Understanding Turnkey: The Ultimate Secure Private Key Infrastructure For Crypto Developers

Intermediate8/9/2024, 3:15:53 AM
Discover Turnkey, a groundbreaking private key infrastructure designed for crypto developers. With simple and secure APIs, Turnkey enables scalable management and signing of private keys, empowering developers to drive the next generation of crypto innovation.

Managing private keys securely and efficiently remains a significant challenge for crypto developers. Traditional financial custody models have dominated the landscape, prioritizing long-term storage over frequent access and introducing organizational friction. This approach is not designed to support the dynamic and high-frequency nature of on-chain transactions, hindering the full potential of crypto innovation.

That’s where Turnkey comes in—a private key infrastructure purposely built for crypto developers. Turnkey provides simple, secure APIs that allow developers to dynamically generate thousands of wallets and sign thousands of transactions across any chain. This scalable, accessible, and secure solution empowers developers to overcome existing limitations and drive the next generation of crypto products.

What is Turnkey?


Source: Turnkey Blog

Turnkey is a private key infrastructure specifically designed to meet the needs of crypto developers. Recognizing the limitations of existing key management solutions, Turnkey offers simple, secure APIs that enable developers to generate thousands of wallets and sign transactions at scale, across any blockchain. Built with security at its core, Turnkey leverages years of industry expertise to provide institutional-grade protection while maintaining ease of access and use.

Turnkey is an API-first product that allows developers to generate wallets on any chain programmatically, store private keys with institutional-grade security, sign transactions across multiple blockchains, and manage access permissions — the sum of which expand the scope of applications web3 developers can build.

The Mission and Vision of Turnkey

Turnkey’s mission is to empower developers by removing the complexities and risks of private key management. By providing scalable, flexible, and secure solutions, Turnkey aims to accelerate the development and adoption of new crypto products and services.

Core Features of Turnkey

Turnkey is a platform designed to simplify and secure the integration of crypto functionalities into applications. Here are some of its key features:

HD Wallet Support

Turnkey now supports Hierarchical Deterministic (HD) wallets, enabling the generation of multiple keys from a single master seed. This feature allows the creation of millions of addresses, compatible with various cryptographic curves. HD wallets can be easily backed up and recovered using a simple mnemonic phrase, making them more manageable for consumers than standard private keys. Additionally, Turnkey caters to different preferences and requirements by supporting private keys and HD wallets, providing flexible key management options.

Wallet Export Functionality

Turnkey ensures that users have full control over their crypto assets by allowing the export of wallets and private keys at any time. The export process is secure, encrypting the mnemonic with a key in the user’s local storage, preventing Turnkey or any application from intercepting the exported data. To maintain transparency and security, Turnkey provides detailed documentation and open-source helper packages for the export process, ensuring users can trust the integrity of their data.

Email Authentication

Turnkey simplifies the user experience by offering email-based authentication, where end users receive a one-time passcode to log in and initiate sessions. This method is especially beneficial for new crypto users. During a valid session, users can take multiple actions without needing to re-authenticate each time, enhancing convenience for activities that require frequent interactions, such as gaming. Secure sessions are maintained using an expiring API key in local storage, ensuring safe and authenticated access.

Secure Email Recovery

To enhance security, Turnkey supports email as a recovery method for passkeys. This additional recovery option involves encrypted communications and secure storage of recovery credentials, ensuring that no party can intercept the credentials. The recovery process is straightforward: users receive an email with a code, enter it into the recovery form, and can then create a new authenticator. This method provides a simple yet secure way for users to regain access to their wallets.

Wallet Import Functionality

Turnkey allows users and developers to import existing wallets using a 12-24 word seed phrase or a private key in hexadecimal (Ethereum-compatible) or Solana format. The import process is secure, ensuring that neither Turnkey nor any intermediaries have access to the wallet’s seed phrase or private key, thanks to a unique encryption protocol. Ephemeral key exchange is used, where the user’s client and secure enclave generate ephemeral public keys to securely encrypt private keys, ensuring only the user can decrypt them.

Programmable Policies and API Functionality

Turnkey’s advanced policy engine allows for customizable policies, providing fine-grained control over key usage, access controls, and transaction limits. The developer-friendly APIs are designed to simplify private key management and transaction execution, with flexible permissions to meet various application needs. These programmable policies and APIs empower developers to create secure and tailored crypto functionalities for their applications.

Open Source and Community Support

Turnkey is committed to transparency and developer support, offering open-source examples, SDKs, and detailed documentation to help developers get started quickly and securely. The community support Slack provides a platform for developers to seek direct assistance and engage with the Turnkey team and other community members. This open and supportive environment encourages collaboration and innovation in building crypto applications.

