys derived through BKDS. They are based on a combination of transaction-specific data (such as a unique derivation prefix) and counterparty public keys. The derived keys are used to generate P2PKH scripts, ensuring that only the intended recipient can derive the corresponding private keys for spending.
Internalization Process:
Decoding and Deriving Keys: Upon receiving a payment message, the wallet decodes the message, derives the necessary private keys using the provided
derivationPrefixandderivationSuffix, checks the scripts match, and processes the UTXOs.Baskets and Custom Instructions: Non-P2PKH outputs with custom scripts can be directed into specific baskets, enabling organized tracking within the wallet. Custom instructions attached to UTXOs are also stored and can be used by applications for token history tracking or future spending.
Flexible Payment Handling:
Multiple Outputs and Transactions: BRC-29 supports handling multiple outputs and even transactions within a single "payment." Each transaction output can be individually indexed with a unique derivation suffix, allowing the wallet to differentiate and manage multiple outputs efficiently, while all outputs within one given payment share a common derivation prefix.
11. Auditability and Key Linkage Revelations with BRC-69 and BRC-72
The Wallet Interface incorporates methods to enhance transparency and auditability through BRC-69: Revealing Key Linkages, while ensuring the protection of sensitive data during transit with BRC-72: Protecting BRC-69 Key Linkage Information in Transit.
Key Linkage Revelations:
BKDS Based Key Linkage: BRC-69 outlines two methods for revealing key linkages from BKDS derived keys. The first method allows wallets to reveal a root ECDH shared secret between a user's identity key and another counterparty's key, enabling anyone to link all interactions between them. The second method reveals the specific key offset for individual derived child keys, enabling audit trails while preserving privacy in other contexts.
Protection of Linkage Information:
BRC-72 Integration: Protecting sensitive linkage data is paramount. BRC-72 specifies mechanisms for encrypting key linkage revelations when they are in transit. This encryption is done using the BRC-2 AES-256-GCM method, ensuring that only authorized verifiers (recipients) can decrypt and access the linkage data. This preserves privacy and security, even when key linkages must be revealed for audit or verification purposes.
The foundational BRCs integrated into this Wallet Interface ensure security, scalability, and flexibility across operations performed within the BSV ecosystem. These frameworks from key derivation, rigorous cryptographic principles, selective identity verification, tokenization, secure payments, and audit trails through linkage revelations all combine to form a robust and future-proof digital wallet architecture. The next section defines the high-level structure of the wallet interface.
Interface Structure
The interface comprises numerous methods that cater to different functional areas related to wallet operations and application needs. The methods are grouped for easier understanding:
Transaction Operations:
Creation: The
createActionmethod creates a new Action, which is effectively a Bitcoin transaction augmented with descriptive metadata and optional categorization (labels). This method can either fully construct and sign a transaction or return a "signableTransaction" reference if some inputs must be signed or processed later. The method always requires at least one input or one output to produce a valid transaction; otherwise, it must return an error. The minimum requirements is that at least one input or one output must be specified. If onlydescriptionis provided and no inputs and no outputs are given, the wallet must return an error, since a transaction cannot be constructed. Ifinputsare provided, the wallet requiresinputBEEFto supply context and validation data for these inputs. If bothinputBEEFand a fully prepared set ofinputsare provided,inputBEEFshould provide SPV and contextual information about these inputs. The two are complementary:inputsdefine the UTXOs being consumed, andinputBEEFprovides the transaction inclusion proofs or data needed for validation. Both must not conflict. If a conflict is detected, the wallet should return an error. Every input requires aninputDescription. This string documents why a particular UTXO was chosen or what it represents. This field is required to ensure proper user-level record-keeping and transparency. Ifbasketis not provided for an output, that output is considered untracked by the wallet. It will not appear inlistOutputs, and the wallet does not maintain any metadata about it. Baskets are used for grouping UTXOs for later retrieval, filtering, and permissioned operations.Signing:
signActionallows for signing and processing previously created transactions from thecreateActionmethod.Aborting:
abortActionfacilitates the cancellation of transactions that have not yet been completed.Internalization:
internalizeActionenables wallets to accept and manage incoming transactions by parsing, tagging, and organizing outputs.Listing:
listActionsandlistOutputsallow querying transactions and outputs based on specific criteria like labels, baskets, and tags. Labels can be attached to transactions to facilitate discovery vialistActionsand tags can be attached to outputs to similarly facilitate discovery vialistOutputs. They are purely organizational tools and cannot be used as triggers or conditional hooks for other wallet operations. They serve only for later searching and categorizing actions.Relinquishment:
relinquishOutputreleases an output from a basket tracked by the wallet, even if it has yet to be spent.Pre-Built Transactions: If you already have a fully constructed transaction in BEEF format and simply need to internalize it into the wallet,
internalizeActionis the appropriate method.createActionis meant for constructing new transactions within the wallet, not for just adding an existing transaction.Tags vs. Labels: Transaction-level labels categorize entire transactions (Actions) and are used with
listActions. Output-level tags categorize individual outputs and are used withlistOutputs. Both are organizational metadata fields and do not trigger special wallet logic or external processes. They exist solely for searching, filtering, and organizing data.
Public Key Management:
Key Retrieval:
getPublicKeyfacilitates the retrieval of public keys, be they derived keys based on protocols or the user's main identity keys.Key Linkage: Methods
revealCounterpartyKeyLinkageandrevealSpecificKeyLinkagedisclose key relationships, as specified in BRC-69, with additional support for future zero-knowledge proof schemes outlined in BRC-97. These are essential for identity verification and the auditing of interactions between parties.
Cryptography Operations:
Encryption/Decryption:
encryptanddecryptmethods implement secure encryption and decryption of data using derived keys and consistent protocol definitions, enabling private exchanges of information between counterparties.HMAC Operations:
createHmacandverifyHmacallow for the creation and verification of Hash-based Message Authentication Codes (HMAC) to ensure data integrity.Signatures:
createSignatureandverifySignatureenable the creation and verification of digital signatures, both public and private, essential for validating the authenticity of transactions, documents, and data.
Identity and Certificate Management:
Certificate Acquisition:
acquireCertificateallows the wallet to obtain identity certificates, either by directly saving them or through a standardized issuance protocol. Conversely,relinquishCertificateallows an old certificate to be removed.Certificate Listing and Discovery:
listCertificates,discoverByIdentityKey, anddiscoverByAttributesenable querying of identity certificates owned by the user or others based on identity keys or specific attributes.Proving Identity Certificates:
proveCertificateleverages selective revelation protocols defined in BRC-52 while integrating future-proof proof schemes from BRC-97. This provides enhanced flexibility and enables users to securely prove their identity or certified attributes to third parties when required.
