Skip to main content

Generating SessionSigs Using a PKP

This guide covers the getPkpSessionSigs function from the Lit SDK. For an overview of what Session Signatures are and how they are to be used, please go here.

Using the getPkpSessionSigs function, you can specify the capabilities of your current session on the Lit network.

This function requires you to own a PKP and some form of authentication to prove your identity (e.g. a custom Lit Action, AuthMethod, or AuthSig). It will enable specific abilities for your session keypair defined by the resources you specify.

This function uses the signSessionKey function to sign the session public key using the PKP, which will generate an AuthSig.

Once the AuthSig has been created, it is then signed by the session keypair. Signing the AuthSig with the session keypair creates the Session Signatures.

Prerequisites

Before continuing this guide, you should have an understanding of:

Parameters and Returns Values

To see the parameters and return values of getPkpSessionSigs, please visit our API Docs.

Example Implementation

The full code implementation can be found here.

Installing the Required Dependencies

npm install \
@lit-protocol/auth-helpers \
@lit-protocol/constants \
@lit-protocol/lit-node-client \
@lit-protocol/contracts-sdk \
@lit-protocol/lit-auth-client \
ethers@v5

The node-localstorage dependency is only required when executing code outside a browser environment. The SDK will use the native browser storage when in a browser environment. You can learn more about this here.

Initializing an Ethers Signer

The ETHEREUM_PRIVATE_KEY environment variable is required.

import { LIT_RPC } from "@lit-protocol/constants";
import * as ethers from "ethers";

const ethersSigner = new ethers.Wallet(
process.env.ETHEREUM_PRIVATE_KEY,
new ethers.providers.JsonRpcProvider(LIT_RPC.CHRONICLE_YELLOWSTONE)
);

Initializing a LitNodeClient

Here we are initializing an instance of LitNodeClient and connecting it to the datil-test Lit network.

import { LitNodeClient } from "@lit-protocol/lit-node-client";
import { LitNetwork } from "@lit-protocol/constants";

let litNodeClient: LitNodeClient;

litNodeClient = new LitNodeClient({
litNetwork: LitNetwork.DatilTest,
debug: false,
});
await litNodeClient.connect();

Instantiating a LitContracts Instance

Here we are initializing an instance of LitContracts. This allows us to interact with smart contracts on the Lit network.

import { LitContracts } from "@lit-protocol/contracts-sdk";
import { LitNetwork } from "@lit-protocol/constants";

const litContracts = new LitContracts({
signer: ethersSigner,
network: LitNetwork.DatilTest,
debug: false,
});
await litContracts.connect();

Generating Session Signatures

In this example, we're enabling our session to use a PKP for signing.

The current code uses the wildcard (*) identifier for LitPKPResource, which grants signing abilities to any PKP. This should only be used for example implementations or debugging. A more secure implementation would instead use the PKP tokenId to grant signing abilities to a specific PKP.

To get the Lit resource identifier for other resources, you can use the other methods included in @lit-protocol/auth-helpers package.

If you would like to use this function on the datil or datil-test networks, a capacityDelegationAuthSig is required. Please also keep in mind that implementing this requires owning or minting a PKP and some form of authentication (e.g. a custom Lit Action, Auth Method, or AuthSig). How this is done can be found in the full code example.

import { LitAbility, LitPKPResource } from "@lit-protocol/auth-helpers";

const sessionSignatures = await litNodeClient.getPkpSessionSigs({
pkpPublicKey: pkp.publicKey!,
capabilityAuthSigs: [capacityDelegationAuthSig],
authMethods: [authMethod],
resourceAbilityRequests: [
{
resource: new LitPKPResource("*"),
ability: LitAbility.PKPSigning,
},
],
expiration: new Date(Date.now() + 1000 * 60 * 10).toISOString(), // 10 minutes
});

Clearing Local Storage

If you want to clear the session key stored in the browser local storage, you can call the disconnectWeb3 method.

Summary

This example shows how to enable a session to use a PKP for signing.

The full code implementation can be found here.