Institutional-Grade Security

Turnkey is designed to meet institutional-grade security standards, drawing on the team’s extensive experience from leading crypto firms. This ensures a secure environment for key management and transaction signing.

The Technology Behind Turnkey

Turnkey offers a robust, secure infrastructure for private key management in crypto. Here’s an overview of its key technologies and principles:

Secure Enclaves

Turnkey runs all security-critical workloads in “Secure Enclaves,” a type of Trusted Execution Environment (TEE). These enclaves provide hardware-enforced isolation, ensuring secure operations such as private key generation, transaction signing, and policy evaluation. Enclaves have no persistent storage, interactive access, or external networking, making them highly secure and tamper-proof.

QuorumOS

Turnkey has developed QuorumOS, a minimal, immutable Linux unikernel operating system. This system ensures end-to-end transparency into the code running in the enclaves and prevents any single developer from altering or deploying enclaves or reconstructing core secrets.

Remote Attestation

Turnkey employs remote attestation to verify the integrity of the machines and code within the secure enclaves. Each deployment involves attesting to the code before posting shares of core secrets into the enclave, ensuring that secure applications are trusted and verifiable.

Cryptographic Security

Turnkey’s secure enclaves support cryptographic attestation to verify the enclave’s identity and ensure only authorized code is running. The architecture ensures that even if systems outside of the enclaves fail, the cryptographic security of the private keys remains intact, guaranteeing that raw private keys are never exposed to the software, team, or external threats.

Non-Custodial Key Management

Turnkey’s non-custodial model ensures that developers and end users retain control over their private keys. Encrypted private keys are stored and only decrypted within secure enclaves running verified Turnkey applications, providing high security while maintaining flexibility for various crypto applications.

Policy Engine

Turnkey’s policy engine operates within the secure enclaves, ensuring all actions on private keys and transactions adhere to customer-defined policies. This system allows for detailed control and customization of key usage, access controls, and transaction limits.

Stateless Design and Verifiable Data

Turnkey’s enclave applications are stateless, with no persistent data held behind the enclave boundary. Data is stored in a PostgreSQL instance and verified by Turnkey’s notarizer before processing, ensuring data authenticity and integrity and preventing man-in-the-middle or downgrade attacks.

How Does Turnkey Work?

At its core, a Turnkey Organization is structured around several key resources:

  • Users: These can be either humans or machines that have access to the Organization.
  • Policies: These are the rules that define which actions users can take within the Organization.
  • Private Keys: These are crypto private keys used to derive addresses and sign transactions.
  • Wallets: Collections of crypto private keys that share a common seed.
  • Credentials: These are used to verify users, including WebAuthn authenticators for human users and API keys for API users.

Turnkey Functionality

Turnkey’s functionality is primarily driven by its REST API, which supports two main types of actions:

  1. Changing or retrieving Organization data: This involves managing the various resources within the Organization.

  2. Signing transactions and raw payloads with crypto private keys: This is crucial for executing secure and authenticated transactions.

Importantly, no predefined relationship exists between any of the resources in a Turnkey Organization. Instead, the Policies you set determine which users can perform which actions and under what conditions. This flexible approach allows for tailored and secure management of your crypto assets and organizational data.

Use Cases of Turnkey

Turnkey’s flexible infrastructure opens up a world of possibilities for crypto developers. Here’s a glimpse into what you can create using Turnkey’s powerful APIs and infrastructure:

Custom Wallet Solutions

Turnkey enables the development of integrated, non-custodial wallets for users, facilitating seamless transaction signing. For example, developers can create an open-sourced consumer wallet using passkeys for secure transactions. Additionally, Turnkey supports the creation of multi-signature wallets, which require multiple signatures for added security, making them ideal for team treasuries or high-value transactions.

Automated Operations

With Turnkey, smart contract interactions can be automated, allowing tasks such as token transfers or contract executions to be triggered automatically based on predefined conditions. This feature streamlines operations, reducing the need for manual intervention. Furthermore, Turnkey enables the implementation of automated staking operations and precise management of reward distribution, ensuring efficiency and accuracy in these processes.

Advanced Key Management

Turnkey offers policy-driven key management, allowing users to set detailed policies around key usage, including access controls and transaction limits. This level of customization enhances security and operational workflows. Organizations can also benefit from secure internal treasury management, using multi-signature approval processes to ensure that funds are handled securely and transparently.

Innovative User Experiences

Turnkey provides the tools to design and embed personalized wallet experiences directly into applications, moving beyond generic pre-built interfaces. Developers can implement features like social recovery mechanisms and multi-signature authorization to enhance user security and flexibility, offering a more tailored and secure user experience.

