Developers can derive canister public keys entirely offline / client-side, without calling the management canister.
We’ve released a new Rust library, and a TypeScript library many developers haven’t discovered yet — both supporting ECDSA and Schnorr key derivation.
Why this matters
ICP’s key derivation is deterministic and public — given the master public key, canister ID, and derivation path, anyone can compute the same canister public key locally.
No secrets. No blockchain calls. Just pure math.
What this enables
-
Verify canister public keys offline / client-side
-
Derive blockchain addresses (e.g. Ethereum, Bitcoin) for canisters
-
Build explorers or dashboards showing cross-chain balances
-
Simplify development and testing without connecting to ICP
Learn how it works
Get started
10 Likes
@franzstefan @JackLloyd I decided to post about this topic here as @skilesare wasn’t aware that this is possible. so I assume others might also not be aware 
do we also have a plan to create a Motoko library?
2 Likes
Thanks for raising awareness of these new libraries. And yes a Motoko library offering ECDSA and Schnorr derivation is in the crypto team’s current work queue and should be publicly available before end of year.
1 Like
@JackLloyd ic-pub-key 0.2.0 seems to still pull in an old version of the ic-cdk via ic-vetkeys. I guess you might want to release a new version with updated dependencies? Meanwhile, I was able to work around the dependency conflict by disabling the vetkeys feature, as I don’t need that:
ic-pub-key = { version = "0.2.0", default-features = false, features = ["secp256k1", "ed25519"] }
Otherwise the library is working great! 
It seems to me the npm module for ic-pub-key is missing the .d.ts files in the dist/ directory. The following does not seems to work despite the exports in the index.ts:
import { DerivationPath, PublicKeyWithChainCode } from "@dfinity/ic-pub-key";
As a workaround, I got it to work by directly referring to the src directory (thus recompiling):
import { DerivationPath, PublicKeyWithChainCode } from "@dfinity/ic-pub-key/src/ecdsa/secp256k1";
This is something we are actively working on in Motoko, would love to sync so exchange notes on this
Thanks for the PRs. I’m working on getting ic-pub-key approved for external contributions, it may be a few days.
3 Likes
I just released ic-pub-key 0.3.0 which should resolve the CDK incompatibility (that said, if you don’t need VetKD support might as well continue using the features as you have been, since VetKD support is going to pull quite a few extra dependencies into your build)
2 Likes