View Keys

View keys let anyone decrypt content without needing a wallet. They're shareable, single-purpose decryption keys.

How They Work

A view key is a random secp256k1 keypair. The public key is added as a recipient during encryption. The private key (the "view key") is shared with whoever should have access.

objekt_vk_a1b2c3d4e5f6...   ← 32-byte private key, hex-encoded with prefix

Generate a View Key

objekt put secret.txt -w my-wallet --encrypt --view-key --storage ipfs

Output:

{
  "uri": "ipfs://Qm...",
  "permalink": "https://ipfs.objekt.sh/Qm...",
  "viewKey": "objekt_vk_a1b2c3d4e5f6..."
}

Decrypt with a View Key

objekt get <key> --view-key objekt_vk_a1b2c3d4e5f6...

Programmatic Usage

import { generateViewKey, parseViewKey, encryptForRecipients, decryptEnvelope } from "@objekt.sh/ecies";
 
// Generate
const { viewKey, recipient, keypair } = generateViewKey();
 
// Add as recipient during encryption
const envelope = encryptForRecipients(plaintext, [
  { pubKey: ownerKey.publicKey, curve: ownerKey.curve },
  recipient,  // view key recipient
], { mime: "text/plain" });
 
// Decrypt with view key
const parsed = parseViewKey(viewKey);
const { plaintext: decrypted } = decryptEnvelope(envelope, [parsed]);

View Keys + Reveal

View keys are the bridge between encryption and the reveal service. The flow:

Encrypt with a view key

objekt put secret.txt -w my-wallet --encrypt --view-key --storage ipfs

Deposit the view key for sale

objekt reveal deposit 1a35e1.eth phone \
  --view-key objekt_vk_... \
  --price 5.00 \
  --content-uri ipfs://Qm... \
  -w my-wallet

Buyer purchases access

objekt reveal buy 1a35e1.eth phone -w buyer-wallet
# → Returns the view key after USDC payment

Buyer decrypts

objekt get ipfs://Qm... --view-key objekt_vk_...

Commitment Hash

When depositing a view key, the reveal service computes sha256(viewKey) as a commitment hash. This can be published as an ENS text record so buyers can verify they received the correct key after purchase.