Wallets
Wallets manage private keys and prove ownership through cryptographic signatures. The Evolution SDK provides four wallet types, each designed for different security models and operational contexts.
Seed Phrase Wallets
Mnemonic-based wallets for development and testing
Private Key Wallets
Direct cryptographic control for server automation
API Wallets
Browser extensions and hardware wallets via CIP-30
Security
Essential security rules and best practices
Message Signing
Sign and verify messages using CIP-30 COSE signatures
Overviewβ
What wallets do: Sign transactions, derive addresses, prove ownership of funds through cryptographic operations.
What wallets don't do: Query blockchain, build transactions, or submit to networkβthose capabilities come from combining wallets with providers in clients.
Wallet Typesβ
Seed Phrase Walletβ
Derives keys from 24-word mnemonic phrase using BIP39/BIP44 standards.
Configuration:
{
mnemonic: "fitness juice ankle...",
accountIndex: 0
}
Characteristics:
- Keys: Derived from mnemonic + account index
- Signing: Local cryptographic operations
- Best for: Development, testing, multi-account setups
- Security: Low (keys in memory)
Private Key Walletβ
Uses direct extended private key material without mnemonic derivation.
Configuration:
{
paymentKey: "xprv..."
}
Characteristics:
- Keys: Direct extended private key
- Signing: Local cryptographic operations
- Best for: Backend automation, scripts, single-account operations
- Security: Medium (requires secure vault storage)
API Wallet (CIP-30)β
Delegates signing to external wallet applications via CIP-30 standard.
Configuration:
{
api: walletApi // From window.cardano.{walletName}.enable()
}
Characteristics:
- Keys: External (user's device or hardware wallet)
- Signing: User approves each signature through wallet UI
- Best for: User-facing dApps, browser applications
- Security: High (user controls keys)
Read-Only Walletβ
Observes an address without any signing capability.
Configuration:
{
address: "addr1...",
rewardAddress: "stake1..." // Optional
}
Characteristics:
- Keys: None (address only)
- Signing: Not possible
- Best for: Monitoring, auditing, backend transaction building
- Security: Highest (no keys present)
Comparison Matrixβ
| Type | Has Keys | Can Sign | Key Storage | Primary Use Case |
|---|---|---|---|---|
| Seed Phrase | Yes (local) | Yes | Memory/disk | Development, testing |
| Private Key | Yes (local) | Yes | Secure vault | Backend automation |
| API Wallet | No (external) | Via user | User's device | Frontend dApps |
| Read-Only | None | No | N/A | Observation, monitoring |
Usage with Clientsβ
Wallet configs are passed to capability methods like .withSeed(), .withPrivateKey(), .withCip30(), and .withAddress(). The details of wiring a provider and submitting transactions belong in the clients documentation.
In particular, .withCip30() gives you signing capability without provider-backed submission on its own. Frontend flows still rely on a provider-backed client or backend to broadcast the signed transaction.
Example wallet configuration objects:
const seedWalletConfig = { mnemonic: "...", accountIndex: 0 };
const privateKeyWalletConfig = { paymentKey: "..." };
const apiWalletConfig = { api: walletApi };
const readOnlyWalletConfig = { address: "addr1..." };
See Clients documentation for concrete examples that combine a provider and a wallet to build a client capable of querying and submitting transactions.
Security Considerationsβ
Each wallet type has different security implications:
- Seed Phrase: Convenient but exposes mnemonic in code/memory
- Private Key: Better for automation, requires vault (AWS Secrets Manager, HashiCorp Vault)
- API Wallet: Highest security, user controls all signing approvals
- Read-Only: No security risk (no keys)
See Security Best Practices for detailed guidance.
Next Stepsβ
Explore each wallet type in detail:
- Seed Phrase Wallets - Mnemonic-based signing
- Private Key Wallets - Direct key usage
- API Wallets - CIP-30 integration
- Security - Best practices and checklists
- Clients - Using wallets with providers