Blockchain and Network Data:
Blockchain Height:
getHeightretrieves the current height of the blockchain.Merkle Root Retrieval:
getMerkleRootForHeightretrieves the Merkle root at a specific block height.Network and Version Information:
getNetworkandgetVersionretrieve information about the network (mainnet or testnet) and the wallet's version.
Authentication:
User Authentication:
isAuthenticatedchecks the user's authentication status, ensuring they've set up their wallet before operations are attempted.Authentication Wait:
waitForAuthenticationwaits for the user to complete authentication and returns once the wallet has been fully set up.
Data Types and Constraints
To ensure consistency and prevent errors, the interface defines various data types and associated constraints. A few key examples include:
Boolean Types:
BooleanDefaultFalse: Defaults to false if not provided.BooleanDefaultTrue: Defaults to true if not provided.
Integer Types:
Byte: An integer between 0 and 255.PositiveIntegerOrZero: A non-negative integer with an upper bound of 2^32 - 1.PositiveIntegerMax10: A positive integer between 1 and 10.PositiveIntegerDefault10Max10000: A positive integer that defaults to 10, and has an upper bound of 10000.SatoshiValue: Represents a value in Satoshis, ranging between 1 and 2.1 * 10^15.
String Types:
ISOTimestampString: Represents an ISO 8601 format timestamp.HexString: A string containing hexadecimal characters.Base64String: A string in standard base64 encoded format.Specialized Strings: Defined for specific fields, including transactions, descriptions, version strings, certificate field names, etc.
Error Handling and Validation
Errors are raised using a uniform structure containing:
status: Denotes the presence of a failure (always "error").code: A short machine-readable string representing the specific error or fault.description: A human-readable explanation of the error.context: (Optional) Additional contextual data relevant to the error---often binary or debug information.
When errors occur, they must be communicated and thrown such that they preserve these structural elements. Specific instantiations or realizations of this interface, comprising APIs or transport mechanisms for messages between wallets and applications, must specify how these errors are communicated.
Recommended Validation Steps:
Wallets must apply all specified rules and logical validation procedures to all methods within the specification. For example, in the case of createAction, wallets should:
Verify that the required fields (
descriptionplus at least one input or one output) are present.Check that if
inputsare provided, theinputDescriptionfield is also provided for each input.Validate that if
inputBEEFis provided, it corresponds logically to theinputs.Ensure that labels, tags, and basket names comply with the defined format and size constraints.
If any constraints are not met, or if conflicting parameters are detected (e.g., invalid
noSendChange usage), the wallet should return a structured error as previously defined.
Parameter Errors:
If parameters are missing, malformed, or conflict with each other, the wallet should return an error with an appropriate error code and a human-readable description. For instance:
Missing required fields: Return an error code like
ERR_MISSING_PARAMETERand a description stating which parameter is missing.Invalid numeric ranges or string lengths: Return
ERR_INVALID_PARAMETER_VALUE.Conflicts between
inputsandinputBEEF: ReturnERR_CONFLICTING_PARAMETERS.
These are examples; wallets and implementations are free to use their own naming conventions for error codes as long as they provide a clear description field.
Usage and Best Practices
Interoperability: Since the interface is vendor-neutral, developers should ensure they comply fully with the defined types, constraints, and method contracts, allowing their wallets and applications to interface smoothly with others.
Use of Privileged Mode: Methods related to the use of keys include options that allow an alternative "privileged access" mode to be used. When implemented, a secondary and more secure set of keys is used instead of the primary ones. This should only be invoked when necessary, and requires proper justification to be provided.
Request Originators and Permissions: The interface ensures that operations like key derivation, signing, encryption, certificate field revelation, and transaction creation are conducted with proper authorization by incorporating the request's originator. The wallet can then authenticate the originator and seek user permission if necessary.
Restrictions on Protocol and Basket Namespaces
Protocol IDs and basket names are used to control access to data and assets, respectively. In order to ensure that consistent rules apply across wallet implementations, and to ensure that appropriate reservations are made for future permissions architectures (see BRC-98 and BRC-99), we specify the rules that apply to these namespaces here:
Rules for Protocol Names
Protocol IDs:
Must be at least 5 characters.
Generally must not exceed 400 characters (except for the
specific linkage revelationprotocol, which is allowed to be up to 430 characters, since it's the only protocol that encapsulates anotherr full protocol name within itself).Must not contain multiple consecutive spaces (e.g., " ").
Must only contain lowercase letters, numbers, and spaces.
Must not end with
protocol(this is redundant).Must not start with
p(allows for future "specially permissioned" protocols). Specified in BRC-98.
Key IDs:
Must be at least one byte in length.
Must not exceed 800 bytes in length.
Rules for Basket Names
Basket names:
Must be at least 5 characters.
Must be no more than 400 characters.
Must only contain lowercase letters, numbers, and spaces.
Must not end with
basket(this is redundant).Must not contain consecutive spaces.
Must not start with
admin(allows the wallet to manage assets internal to its operations).Must not be
default(some wallets have historically used this for internal operations).Must not start with
p(allows for future "specially permissioned" baskets). Specified in BRC-99.
The Wallet Interface
This interface is specified in TypeScript as follows:
ABI Specification
This section defines the Application Binary Interface (ABI) specification for the Wallet Interface, detailing the binary communication protocol used between applications and wallets over a Wallet Wire. It provides a comprehensive description of how method calls are structured, how data is serialized and deserialized, and how errors and origins are handled within the protocol. This specification ensures that all implementations conform to a standardized binary protocol, enabling interoperability across different platforms and vendors.
Overview
The Wallet ABI defines a binary protocol for communication between an application and the user's digital wallet. Each message transmitted over the Wallet Wire consists of a structured binary frame that includes the method call code, originator information, parameters, and return values. The protocol is designed to be efficient, minimizing the data transmitted while ensuring all necessary information is accurately conveyed.
Message Structure
Every message sent to the wallet follows this general structure:
Call Code (1 byte): An unsigned integer representing the method being invoked.
Originator Length (1 byte): The length of the originator domain name in bytes.
Originator (variable length): The UTF-8 encoded fully qualified domain name (FQDN) of the application originating the request.
Parameters (variable length): Method-specific parameters serialized according to the rules defined in this specification.
Responses from the wallet consist of:
Error Code (1 byte): A byte indicating success (
0) or an error code (1-255).Response Data (variable length): If
Error Codeis0, this contains the serialized return values. If an error occurred, it contains the serialized error message and optional stack trace.
