home / skills / multiversx / mx-ai-skills / mvx_sdk_py_wallets

mvx_sdk_py_wallets skill

safe

This skill helps you manage MultiversX wallets, derive keys, sign transactions and messages, and securely store credentials.

npx playbooks add skill multiversx/mx-ai-skills --skill mvx_sdk_py_wallets

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

2.6 KB

---
name: mvx_sdk_py_wallets
description: Wallet and key management for MultiversX Python SDK.
---

# MultiversX SDK-Py Wallets & Signing

This skill covers account management, key derivation, and transaction signing.

## Account Creation

```python
from multiversx_sdk import Account, Mnemonic, UserWallet, UserPem

# From PEM file (testing only)
account = Account.new_from_pem("wallet.pem")

# From keystore (production)
account = Account.new_from_keystore("wallet.json", "password")

# From secret key (hex string)
account = Account(secret_key=bytes.fromhex("..."))
```

## Mnemonic Operations

```python
# Generate new mnemonic
mnemonic = Mnemonic.generate()
words = mnemonic.get_words()

# Derive keys
secret_key = mnemonic.derive_key(0)  # Index 0
public_key = secret_key.generate_public_key()
address = public_key.to_address("erd")

# Get address from mnemonic
address = Mnemonic.to_address(mnemonic, 0)
```

## Wallet Storage

```python
# Save mnemonic to keystore
wallet = UserWallet.from_mnemonic(mnemonic.get_text(), "password")
wallet.save("wallet.json")

# Save secret key to keystore
wallet = UserWallet.from_secret_key(secret_key, "password")
wallet.save("wallet.json")

# Save to PEM (testing only)
pem = UserPem(label=address.to_bech32(), secret_key=secret_key)
pem.save("wallet.pem")
```

## Transaction Signing

```python
# Controller-created transactions are auto-signed
tx = controller.create_transaction_for_transfer(account, nonce, ...)

# Manual signing
tx.signature = account.sign_transaction(tx)
```

## Message Signing

```python
from multiversx_sdk import Message

message = Message("Hello".encode())
signature = account.sign_message(message)

# Verify
is_valid = account.verify_message(message, signature)
```

## NativeAuth

Authentication for dApps:

```python
from multiversx_sdk import NativeAuthClient, NativeAuthServer

# Client: Generate token
client = NativeAuthClient("https://app.example.com")
init_token = client.initialize()
# sign init_token...
access_token = client.get_token(address, init_token, signature)

# Server: Validate token
server = NativeAuthServer(accepted_origins=["https://app.example.com"])
result = server.validate(access_token)
# result.address, result.origin, result.block_hash
```

## Ledger

Requires `ledger-wallets` dependency.

```python
from multiversx_sdk import LedgerAccount

ledger = LedgerAccount(index=0)
print(ledger.address)
tx.signature = ledger.sign_transaction(tx)
```

## Security Best Practices

1. **Protect keystore passwords**
2. **Never expose PEM files** in production
3. **Validate addresses** before sending
4. **Use NativeAuth** for authentication

Overview

This skill provides wallet and key management utilities for the MultiversX Python SDK, including account creation, mnemonic handling, keystore/PEM storage, ledger support, and transaction/message signing. It helps developers securely derive keys, persist wallets, and integrate NativeAuth flows for dApp authentication. The implementation focuses on practical APIs for signing transactions and verifying signatures.

How this skill works

The skill exposes constructors and helpers to create Account objects from PEM, keystore, secret key, or mnemonic. Mnemonic utilities generate word lists, derive secret/public keys and produce addresses. Wallet classes allow saving/loading encrypted keystores or PEMs (PEM recommended for testing only). Signing functions attach signatures to transactions and messages; LedgerAccount integrates with hardware wallets when the ledger-wallets dependency is available.

When to use it

When building backend services that must create or restore user accounts from mnemonics or keystores.
When implementing client-side signing or server-side transaction creation and manual signing flows.
When integrating dApp authentication via NativeAuth (token init, sign, and server validation).
When supporting hardware wallets (Ledger) for secure key operations.
When you need deterministic key derivation and address generation for wallets.

Best practices

Store keystore files encrypted and protect passwords using secure vaults or environment secrets.
Avoid using PEM files in production; use keystore JSON with a strong password instead.
Always validate destination addresses and nonces before sending transactions.
Use hardware wallets for high-value accounts and keep mnemonics offline wherever possible.
Use NativeAuth for dApp authentication to avoid reusing raw keys in web apps.

Example use cases

Restore a user account from a mnemonic and derive the primary address for onboarding.
Save a newly generated mnemonic into an encrypted keystore for later recovery.
Sign a controller-created transaction automatically or attach a manual signature before broadcast.
Implement server-side NativeAuth validation to authenticate dApp sessions and verify origins.
Integrate Ledger support to sign transactions without exposing private keys on the server.

FAQ

Can I use PEM files in production?

No. PEM files are meant for testing only. Use encrypted keystore JSON with strong passwords for production.

How do I validate a signed message?

Use account.verify_message(message, signature) to confirm the signature matches the account's public key.