Skip to main content

Try it Live

Run HDWallet examples in the interactive playground

Overview

Extended keys (xprv/xpub) encode HD wallet keys with metadata for hierarchical derivation. They enable key backup, watch-only wallets, and secure key sharing.
Examples:

Extended Key Format

Structure

Components:
  • version: Network and key type (4 bytes)
  • depth: Derivation depth from master (1 byte)
  • parent_fingerprint: First 4 bytes of parent’s pubkey hash (4 bytes)
  • child_number: Index of this child (4 bytes)
  • chain_code: 32 bytes for child derivation (32 bytes)
  • key: Private (0x00 + 32 bytes) or public (33 bytes compressed)

Version Bytes

Extended Private Keys (xprv)

Generation

Import

Capabilities

Security

Critical warnings:

Extended Public Keys (xpub)

Generation

Import

Capabilities

Use Cases

1. Watch-Only Wallets
2. Server-Side Address Generation
3. Auditing/Accounting
4. Sharing with Hardware Wallets

Extended Key Hierarchies

Account-Level xpub

Multi-Level Export

Serialization Details

Base58Check Encoding

Decoding Example

Conversion Between xprv and xpub

xprv → xpub (One-Way)

xpub → xprv (Impossible)

Storage and Backup

Encrypted Storage

Physical Backup

Security Implications

xpub Leak + Child Private Key

If attacker obtains:
  1. Parent xpub
  2. Any non-hardened child private key
They can compute all sibling private keys! Protection: Use hardened derivation

xpub Privacy

xpub reveals all derived addresses:

Best Practices

1. Minimize xprv Exposure
2. Use xpub for Watch-Only
3. Backup Both Mnemonic and Derivation Info
4. Verify Extended Keys

References