Call Codes
Each method in the Wallet Interface is assigned a unique call code. The call codes are defined as follows:
1
createAction
2
signAction
3
abortAction
4
listActions
5
internalizeAction
6
listOutputs
7
relinquishOutput
8
getPublicKey
9
revealCounterpartyKeyLinkage
10
revealSpecificKeyLinkage
11
encrypt
12
decrypt
13
createHmac
14
verifyHmac
15
createSignature
16
verifySignature
17
acquireCertificate
18
listCertificates
19
proveCertificate
20
relinquishCertificate
21
discoverByIdentityKey
22
discoverByAttributes
23
isAuthenticated
24
waitForAuthentication
25
getHeight
26
getHeaderForHeight
27
getNetwork
28
getVersion
Originator Handling
The originator is the fully qualified domain name (FQDN) of the application making the request. It is included in each message to allow the wallet to:
Identify the requesting application.
Apply appropriate permissions and access controls.
Record audit logs for security and compliance.
The originator is serialized as follows:
Originator Length (1 byte): The length of the originator string in bytes.
Originator (variable length): UTF-8 encoded bytes representing the originator's FQDN.
Error Handling
Errors are communicated using a structured format, ensuring consistent and detailed information about any issues that occur during method execution. This format enables precise error reporting, seamless debugging, and interoperability across implementations:
Error Code (1 byte):
0: Indicates success; the method executed without errors.1-255: Indicates an error occurred; the specific code may correspond to predefined error types or be used for custom error categorization.
If an error occurs (Error Code is non-zero), the following fields are included in the response:
Error Message Length (VarInt): The length of the error message in bytes.
Error Message (variable length): UTF-8 encoded string describing the error.
Stack Trace Length (VarInt): The length of the stack trace in bytes (optional,
-1if absent).Stack Trace (variable length): UTF-8 encoded string containing the stack trace (optional).
Data Types and Serialization
The following data types are used in the binary protocol:
Byte: An unsigned 8-bit integer (
0to255).Int8: A signed 8-bit integer (
-128to127).UInt8: An unsigned 8-bit integer (
0to255).VarInt: A variable-length integer used for lengths and counts.
UTF-8 String: A string prefixed with its length (as a
VarInt), followed by UTF-8 encoded bytes.Byte Array: A sequence of bytes prefixed with its length (as a
VarInt).
VarInt Encoding
Variable-length integers (VarInt) are used to efficiently represent integer values. The encoding follows the Bitcoin protocol's VarInt format:
For values from
0to0xFC(inclusive), a single byte represents the value.For larger values, a marker byte indicates the length:
0xFD: Next two bytes are the value as a little-endian unsigned integer.0xFE: Next four bytes are the value as a little-endian unsigned integer.0xFF: Next eight bytes are the value as a little-endian unsigned integer.
Method Calls Specification
Each method call has specific parameter and return value formats. The following sections detail the serialization and deserialization process for each method.
1. createAction
createActionCall Code:
1
Parameters
description
UTF-8 String
A human-readable description of the action represented by this transaction.
inputBEEF
VarInt Length + Byte Array
BEEF data associated with inputs (optional). Use VarInt -1 if absent.
inputs
VarInt Length + Array
An array of input objects (optional). Use VarInt -1 if absent.
outputs
VarInt Length + Array
An array of output objects (optional). Use VarInt -1 if absent.
lockTime
VarInt
Transaction lock time (optional). Use -1 to indicate absence.
version
VarInt
Transaction version (optional). Use -1 to indicate absence.
labels
VarInt Length + Array
An array of labels (optional). Use VarInt -1 if absent.
options
Int8 Flag + Options Struct
Options object (optional). If present, 1; else, 0.
Inputs Array:
For each input:
outpoint
Byte Array (32 bytes + VarInt)
32-byte TXID followed by VarInt output index.
unlockingScript
VarInt Length + Byte Array
Unlocking script (optional). If present, provide length and data. If absent, use VarInt -1 and then provide unlockingScriptLength (VarInt).
unlockingScriptLength
VarInt
Length of the unlocking script if unlockingScript is absent, VarInt -1 otherwise.
inputDescription
UTF-8 String
Description of this input.
sequenceNumber
VarInt
Sequence number (optional). Use -1 to indicate absence.
Outputs Array:
For each output:
lockingScript
VarInt Length + Byte Array
Locking script.
satoshis
VarInt
Amount in satoshis.
outputDescription
UTF-8 String
Description of this output.
basket
UTF-8 String
Basket name (optional). If absent, VarInt -1.
customInstructions
UTF-8 String
Custom instructions (optional). If absent, VarInt -1.
tags
VarInt Length + Array
Array of tags (optional). If absent, VarInt -1.
For each tag:
UTF-8 String
Options Struct:
signAndProcess
Int8
1 for true, 0 for false, -1 if not provided.
acceptDelayedBroadcast
Int8
1 for true, 0 for false, -1 if not provided.
trustSelf
Int8
1 if 'known', -1 if not provided.
knownTxids
VarInt Length + Array
Array of TXIDs (optional). If absent, VarInt -1.
returnTXIDOnly
Int8
1 for true, 0 for false, -1 if not provided.
noSend
Int8
1 for true, 0 for false, -1 if not provided.
noSendChange
VarInt Length + Array
Array of outpoints (optional). If absent, VarInt -1.
sendWith
VarInt Length + Array
Array of TXIDs (optional). If absent, VarInt -1.
randomizeOutputs
Int8
1 for true, 0 for false, -1 if not provided.
For each TXID:
Byte Array (32 bytes)
For each outpoint:
Byte Array (32 bytes + VarInt)
Return Values
Error Code (1 byte):
0on success.Response Data:
Depending on the outcome, the response may include:
txid
Int8 Flag + Byte Array (32 bytes)
If present, 1 followed by 32-byte TXID. Else, 0.
tx
Int8 Flag + VarInt Length + Byte Array
If present, 1 followed by transaction data (AtomicBEEF). Else, 0.
noSendChange
VarInt Length + Array
Array of outpoints (optional). If absent, VarInt -1.
sendWithResults
VarInt Length + Array
Array of structures containing txid and status. If absent, VarInt -1.
signableTransaction
Int8 Flag + Struct
If present, 1 followed by signable transaction data. Else, 0.
For each outpoint:
Byte Array (32 bytes + VarInt)
For each
sendWithResultsentry:txid: Byte Array (32 bytes)status: Int8 (1for'unproven',2for'sending',3for'failed')
Signable Transaction Struct:
tx
VarInt Length + Byte Array
Transaction data in AtomicBEEF format.
reference
VarInt Length + Byte Array
Reference identifier as a Base64-encoded string.