Integration with Existing Systems

Turnkey facilitates the automation of treasury rebalancing, allowing funds to be efficiently managed between operational and long-term storage wallets. This optimizes liquidity and security for organizations. Turnkey private keys can also be configured as signers for Gnosis Safe, enabling advanced automation and security features, further integrating Turnkey’s infrastructure with existing systems.

Turnkey’s Team

Turnkey is led by a team that has already delivered a winning custody solution at scale. Founders Sam McIngvale, Bryce Ferguson, and Jack Kearney met in 2018 while at Coinbase Custody and were instrumental in building it from the ground up — Sam was Coinbase Custody’s head of product, Bryce its first product manager, and Jack its first engineer. They built a product that, over time, has been responsible for protecting over $200 billion in assets. Sam, Bryce, and Jack have scaled enterprise custody, and believe they’re now the perfect team to solve developers’ private key infrastructure needs.

Turnkey’s Fundraising

Turnkey has successfully completed a $15 million Series A funding round, co-led by Lightspeed Faction and Galaxy Ventures. This round also saw significant contributions from top investors including Sequoia, Coinbase Ventures, Alchemy, Figment Capital, and Mirana Ventures, among others.

This substantial investment will enable Turnkey to accelerate its mission of revolutionizing crypto infrastructure. With the new funds, Turnkey plans to enhance its secure, flexible, and scalable wallet infrastructure, providing developers with the tools they need to create seamless onchain experiences for users. This funding round highlights the confidence that leading investors have in Turnkey’s potential to address the crypto UX problem and drive widespread adoption in the industry.

Conclusion

Turnkey is poised to transform the crypto landscape by addressing fundamental UX challenges with a fresh perspective on wallet infrastructure. By focusing on security, scalability, and developer flexibility, Turnkey is enabling developers to build seamless on-chain experiences that can bring more users and institutions into the crypto ecosystem.

Author: Angelnath
Translator: Cedar
Reviewer(s): Matheus、KOWEI、Ashley
* The information is not intended to be and does not constitute financial advice or any other recommendation of any sort offered or endorsed by Gate.io.
* This article may not be reproduced, transmitted or copied without referencing Gate.io. Contravention is an infringement of Copyright Act and may be subject to legal action.

Understanding Turnkey: The Ultimate Secure Private Key Infrastructure For Crypto Developers

Intermediate8/9/2024, 3:15:53 AM
Discover Turnkey, a groundbreaking private key infrastructure designed for crypto developers. With simple and secure APIs, Turnkey enables scalable management and signing of private keys, empowering developers to drive the next generation of crypto innovation.

Managing private keys securely and efficiently remains a significant challenge for crypto developers. Traditional financial custody models have dominated the landscape, prioritizing long-term storage over frequent access and introducing organizational friction. This approach is not designed to support the dynamic and high-frequency nature of on-chain transactions, hindering the full potential of crypto innovation.

That’s where Turnkey comes in—a private key infrastructure purposely built for crypto developers. Turnkey provides simple, secure APIs that allow developers to dynamically generate thousands of wallets and sign thousands of transactions across any chain. This scalable, accessible, and secure solution empowers developers to overcome existing limitations and drive the next generation of crypto products.

What is Turnkey?


Source: Turnkey Blog

Turnkey is a private key infrastructure specifically designed to meet the needs of crypto developers. Recognizing the limitations of existing key management solutions, Turnkey offers simple, secure APIs that enable developers to generate thousands of wallets and sign transactions at scale, across any blockchain. Built with security at its core, Turnkey leverages years of industry expertise to provide institutional-grade protection while maintaining ease of access and use.

Turnkey is an API-first product that allows developers to generate wallets on any chain programmatically, store private keys with institutional-grade security, sign transactions across multiple blockchains, and manage access permissions — the sum of which expand the scope of applications web3 developers can build.

The Mission and Vision of Turnkey

Turnkey’s mission is to empower developers by removing the complexities and risks of private key management. By providing scalable, flexible, and secure solutions, Turnkey aims to accelerate the development and adoption of new crypto products and services.

Core Features of Turnkey

Turnkey is a platform designed to simplify and secure the integration of crypto functionalities into applications. Here are some of its key features:

HD Wallet Support

Turnkey now supports Hierarchical Deterministic (HD) wallets, enabling the generation of multiple keys from a single master seed. This feature allows the creation of millions of addresses, compatible with various cryptographic curves. HD wallets can be easily backed up and recovered using a simple mnemonic phrase, making them more manageable for consumers than standard private keys. Additionally, Turnkey caters to different preferences and requirements by supporting private keys and HD wallets, providing flexible key management options.

