Introducing BitVMX New Open Source Components: Key Management, Storage, and Configuration

BitVMX Key Manager

Multi-Scheme Key Management with Secure Derivation and Signing

The BitVMX Key Manager is a comprehensive Rust library for managing cryptographic keys used in BitVMX protocol transactions. It offers robust methods for generating, importing, and deriving keys, as well as signing messages using a wide variety of cryptographic schemes, including ECDSA, Schnorr, Winternitz One-Time Signatures, and MuSig2.

Internally, all keys are securely persisted via the BitVMX Storage Backend, enabling encrypted and structured storage of key material.

⚙️ Features

• 🔑 Key Generation and Secure Storage
  Automatically creates key pairs and securely stores them in an encrypted keystore.
• 📥 Key Importing
  Import full or partial private keys, including direct input of secret key byte slices.
• 🌱 Hierarchical Key Derivation
  Implements BIP32-style derivation with hardened paths.
• ✍️ Flexible Signing
  Sign messages using ECDSA, Schnorr, Winternitz, or MuSig2. Full support for Taproot tweak logic (key and script path).
• ✅ Signature Verification Verify all supported signature types using the included verifier module.

🛠 Example Usages

📦 Key Manager Initialization

let config = StorageConfig::new("/some_path/keystore.db".to_string(), 
    Some("secret password".to_string()));
let store = Rc::new(Storage::new(&config).unwrap());
let keystore = KeyStore::new(store);

let manager = KeyManager::new(
    Network::Regtest,
    "m/101/1/0/0/".to_string(),
    random_bytes(),
    random_bytes(),
    keystore,
)?;

🔐 Key Importing

let secret_key = SecretKey::from_slice(&[0xcd; 32])?;
manager.import_private_key(secret_key);

let private_keys = vec!["key1", "key2"];
let secret_keys = vec!["sk1", "sk2"];
manager.import_partial_private_keys(private_keys);
manager.import_partial_secret_keys(secret_keys);

🌱 Key Derivation

let keypair = manager.generate_keypair(&mut thread_rng());
let child = manager.derive_keypair(0);
let pubkey = manager.derive_public_key(master_xpub, 1);
let master_xpub = manager.master_xpub();

✍️ Signing and Verifying (ECDSA, Schnorr, Winternitz)

// ECDSA
let message = Message::from_digest(digest);
let signature = manager.sign_ecdsa_message(&message, public_key)?;
signature_verifier.verify_ecdsa_signature(&signature, &message, public_key);

// Schnorr
let schnorr_sig = manager.sign_schnorr_message(&message, &public_key)?;
signature_verifier.verify_schnorr_signature(&schnorr_sig, &message, public_key);

// Winternitz
let signature = manager.sign_winternitz_message(&message[..], WinternitzType::SHA256, 0)?;
let winternitz_key = manager.derive_winternitz(message.len(), WinternitzType::SHA256, 0)?;
signature_verifier.verify_winternitz_signature(&signature, &message, &winternitz_key);

🌳 Taproot Signing

let (sig, tweaked_key) = manager.sign_schnorr_message_with_tap_tweak(&msg, &pubkey, merkle_root)?;

BitVMX Storage Backend

Transactional Key-Value Store with Encryption and Prefix Queries

The BitVMX Storage Backend is a flexible, high-performance Rust library built on RocksDB. It provides a key-value store with encryption, transaction support, and rich querying capabilities based on key prefixes, making it ideal for indexing, metadata storage, and persistent state across services.

This component serves as a critical foundation across the entire BitVMX stack, and is used extensively in components such as the Indexer, Monitor, Coordinator, Protocol Builder, and Client.

🧩 Methods Overview

The Storage struct exposes a comprehensive API, including:

• new() / open(): Create or access a storage instance.
• write() / read(): Basic key-value operations (encrypted if configured).
• set() / get(): Generic methods with serialization support.
• has_key() / is_empty(): Storage state checks.
• partial_compare_keys() / partial_compare(): Filter by key prefix.
• begin_transaction() / commit_transaction() / rollback_transaction(): Transactional operations.
• transactional_write() / transactional_delete(): Scoped atomic writes/deletes.
• delete_db_files(): Fully clean up database files on disk.

🛠 Usage Examples

🔧 Configuration and Initialization

let config = StorageConfig::new("path/to/db".to_string(), Some("password".to_string()));
let storage = Storage::new(&config);

📝 Basic Operations

storage.write("key", "value");
let value = storage.read("key");

let exists = storage.has_key("key")?;
let empty = storage.is_empty();

🧠 Key-Value Manipulation

storage.set("user:42", my_value, None)?;
let fetched: Option = storage.get("user:42")?;
storage.delete("user:42");

🔍 Prefix Queries

let keys = storage.partial_compare_keys("user:")?;
let kv_pairs = storage.partial_compare("session:")?;

🔄 Transactions

let tx_id = storage.begin_transaction();
storage.transactional_write("temp:key", "value", tx_id)?;
storage.commit_transaction(tx_id)?;
// or rollback
storage.rollback_transaction(tx_id)?;

🧹 Database Cleanup

Storage::delete_db_files(&PathBuf::from("path/to/db"))?;

BitVMX Settings

Environment-Aware Configuration Loader

BitVMX Settings is a lightweight but powerful configuration loader for Rust applications. It enables environment-aware configuration management using YAML files, environment variables, and command-line flags. This component standardizes how runtime settings are handled across the BitVMX ecosystem, supporting modular environments like development, staging, or production.

🔧 Features

• Load configs based on the BITVMX_ENV environment variable.
• Supports YAML format in a /config directory.
• CLI overrides using --configuration or -c.

🛠 Usage

// Load default based on BITVMX_ENV
let config: Config = settings::load::()?;

// Load a specific config file
let config_file = Some("custom_config.yaml".to_string());
let config: Config = settings::load_config_file(config_file)?;

This library promotes consistency and clarity across services by centralizing how application behavior is parameterized.

Why These Three Components Are Released Together

These components are tightly coupled and serve as the backbone of BitVMX's protocol and runtime infrastructure.

• The Key Manager uses the Storage Backend to securely persist encrypted keys and derivation metadata.
• Both Key Manager and Storage rely on BitVMX Settings to load their runtime configuration, paths, encryption keys, and operational modes.

Together, these modules ensure that services within the BitVMX ecosystem can be initialized, configured, and extended in a consistent, secure, and testable way.

Work In Progress Disclaimer

⚠️ Work in Progress The components released in this article are under active development.

• They are not yet production-ready.
• No audits have been conducted.
• Breaking changes may occur without notice.

We encourage developers to explore and experiment, but advise against using these tools in production environments at this stage.

Community and Contributions

All three libraries are licensed under the MIT License and hosted publicly on GitHub. Contributions are not only welcomed, they’re encouraged. Whether you want to open an issue, submit a pull request, or suggest improvements, we’d love to collaborate with others building secure and scalable systems on Bitcoin. Together, these components offer a composable, Rust-first foundation for experimental protocols, testnet deployments, wallet prototypes, or full-stack decentralized systems on Bitcoin.

👨🏻‍💻 Repositories

GitHub FairgateLabs 🔗 BitVMX Key Manager 🔗 BitVMX Storage Backend 🔗 BitVMX Settings