2. signAction
signActionCall Code:
2
Parameters
spends
VarInt Count + Map
Map of input indexes to spend information.
reference
VarInt Length + Byte Array
Reference number as a Base64-encoded string.
options
Int8 Flag + Options Struct
Options object (optional). If present, 1; else, 0.
For each spend:
inputIndex: VarIntunlockingScript: VarInt Length + Byte ArraysequenceNumber: VarInt (optional). Use-1to indicate absence.
Options Struct:
Same as in the createAction method, but only applicable fields:
acceptDelayedBroadcast
Int8
1 for true, 0 for false, -1 if not provided.
returnTXIDOnly
Int8
1 for true, 0 for false, -1 if not provided.
noSend
Int8
1 for true, 0 for false, -1 if not provided.
sendWith
VarInt Length + Array
Array of TXIDs (optional). If absent, VarInt -1.
For each TXID:
Byte Array (32 bytes)
Return Values
Error Code (1 byte):
0on success.Response Data:
txid
Int8 Flag + Byte Array (32 bytes)
If present, 1 followed by 32-byte TXID. Else, 0.
tx
Int8 Flag + VarInt Length + Byte Array
If present, 1 followed by transaction data (AtomicBEEF). Else, 0.
noSendChange
VarInt Length + Array
Array of outpoints (optional). If absent, VarInt -1.
sendWithResults
VarInt Length + Array
Array of structures containing txid and status. If absent, VarInt -1.
3. abortAction
abortActionCall Code:
3
Parameters
reference
VarInt Length + Byte Array
Reference identifier (Base64-encoded).
Return Values
Error Code (1 byte):
0on success.Response Data: None.
4. listActions
listActionsCall Code:
4
Parameters
labels
VarInt number + Array
Array of labels to filter actions.
labelQueryMode
Int8
1 for 'any', 2 for 'all', -1 if not provided.
includeLabels
Int8
1 for true, 0 for false, -1 if not provided.
includeInputs
Int8
Same as above.
includeInputSourceLockingScripts
Int8
Same as above.
includeInputUnlockingScripts
Int8
Same as above.
includeOutputs
Int8
Same as above.
includeOutputLockingScripts
Int8
Same as above.
limit
VarInt
Maximum number of actions to return. Use -1 if not provided.
offset
VarInt
Number of actions to skip. Use -1 if not provided.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Error Code (1 byte):
0on success.Response Data:
totalActions
VarInt
Total number of actions matching the query.
actions
Array
Serialized array of action objects (details follow).
Action Object:
For each action:
txid
Byte Array (32 bytes)
Transaction ID.
satoshis
VarInt
Amount in satoshis.
status
Int8
Status code (see below).
isOutgoing
Int8
1 for true, 0 for false.
description
UTF-8 String
Description of the action.
labels
VarInt Length + Array
Array of labels (if includeLabels is true, zero-length otherwise).
version
VarInt
Transaction version.
lockTime
VarInt
Transaction lock time.
inputs
VarInt Length + Array
Array of input objects (if includeInputs is true, zero-length otherwise).
outputs
VarInt Length + Array
Array of output objects (if includeOutputs is true, zero-length otherwise).
Status Codes:
1:'completed'2:'unprocessed'3:'sending'4:'unproven'5:'unsigned'6:'nosend'7:'nonfinal'
Input Object:
For each input:
sourceOutpoint
Byte Array
Outpoint (TXID + output index).
sourceSatoshis
VarInt
Amount in satoshis of the source output.
sourceLockingScript
VarInt Length + Byte Array
Locking script of the source output (if included).
unlockingScript
VarInt Length + Byte Array
Unlocking script (if included).
inputDescription
UTF-8 String
Description of the input.
sequenceNumber
VarInt
Sequence number.
Output Object:
For each output:
outputIndex
VarInt
Index of the output within the transaction.
satoshis
VarInt
Amount in satoshis.
lockingScript
VarInt Length + Byte Array
Locking script (if included).
spendable
Int8
1 for true, 0 for false.
outputDescription
UTF-8 String
Description of the output.
basket
UTF-8 String
Basket name (if present, else -1).
tags
VarInt Length + Array
Array of tags (if present, else -1).
customInstructions
UTF-8 String
Custom instructions (if present, else -1).
5. internalizeAction
internalizeActionCall Code:
5
Parameters
tx
VarInt Length + Byte Array
BEEF-formatted transaction.
outputs
VarInt Length + Array
Array of output objects to internalize.
labels
VarInt Length + Array
Array of labels (optional). If absent, -1.
description
UTF-8 String
Description of the action.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Output Object:
For each output:
outputIndex
VarInt
Index of the output within the transaction.
protocol
Int8
1 for 'wallet payment', 2 for 'basket insertion'.
paymentRemittance
Struct
Remittance data for payments (if protocol is 1).
insertionRemittance
Struct
Remittance data for insertions (if protocol is 2).
Payment Remittance Struct:
senderIdentityKey
Byte Array (33 bytes)
Sender's compressed public key.
derivationPrefix
VarInt Length + Byte Array
Base64-encoded derivation prefix.
derivationSuffix
VarInt Length + Byte Array
Base64-encoded derivation suffix.
Insertion Remittance Struct:
basket
UTF-8 String
Basket name.
customInstructions
UTF-8 String
Custom instructions (optional). If absent, -1.
tags
VarInt Length + Array
Array of tags. If absent, length 0.
Return Values
Error Code (1 byte):
0on success.Response Data: None.
6. listOutputs
listOutputsCall Code:
6
Parameters
basket
UTF-8 String
Basket name.
tags
VarInt Length + Array
Array of tags to filter by (optional). If absent, length 0.
tagQueryMode
Int8
1 for 'all', 2 for 'any', -1 if not provided.
include
Int8
1 for 'locking scripts', 2 for 'entire transactions', -1 if not provided.
includeCustomInstructions
Int8
1 for true, 0 for false, -1 if not provided.
includeTags
Int8
Same as above.
includeLabels
Int8
Same as above.
limit
VarInt
Maximum number of outputs to return. Use -1 if not provided.
offset
VarInt
Number of outputs to skip. Use -1 if not provided.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Error Code (1 byte):
0on success.Response Data:
totalOutputs
VarInt
Total number of outputs matching the query.
outputs
Array
Serialized array of output objects (details follow).
