Generate Keys
POST /v1/keys/generate
Generate a post-quantum cryptographic key pair. The key pair is generated server-side and returned to the client.
Authentication: Secret key required (qs_sec_*)
When using the SDK, key generation happens locally on the client and never touches the server. This endpoint is for direct API usage where client-side generation is not available.
Request
{
"algorithm": "ml-dsa-65",
"chain": "ethereum",
"format": "hex"
}
Parameters
| Field | Type | Required | Description |
|---|
algorithm | string | Yes | PQC algorithm to use |
chain | string | Yes | Target blockchain |
format | string | No | Key encoding format. Default: hex |
Algorithm Enum
| Value | NIST Standard | Security Level | Key Size |
|---|
ml-dsa-44 | FIPS 204 | 2 (128-bit) | ~1.3 KB |
ml-dsa-65 | FIPS 204 | 3 (192-bit) | ~1.9 KB |
ml-dsa-87 | FIPS 204 | 5 (256-bit) | ~2.6 KB |
slh-dsa-128s | FIPS 205 | 1 (128-bit) | ~32 B |
Chain Enum
| Value | Description |
|---|
ethereum | Ethereum and EVM-compatible chains |
bitcoin | Bitcoin mainnet |
solana | Solana |
polygon | Polygon PoS |
avalanche | Avalanche C-Chain |
| Value | Description |
|---|
hex | Hex-encoded string (default) |
base64 | Base64-encoded string |
raw | Raw bytes (binary response) |
Response 201 Created
{
"data": {
"id": "key_abc123def456",
"algorithm": "ml-dsa-65",
"chain": "ethereum",
"publicKey": "0x7a2b3c4d5e6f...",
"privateKey": "0x1a2b3c4d5e6f...",
"format": "hex",
"createdAt": "2026-01-15T10:30:00Z"
},
"meta": {
"requestId": "req_xyz789",
"timestamp": "2026-01-15T10:30:00Z"
}
}
Response Fields
| Field | Type | Description |
|---|
id | string | Unique key pair identifier |
algorithm | string | Algorithm used |
chain | string | Target chain |
publicKey | string | Public key in requested format |
privateKey | string | Private key in requested format |
format | string | Encoding format |
createdAt | string | ISO 8601 timestamp |
The privateKey is returned only once in this response. QuantumSafe does not store it. If you lose the private key, you cannot recover it.
Errors
| Code | Description |
|---|
AUTH_001 | Missing API key |
AUTH_003 | Publishable key used (Secret key required) |
PQC_001 | Unsupported algorithm |
GEN_001 | Invalid algorithm/chain combination |
GEN_002 | Internal generation error |
RATE_001 | Rate limit exceeded |
Example
curl -X POST https://api.qsafe.dev/v1/keys/generate \
-H "Authorization: Bearer qs_sec_live_sk_abc123..." \
-H "Content-Type: application/json" \
-d '{
"algorithm": "ml-dsa-65",
"chain": "ethereum",
"format": "hex"
}'