Wallet Export Functionality

Turnkey ensures that users have full control over their crypto assets by allowing the export of wallets and private keys at any time. The export process is secure, encrypting the mnemonic with a key in the user’s local storage, preventing Turnkey or any application from intercepting the exported data. To maintain transparency and security, Turnkey provides detailed documentation and open-source helper packages for the export process, ensuring users can trust the integrity of their data.

Email Authentication

Turnkey simplifies the user experience by offering email-based authentication, where end users receive a one-time passcode to log in and initiate sessions. This method is especially beneficial for new crypto users. During a valid session, users can take multiple actions without needing to re-authenticate each time, enhancing convenience for activities that require frequent interactions, such as gaming. Secure sessions are maintained using an expiring API key in local storage, ensuring safe and authenticated access.

Secure Email Recovery

To enhance security, Turnkey supports email as a recovery method for passkeys. This additional recovery option involves encrypted communications and secure storage of recovery credentials, ensuring that no party can intercept the credentials. The recovery process is straightforward: users receive an email with a code, enter it into the recovery form, and can then create a new authenticator. This method provides a simple yet secure way for users to regain access to their wallets.

Wallet Import Functionality

Turnkey allows users and developers to import existing wallets using a 12-24 word seed phrase or a private key in hexadecimal (Ethereum-compatible) or Solana format. The import process is secure, ensuring that neither Turnkey nor any intermediaries have access to the wallet’s seed phrase or private key, thanks to a unique encryption protocol. Ephemeral key exchange is used, where the user’s client and secure enclave generate ephemeral public keys to securely encrypt private keys, ensuring only the user can decrypt them.

Programmable Policies and API Functionality

Turnkey’s advanced policy engine allows for customizable policies, providing fine-grained control over key usage, access controls, and transaction limits. The developer-friendly APIs are designed to simplify private key management and transaction execution, with flexible permissions to meet various application needs. These programmable policies and APIs empower developers to create secure and tailored crypto functionalities for their applications.

Open Source and Community Support

Turnkey is committed to transparency and developer support, offering open-source examples, SDKs, and detailed documentation to help developers get started quickly and securely. The community support Slack provides a platform for developers to seek direct assistance and engage with the Turnkey team and other community members. This open and supportive environment encourages collaboration and innovation in building crypto applications.

Institutional-Grade Security

Turnkey is designed to meet institutional-grade security standards, drawing on the team’s extensive experience from leading crypto firms. This ensures a secure environment for key management and transaction signing.

The Technology Behind Turnkey

Turnkey offers a robust, secure infrastructure for private key management in crypto. Here’s an overview of its key technologies and principles:

Secure Enclaves

Turnkey runs all security-critical workloads in “Secure Enclaves,” a type of Trusted Execution Environment (TEE). These enclaves provide hardware-enforced isolation, ensuring secure operations such as private key generation, transaction signing, and policy evaluation. Enclaves have no persistent storage, interactive access, or external networking, making them highly secure and tamper-proof.

QuorumOS

Turnkey has developed QuorumOS, a minimal, immutable Linux unikernel operating system. This system ensures end-to-end transparency into the code running in the enclaves and prevents any single developer from altering or deploying enclaves or reconstructing core secrets.

Remote Attestation

Turnkey employs remote attestation to verify the integrity of the machines and code within the secure enclaves. Each deployment involves attesting to the code before posting shares of core secrets into the enclave, ensuring that secure applications are trusted and verifiable.

Cryptographic Security

Turnkey’s secure enclaves support cryptographic attestation to verify the enclave’s identity and ensure only authorized code is running. The architecture ensures that even if systems outside of the enclaves fail, the cryptographic security of the private keys remains intact, guaranteeing that raw private keys are never exposed to the software, team, or external threats.

Non-Custodial Key Management

Turnkey’s non-custodial model ensures that developers and end users retain control over their private keys. Encrypted private keys are stored and only decrypted within secure enclaves running verified Turnkey applications, providing high security while maintaining flexibility for various crypto applications.

Policy Engine

Turnkey’s policy engine operates within the secure enclaves, ensuring all actions on private keys and transactions adhere to customer-defined policies. This system allows for detailed control and customization of key usage, access controls, and transaction limits.

Stateless Design and Verifiable Data

Turnkey’s enclave applications are stateless, with no persistent data held behind the enclave boundary. Data is stored in a PostgreSQL instance and verified by Turnkey’s notarizer before processing, ensuring data authenticity and integrity and preventing man-in-the-middle or downgrade attacks.

How Does Turnkey Work?