Output Object:
For each output:
outpoint
Byte Array
Outpoint (TXID + output index).
satoshis
VarInt
Amount in satoshis.
lockingScript
VarInt Length + Byte Array
Locking script (if included).
tx
VarInt Length + Byte Array
Transaction data (if included).
spendable
Int8
Always 1 (indicates the output is spendable).
customInstructions
UTF-8 String
Custom instructions (if included).
tags
VarInt Length + Array
Array of tags (if included).
labels
VarInt Length + Array
Array of labels (if included).
7. relinquishOutput
relinquishOutputCall Code:
7
Parameters
basket
UTF-8 String
Basket name.
output
Byte Array
Outpoint (TXID + output index) to relinquish.
Return Values
Error Code (1 byte):
0on success.Response Data: None.
8. getPublicKey
getPublicKeyCall Code:
8
Parameters
identityKey
UInt8
1 to retrieve the identity key, 0 otherwise.
protocolID
Struct
Protocol ID (if identityKey is 0).
keyID
UTF-8 String
Key ID (if identityKey is 0).
counterparty
Byte Array or UInt8
Counterparty public key, or 11 for 'self', 12 for 'anyone'.
privileged
Int8
1 for true, 0 for false, -1 if not provided.
privilegedReason
Int8 Length + UTF-8 String
Reason for privileged access (optional).
forSelf
Int8
1 for true, 0 for false, -1 if not provided.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Protocol ID Struct:
securityLevel
UInt8
Security level (0, 1, or 2).
protocolString
UTF-8 String
Protocol identifier string.
Return Values
Error Code (1 byte):
0on success.Response Data:
publicKey
Byte Array (33 bytes)
Compressed DER-formatted public key.
9. revealCounterpartyKeyLinkage
revealCounterpartyKeyLinkageCall Code:
9
Parameters
privileged
Int8
1 for true, 0 for false, -1 if not provided.
privilegedReason
UTF-8 String
The privileged reason string (Optional).
counterparty
Byte Array (33 bytes)
The counterparty's compressed secp256k1 public key.
verifier
Byte Array (33 bytes)
The verifier's compressed secp256k1 public key.
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
prover
Byte Array (33 bytes)
The prover's (user's) compressed public key.
verifier
Byte Array (33 bytes)
The verifier's compressed public key.
counterparty
Byte Array (33 bytes)
The counterparty's compressed public key.
revelationTime
UTF-8 String
ISO 8601 timestamp string indicating the time of revelation.
encryptedLinkage
VarInt Length + Byte Array
The encrypted linkage data.
encryptedLinkageProof
VarInt Length + Byte Array
The encrypted linkage proof data.
10. revealSpecificKeyLinkage
revealSpecificKeyLinkageCall Code:
10
Parameters
Key-Related Parameters
See Key-Related Parameters as defined in call code 10.
verifier
Byte Array (33 bytes)
The verifier's compressed public key.
Key-Related Parameters:
protocolID
Protocol ID Struct
Security level and protocol string (see Protocol ID Struct from call code 8).
keyID
UTF-8 String
Key ID used for key derivation.
counterparty
Byte Array (33 bytes) or UInt8
Counterparty's compressed public key, 11 for 'self', 12 for 'anyone', or 0 if not provided.
privileged
Int8
1 for true, 0 for false, -1 if not provided.
privilegedReason
UTF-8 String
The privileged reason string (Optional).
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
prover
Byte Array (33 bytes)
The prover's compressed public key.
verifier
Byte Array (33 bytes)
The verifier's compressed public key.
counterparty
Byte Array (33 bytes)
The counterparty's compressed public key.
protocolID
Protocol ID Struct
The security level and protocol string used for key derivation, first described in call code 8).
keyID
UTF-8 String
The key ID used for key derivation.
encryptedLinkage
VarInt Length + Byte Array
The encrypted linkage data.
encryptedLinkageProof
VarInt Length + Byte Array
The encrypted linkage proof data.
proofType
UInt8 Number
The type of proof generated
11. encrypt
encryptCall Code:
11
Parameters
Key-Related Parameters
See Key-Related Parameters as defined in call code 10.
plaintext
VarInt Length + Byte Array
The plaintext data to be encrypted.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
ciphertext
Byte Array
The encrypted data (AES-256-GCM).
12. decrypt
decryptCall Code:
12
Parameters
Key-Related Parameters
See Key-Related Parameters as defined in call code 10.
ciphertext
VarInt Length + Byte Array
The ciphertext data to be decrypted.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
plaintext
Byte Array
The decrypted data.
13. createHmac
createHmacCall Code:
13
Parameters
Key-Related Parameters
See Key-Related Parameters as defined in call code 10.
data
VarInt Length + Byte Array
The data over which to compute the HMAC.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
hmac
Byte Array
The computed HMAC value.
14. verifyHmac
verifyHmacCall Code:
14
Parameters
Key-Related Parameters
See Key-Related Parameters as defined in call code 10.
hmac
Byte Array
The HMAC value to verify.
data
VarInt Length + Byte Array
The data over which the HMAC was computed.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Error Code (1 byte):
0if the HMAC is valid, non-zero error code otherwise.Response Data: Nothing extra on successful verification.
15. createSignature
createSignatureCall Code:
15
Parameters
Key-Related Parameters
See Key-Related Parameters as defined in call code 10.
dataTypeFlag
UInt8
1 if signing data, 2 if signing hashToDirectlySign.
data
VarInt Length + Byte Array
The data to be signed (if dataTypeFlag is 1).
hashToDirectlySign
Byte Array (32 bytes)
The hash to directly sign (if dataTypeFlag is 2).
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
signature
Byte Array
The DER-encoded ECDSA signature.
16. verifySignature
verifySignatureCall Code:
16
Parameters
Key-Related Parameters
See Key-Related Parameters as defined in call code 10.
forSelf
Int8
1 for verifying own signature, 0 otherwise, -1 if not provided.
signature
VarInt Length + Byte Array
The DER-encoded ECDSA signature to verify.
dataTypeFlag
UInt8
1 if verifying over data, 2 if over hashToDirectlyVerify.
data
VarInt Length + Byte Array
The data over which the signature was computed (if dataTypeFlag is 1).
hashToDirectlyVerify
Byte Array (32 bytes)
The hash over which the signature was computed (if dataTypeFlag is 2).
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Error Code (1 byte):
0if the signature is valid, non-zero error code otherwise.Response Data: Nothing extra if successfully verified.
