0xKey
Key Management

Cryptographic security from first principles

Private key generation, storage, and signing — all secured inside Trusted Execution Environments. Verifiable by design.

Enterprise-grade key management built for scale

Trusted Execution Environments

All key operations run inside AWS Nitro Enclaves — hardware-isolated environments where even 0xKey staff cannot access your private keys.

End-to-end Encryption

Keys are encrypted at generation and only decrypted inside TEEs. Raw private keys never touch unprotected memory.

Cryptographic Verifiability

Every enclave produces a cryptographic attestation you can verify independently — no blind trust required.

Access Control

Fine-grained policies control who can use which keys, for what operations, under what conditions.

Arbitrary Signing

Support any blockchain or signing algorithm — EVM, Solana, Bitcoin, Cosmos, and beyond.

High Performance

50ms signing latency, 99.9% uptime. 50-100x faster than MPC alternatives for production-grade scale.

Architecture

How 0xKey secures your keys

01

Key Generation

Private keys are generated inside a TEE using cryptographically secure random number generation. The raw key never leaves the enclave.

02

Encrypted Storage

Keys are encrypted with a master key sealed to the TEE hardware, then stored in encrypted form. Decryption requires running inside the same enclave.

03

Policy Evaluation

Before any signing operation, the policy engine evaluates the request against your configured rules — who, what, when, and how much.

04

Signing

If the policy passes, signing occurs inside the TEE. The signature is returned; the private key stays in the enclave.

Why TEE?

0xKey vs MPC vs HSM

Why Trusted Execution Environments outperform the alternatives for verifiable, high-performance key management.

Property0xKey (TEE)MPCHSM
Signing latency~50ms500ms–2s10–100ms
Cryptographic verifiability✓ Hardware attestation✗ Trust-basedPartial
Non-custodial by design✓ StructuralPartial
Multi-party attack resistance✓ Enclave isolation✓ Key sharesPartial
Chain-agnostic signing✓ Any curveVariesLimited
Open source verifiable code✓ Reproducible builds
Horizontal scalability✗ ComplexExpensive

06 / Start shipping

Build accounts, not wallets.

Start with a free developer key. Ship your first policy-gated, agent-signed transaction in minutes.