At its core, a Turnkey Organization is structured around several key resources:

  • Users: These can be either humans or machines that have access to the Organization.
  • Policies: These are the rules that define which actions users can take within the Organization.
  • Private Keys: These are crypto private keys used to derive addresses and sign transactions.
  • Wallets: Collections of crypto private keys that share a common seed.
  • Credentials: These are used to verify users, including WebAuthn authenticators for human users and API keys for API users.

Turnkey Functionality

Turnkey’s functionality is primarily driven by its REST API, which supports two main types of actions:

  1. Changing or retrieving Organization data: This involves managing the various resources within the Organization.

  2. Signing transactions and raw payloads with crypto private keys: This is crucial for executing secure and authenticated transactions.

Importantly, no predefined relationship exists between any of the resources in a Turnkey Organization. Instead, the Policies you set determine which users can perform which actions and under what conditions. This flexible approach allows for tailored and secure management of your crypto assets and organizational data.

Use Cases of Turnkey

Turnkey’s flexible infrastructure opens up a world of possibilities for crypto developers. Here’s a glimpse into what you can create using Turnkey’s powerful APIs and infrastructure:

Custom Wallet Solutions

Turnkey enables the development of integrated, non-custodial wallets for users, facilitating seamless transaction signing. For example, developers can create an open-sourced consumer wallet using passkeys for secure transactions. Additionally, Turnkey supports the creation of multi-signature wallets, which require multiple signatures for added security, making them ideal for team treasuries or high-value transactions.

Automated Operations

With Turnkey, smart contract interactions can be automated, allowing tasks such as token transfers or contract executions to be triggered automatically based on predefined conditions. This feature streamlines operations, reducing the need for manual intervention. Furthermore, Turnkey enables the implementation of automated staking operations and precise management of reward distribution, ensuring efficiency and accuracy in these processes.

Advanced Key Management

Turnkey offers policy-driven key management, allowing users to set detailed policies around key usage, including access controls and transaction limits. This level of customization enhances security and operational workflows. Organizations can also benefit from secure internal treasury management, using multi-signature approval processes to ensure that funds are handled securely and transparently.

Innovative User Experiences

Turnkey provides the tools to design and embed personalized wallet experiences directly into applications, moving beyond generic pre-built interfaces. Developers can implement features like social recovery mechanisms and multi-signature authorization to enhance user security and flexibility, offering a more tailored and secure user experience.

Integration with Existing Systems

Turnkey facilitates the automation of treasury rebalancing, allowing funds to be efficiently managed between operational and long-term storage wallets. This optimizes liquidity and security for organizations. Turnkey private keys can also be configured as signers for Gnosis Safe, enabling advanced automation and security features, further integrating Turnkey’s infrastructure with existing systems.

Turnkey’s Team

Turnkey is led by a team that has already delivered a winning custody solution at scale. Founders Sam McIngvale, Bryce Ferguson, and Jack Kearney met in 2018 while at Coinbase Custody and were instrumental in building it from the ground up — Sam was Coinbase Custody’s head of product, Bryce its first product manager, and Jack its first engineer. They built a product that, over time, has been responsible for protecting over $200 billion in assets. Sam, Bryce, and Jack have scaled enterprise custody, and believe they’re now the perfect team to solve developers’ private key infrastructure needs.

Turnkey’s Fundraising

Turnkey has successfully completed a $15 million Series A funding round, co-led by Lightspeed Faction and Galaxy Ventures. This round also saw significant contributions from top investors including Sequoia, Coinbase Ventures, Alchemy, Figment Capital, and Mirana Ventures, among others.

This substantial investment will enable Turnkey to accelerate its mission of revolutionizing crypto infrastructure. With the new funds, Turnkey plans to enhance its secure, flexible, and scalable wallet infrastructure, providing developers with the tools they need to create seamless onchain experiences for users. This funding round highlights the confidence that leading investors have in Turnkey’s potential to address the crypto UX problem and drive widespread adoption in the industry.

Conclusion

Turnkey is poised to transform the crypto landscape by addressing fundamental UX challenges with a fresh perspective on wallet infrastructure. By focusing on security, scalability, and developer flexibility, Turnkey is enabling developers to build seamless on-chain experiences that can bring more users and institutions into the crypto ecosystem.

Author: Angelnath
Translator: Cedar
Reviewer(s): Matheus、KOWEI、Ashley
* The information is not intended to be and does not constitute financial advice or any other recommendation of any sort offered or endorsed by Gate.io.
* This article may not be reproduced, transmitted or copied without referencing Gate.io. Contravention is an infringement of Copyright Act and may be subject to legal action.
Start Now
Sign up and get a
$100
Voucher!