17. acquireCertificate
acquireCertificateCall Code:
17
Parameters
type
Byte Array (Base64 encoded)
The certificate type identifier.
certifier
Byte Array (33 bytes)
The certifier's compressed public key.
fields
VarInt number + Map
Map of fieldName to fieldValue (both UTF-8 strings).
privileged
Int8
1 for true, 0 for false, -1 if not provided.
privilegedReason
Int8 Length + UTF-8 String
The reason for the privileged request (Optional).
acquisitionProtocol
UInt8
1 for 'direct', 2 for 'issuance'.
Depending on acquisitionProtocol, include additional fields:
If acquisitionProtocol is 'direct' (1):
serialNumber
Byte Array (Base64 encoded)
The certificate serial number.
revocationOutpoint
Byte Array (32 bytes) + VarInt
The revocation outpoint (TXID + output index).
signature
VarInt Length + Byte Array
The certifier's signature over the certificate data.
keyringRevealer
Byte Array (33 bytes) or UInt8
The revealer's compressed public key, or 11 for 'certifier'.
keyringForSubject
VarInt number of entries + Map
Map of fieldName to keyring values.
If acquisitionProtocol is 'issuance' (2):
certifierUrl
UTF-8 String
The certifier's URL for issuance.
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
certificate
Byte Array
The serialized certificate binary data (format described in call code 19).
18. listCertificates
listCertificatesCall Code:
18
Parameters
certifiers
VarInt Length + Array
Array of certifier public keys (each 33 bytes).
types
VarInt Length + Array
Array of certificate types (where each entry is a byte array of 32 bytes).
limit
VarInt
Maximum number of certificates to return, -1 if not provided.
offset
VarInt
Number of certificates to skip, -1 if not provided.
privileged
Int8
1 for true, 0 for false, -1 if not provided.
privilegedReason
Int8 Length + UTF-8 String
The privileged reason string (Optional)
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
totalCertificates
VarInt
Total number of certificates matching the criteria.
certificates
Array
Array of certificate binary data (see below).
Each certificate in the certificates array is serialized as:
VarInt Length + Byte Array representing the certificate binary data (the certificate binary format as described in
proveCertificatemethod).
19. proveCertificate
proveCertificateCall Code:
19
Parameters
certificate
Certificate Struct
The certificate data (see Certificate Struct below).
fieldsToReveal
VarInt Length + Array
Array of fieldName strings (UTF-8) to reveal.
verifier
Byte Array (33 bytes)
The verifier's compressed public key.
privileged
Int8
1 for true, 0 for false, -1 if not provided.
privilegedReason
Int8 Length + UTF-8 String
The privileged reason (Optional).
Certificate Struct:
type
Byte Array (Base64 encoded)
Certificate type identifier.
subject
Byte Array (33 bytes)
Subject's compressed public key.
serialNumber
Byte Array (Base64 encoded)
Certificate serial number.
certifier
Byte Array (33 bytes)
Certifier's compressed public key.
revocationOutpoint
Byte Array
Revocation outpoint (TXID + output index).
signature
VarInt Length + Byte Array
Certificate signature.
fields
VarInt Length + Map
Map of fieldName to encrypted fieldValue.
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
keyringForVerifier
VarInt number of fields + Map
Map of fieldName to keyring values.
20. relinquishCertificate
relinquishCertificateCall Code:
20
Parameters
type
Byte Array (Base64 encoded)
Certificate type identifier.
serialNumber
Byte Array (Base64 encoded)
Certificate serial number.
certifier
Byte Array (33 bytes)
Certifier's compressed public key.
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data: None.
21. discoverByIdentityKey
discoverByIdentityKeyCall Code:
21
Parameters
identityKey
Byte Array (33 bytes)
The identity key to search for certificates.
limit
VarInt
Maximum number of certificates to return, -1 if not provided.
offset
VarInt
Number of certificates to skip, -1 if not provided.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Error Code (1 byte):
0on success, non-zero error code otherwise.Response Data (on success):
This method returns a list of certificates with additional certifier information and decrypted fields.
totalCertificates
VarInt
Total certificates matching the identity key.
certificates
Array
Array of extended certificate structs (see below).
Each certificate includes:
Certificate Binary Data: Serialized certificate as in
proveCertificatemethod.Certifier Info Struct: Contains the following fields:
FieldTypeDescriptionnameUTF-8 String
Certifier's name.
iconUrlUTF-8 String
Certifier's icon URL.
descriptionUTF-8 String
Certifier's description.
trustUInt8
User trust level of this certifier (1-10).
Publicly Revealed Keyring: Map of
fieldNameto keyring values.Decrypted Fields: Map of
fieldNameto decryptedfieldValuestrings (UTF-8).
22. discoverByAttributes
discoverByAttributesCall Code:
22
Parameters
attributes
VarInt Length + Map
Map of fieldName to fieldValue strings (UTF-8).
limit
VarInt
Maximum number of certificates to return, -1 if not provided.
offset
VarInt
Number of certificates to skip, -1 if not provided.
seekPermission
Int8
1 for true (default), 0 for false, -1 if not provided.
Return Values
Same as discoverByIdentityKey method.
23. isAuthenticated
isAuthenticatedCall Code:
23
Parameters
None.
Return Values
Error Code (1 byte):
0on success.Response Data (on success):
authenticated
UInt8
1 if authenticated, 0 otherwise.
24. waitForAuthentication
waitForAuthenticationCall Code:
24
Parameters
None.
Return Values
Error Code (1 byte):
0once the user is authenticated.Response Data: None.
25. getHeight
getHeightCall Code:
25
Parameters
None.
Return Values
Error Code (1 byte):
0on success.Response Data (on success):
height
VarInt
Current block height.
26. getHeaderForHeight
getHeaderForHeightCall Code:
26
Parameters
height
VarInt
The block height for which to retrieve the header.
Return Values
Error Code (1 byte):
0on success.Response Data (on success):
header
Byte Array (80 bytes)
The serialized block header (80 bytes).
27. getNetwork
getNetworkCall Code:
27
Parameters
None.
Return Values
Error Code (1 byte):
0on success.Response Data (on success):
network
UInt8
0 for 'mainnet', 1 for 'testnet'.
28. getVersion
getVersionCall Code:
28
Parameters
None.
Return Values
Error Code (1 byte):
0on success.Response Data (on success):
version
UTF-8 String
The wallet's version string (e.g., vendor-1.0.0).
General Notes
Absence of Optional Fields: Optional fields are often indicated by a special value (e.g.,
-1as aVarIntfor length fields). Implementations should handle these values appropriately to determine the presence or absence of data.Encoding of Strings: All strings are UTF-8 encoded and prefixed with their length as a
VarInt. The-1value indicates absence, notably different from0which indicates an empty string ("").Error Codes: While only
0(success) and1(generic error) are defined here, implementations may use additional error codes for error classification as needed.Serialization of Nested Structures: Arrays and maps are prefixed with their lengths as VarInts. Nested fields must follow the same serialization rules as their top-level counterparts.
This ABI specification provides a complete and detailed description of the binary protocol used for communication between wallets and applications. By adhering to this specification, developers can ensure compatibility and interoperability across different implementations, enabling a robust and secure ecosystem for wallet interactions within the BSV blockchain ecosystem.
Implementers should carefully follow the serialization and deserialization rules outlined for each method to ensure correct functionality.
Glossary of Terms
AbortAction: A method in the Wallet Interface that allows the cancellation of a transaction that is in progress and has not yet been finalized or sent to the network.
Action: An Action is a Bitcoin transaction plus metadata. It is a foundational concept that aligns with "Action Oriented Programming" (see: https://projectbabbage.com/docs/babbage-sdk/concepts/actions-aop).
Actions: In the context of this specification, an Action is a Bitcoin transaction (as defined within the BSV blockchain context) that is enriched with additional metadata such as descriptions, labels, and other optional data. This concept follows the "Action Oriented Programming" paradigm, where each Action represents a business-level event or operation captured as a blockchain transaction. Actions are created using the createAction method, managed and categorized using labels, and can incorporate outputs tagged for easier retrieval.
AES-256-GCM: Advanced Encryption Standard (AES) cipher with a 256-bit key size using Galois/Counter Mode (GCM); used for symmetric encryption and decryption operations within the Wallet Interface (as per BRC-2). By convention, 32-byte initialization vectors are prepended to the beginning of the ciphertext.
Application Binary Interface (ABI): A specification detailing the binary communication protocol between applications and wallets over a Wallet Wire, ensuring consistent method call structures, data serialization, and error handling as defined in the Wallet Interface.
Background Evaluation Extended Format (BEEF): A compact data format specified in BRC-62 for representing Bitcoin transactions optimized for Simplified Payment Verification (SPV) and efficient data transmission within the Wallet Interface.
Baskets: Conceptual containers within a wallet used to group and manage specific Unspent Transaction Outputs (UTXOs) as per BRC-46, enabling organized tracking and handling across applications or protocols.
Bitcoin Request for Comment (BRC): An informal proposal or standard within the BSV ecosystem that outlines protocols, methods, or guidelines for functionalities such as transactions, key derivation, network architecture, and wallet interfaces.
BKDS (BSV Key Derivation Scheme): A key derivation scheme defined in BRC-42 that allows wallets to derive multiple unique public-private key pairs from a shared master key using the secp256k1 elliptic curve and a counterparty.
Blockchain Height: The number of blocks in the longest valid chain of the blockchain, representing the latest block's height within the BSV network.
BooleanDefaultFalse: A data type representing an optional boolean parameter that defaults to false if not provided in method arguments.
BooleanDefaultTrue: A data type representing an optional boolean parameter that defaults to true if not provided in method arguments.
BSV Blockchain: A network emphasizing stability, scalability, and adherence to Satoshi Nakamoto's original vision for Bitcoin as a token system, a micropayment system, and a peer-to-peer electronic cash system.
Call Code: An unsigned integer used in the ABI specification to represent the method being invoked over the Wallet Wire.
Certificate: In the context of BRC-52, a digital identity document that encapsulates a subject's identity information, certified by a trusted entity, with support for selective field encryption.
Certificate Field Name: The name of a specific attribute or piece of data within an identity certificate, used for identification and selective revelation.
Certificate Revocation: The process by which an identity certificate is invalidated, often implemented via spending a specific UTXO tied to a revocation outpoint; used to indicate the certificate is no longer valid.
Compressed DER-formatted Public Key: A public key formatted according to the Distinguished Encoding Rules (DER), compressed to represent a point on the secp256k1 elliptic curve using 33 bytes (66 hexadecimal characters). The first byte denotes whether Y is odd, and the remaining 32 bytes comprise the X coordinate on the curve.
Counterparty: An entity (e.g., sender, receiver, verifier) involved in a transaction or key derivation process, identified by their public key; used in BKDS and defined in BRC-43.
createAction: A method that constructs a new transaction based on provided inputs, outputs, and options. It can return a completed transaction, or a signableTransaction if the transaction is not finalized.
Custom Instructions: Data attached to UTXOs that provide contextual information or necessary unlocking context within application logic, represented as a string in the Wallet Interface.
Derivation Prefix/Suffix: Values used during the internalization of payment outputs, as described within BRC-29 to generate different key pairs for each output across the same payment.
DescriptionString5to50Characters: A string data type used for descriptions within the Wallet Interface, constrained to a length between 5 and 50 characters.
Digital Signature: A cryptographic value generated using a private key that verifies the authenticity and integrity of data, as outlined in BRC-3 with ECDSA.
ECDH (Elliptic Curve Diffie-Hellman): A key agreement protocol using elliptic curve cryptography that allows two parties to establish a shared secret over an insecure channel.
ECDSA (Elliptic Curve Digital Signature Algorithm): A cryptographic algorithm used for creating digital signatures using elliptic curve cryptography, specifically over the secp256k1 curve.
Encryption/Decryption: The processes of scrambling data to prevent unauthorized access (encryption) and restoring it to its original form (decryption), as specified in BRC-2 with AES-256-GCM and used within the Wallet Interface.
Entity Icon URL: A URL pointing to an icon representing a trusted entity or certifier in identity certificates, used for display and identification purposes.
Entity Name: The name of a trusted entity or certifier associated with an identity certificate, providing a human-readable identifier for the certifier.
Error Handling: The standardized method by which errors are communicated within the Wallet Interface, using structures containing status, code, description, and optional context.
ErrorCodeString10To40Characters: A data type representing a machine-readable error code string with a length between 10 and 40 characters, used in error responses.
ErrorDescriptionString20To200Characters: A data type representing a human-readable error description string with a length between 20 and 200 characters, providing details about an error.
Fully Qualified Domain Name (FQDN): The complete domain name of a specific computer or host on the internet, used as the OriginatorDomainNameString to identify the originator of a request in the Wallet Interface.
HMAC (Hash-based Message Authentication Code): A specific type of message authentication code involving a cryptographic hash function and a secret key, used for data integrity checks within the Wallet Interface.
Identity Key: The master public key of a wallet derived from the master private key using the secp256k1 elliptic curve; used to identify the wallet owner and derive child keys.
Input (Transaction Input): A reference in a transaction to a previous UTXO that is being spent, containing details such as the outpoint and unlocking script.
Key Derivation: The process of generating child keys from a master key using a specified algorithm like BKDS, providing unique keys for different purposes or interactions.
Key ID: A unique identifier differentiating specific keys under the same Protocol ID, allowing for multiple derived keys with different purposes within the same context as defined in BRC-43.
Key Linkage: Information that reveals the relationship between derived keys, used for transparency, auditability, and verification, particularly as per BRC-69 and protected during transit by BRC-72.
Labels (Transaction Labels): Strings used to categorize transactions within a wallet for organizational and filtering purposes.
Locking Script: A script associated with a transaction output that specifies the conditions under which the output can later be spent (also known as an output script or scriptPubKey, though scriptPubKey should no longer be used).
Lock Time: A parameter in a Bitcoin transaction that specifies the earliest time or block height at which the transaction can be included in the blockchain.
Master Private Key: The primary private key of a wallet from which other keys are derived, forming the root of the wallet's key structure.
Merkle Root: The root hash of a Merkle tree, summarizing all transactions in a block; used in SPV to verify transaction inclusion without downloading the entire block.
Originator Domain Name String: The fully qualified domain name (FQDN) of the application that originated the request, used to authenticate and authorize requests in the Wallet Interface.
Outpoint: A reference to a specific output in a previous transaction, identified by the transaction ID (txid) and output index (vout), used when spending UTXOs.
Output (Transaction Output): A component of a transaction that specifies the recipient of funds or data, including the amount (in satoshis) and a locking script.
Output Tags: Strings assigned to outputs within wallets to categorize or indicate attributes, facilitating searching, sorting, and filtering of UTXOs.
Payment Internalization: The process by which a wallet accepts and manages incoming transactions by parsing, tagging, and organizing outputs, as per BRC-29.
Privileged Mode: A mode of operation within the wallet where sensitive or high-security operations are performed using a secondary, more secure set of keys; requires additional authorization.
Private Digital Signature: A signature intended for a specified receiver, created using a private key derived via BKDS, ensuring that only the intended recipient can verify it using the corresponding public key.
Proof-Type: A one-byte unsigned integer (0-255) defined in BRC-97 to specify the type of proof included in specific key linkage revelations. Proof Type 0 indicates no proof is provided, while Proof Types 1-255 are reserved for various zero-knowledge proof (ZKP) schemes, such as STARKs, Bulletproofs or SNARKs. This extensible format supports future advancements in ZKP technologies, enabling flexible and verifiable interactions while maintaining backward compatibility.
Protocol ID: An identifier used in BRC-43 to define the context or usage of a derived key, combining a security level and a protocol string (e.g., [1, "document signing"]).
PubKeyHex: A hexadecimal string representing a compressed DER-formatted secp256k1 public key, 66 characters long (33 bytes).
Satoshi: The smallest unit of Bitcoin, equal to 0.00000001; used as the unit for transaction amounts within the Wallet Interface.
Script Validation: The process of evaluating and verifying the correctness of scripts (locking and unlocking scripts) within transactions, ensuring they adhere to Bitcoin's scripting rules.
Security Level: In BRC-43, a classification that determines the required permissions and access controls for using a derived key (Level 0: open access, Level 1: requires cross-counterparty authorization, Level 2: requires individual permission for each counterparty).
Shared Secret: In ECDH key exchange, a secret value derived by both parties using their own private key and the other party’s public key, used as the basis for deriving child keys or symmetric encryption keys.
Signable Transaction: A Bitcoin transaction that has been created but is not yet fully signed or finalized. This transaction is in a preparatory state where it requires one or more digital signatures before it can be considered complete and potentially broadcast to the Bitcoin network. Returned from createAction as a partially constructed transaction in BEEF (Background Evaluation Extended Format), which includes a reference number for later signing or aborting. This appears when an input does not have its unlocking script yet. The transaction is partially constructed and returned with a reference. The caller can use this reference with signAction to supply the necessary unlocking scripts later. This mechanism decouples the initial transaction construction from the final signing steps.
signAction: A method that signs a previously created transaction (a Signable Action) using the unlocking scripts provided, allowing it to be finalized and potentially broadcast.
Signature: Data that proves the authenticity and integrity of a message or transaction, created using a private key and verifiable with the corresponding public key.
Simplified Payment Verification (SPV): A method for verifying that a transaction is included in the blockchain without downloading the entire chain, by verifying the transaction's inclusion in a block (or its ancestors), checking the scripts that transfer coins, and validating that block via its Merkle root and proof-of-work.
TXID (Transaction ID): A unique identifier for a transaction, calculated as a double SHA-256 hash of the transaction data.
TagQueryMode: A parameter determining how tags are matched when listing outputs within a wallet; can be 'any' (matches if any tag matches) or 'all' (matches only if all queried tags are present).
Transaction: An instruction sent to the Bitcoin network to transfer Bitcoin from one or more inputs to one or more outputs; forms the fundamental operation within the blockchain. Also referred to as Actions when used within applications.
Unlocking Script: A script that satisfies the conditions specified by the locking script of an output, allowing the output to be spent (also known as an input script or scriptSig, though scriptSig should no longer be used).
Unspent Transaction Output (UTXO): An output from a prior transaction that has not yet been spent; represents an amount of Bitcoin controlled by a script that can be used as an input in a new transaction.
Vendor Neutrality: A design principle ensuring that an interface or protocol can be implemented by any vendor without proprietary constraints, promoting interoperability and standardization.
VersionString7To30Characters: A data type representing a version string of the wallet, constrained to be between 7 and 30 characters, in the format [vendor]-[major].[minor].[patch].
Wallet Interface: The standardized set of methods and protocols defined in BRC-100 for communication between wallets and applications in the BSV ecosystem, designed to be unified, vendor-neutral, and open.
Wallet Wire: The communication channel or protocol over which applications and wallets exchange messages using the defined ABI specification.
Conclusion
This specification provides a comprehensive and standardized framework for Wallet-to-Application interactions within the BSV ecosystem. By defining a clear and secure ABI, it fosters interoperability, scalability, and vendor-neutral implementation. The type constraints, structured error handling, and robust serialization methods enable developers to build reliable and secure applications across diverse environments.
Through its open and stable design, this specification ensures that wallets and applications can interoperate seamlessly, driving innovation while preserving stability. The reserved ranges for future call codes and adherence to backward compatibility principles also ensure long-term adaptability to new use cases and evolving technologies.
Developers and implementers are encouraged to align with this standard to enable a unified ecosystem, empowering applications and wallets to interact efficiently and securely, ultimately advancing the adoption and utility of the BSV blockchain.
At long last.
Last updated