## What Is KeyClient?
[**KeyClient**](https://keyclient.app) is a lightweight web app for generating, storing, and using public-private keypairs directly in your browser.
On account creation, KeyClient automatically generates a keypair and uses your **private key** to sign a registration message with the [**KeyServer**](https://34a.xyz/posts/keyserver).
All keys are securely stored in your browser’s local database — they never leave your device.
Once your keypair is created, you can use it to sign and authorize actions.
Currently, only **login actions** are implemented, but more types of signed actions are coming soon.
---
## How a Signed Login Works
When you click **Login**, KeyClient signs a message similar to this:
```json
{
"action": "login",
"recipient_url": "https://example.com",
"nonce": 12838589489,
"clientIp": "101.10.10.101",
"publicKey": "03f1518a9bf2bdc909e940138dc85b34d2a5ec2ac5ea9a3f4178f947d529c67489"
}
```
The signed message is sent to the target website (e.g., `https://example.com`) for validation.
If validation succeeds, that website will generate a **Magic Link** for you.
Clicking the link automatically logs you in — no passwords required.
---
## Protecting Your Private Key
When you first create an account, your private key is stored **unencrypted** in your browser.
You should **set a password immediately** to encrypt it — otherwise, malicious JavaScript or browser extensions could access it.
Before encrypting your keys, we strongly recommend creating a **mnemonic backup** — a 12-word random seed used for account recovery.
This seed allows you to regenerate your keypair if your local storage is lost.
> ⚠️ **Important:** There is no password reset or recovery option.
> If your keys are encrypted and you forget your password, you will need to create a new account.
---
## How the Backup Works
The mnemonic seed generates a **secondary keypair**, which you use to sign a message with your **original private key**.
That signed message instructs the KeyServer to add your new public key to your **identity keychain**.
After generating your backup, use it to log in on at least one other device.
Each time you recover or add a device using the mnemonic keypair, a **new random keypair** is generated for that device.
You then use the seed-derived key (already on your keychain) to sign an **“add key”** action, linking the new keypair to your identity.
---
## Recommended Workflow
1. **Account Creation** → Generate keypair on KeyClient.
2. **Create Backup** → Store your 12-word mnemonic safely.
3. **Encrypt Keys** → Set a password to secure your private key.
4. **Add 2nd Device** → Test recovery and multi-device setup.
5. **Login to External Sites** → Sign messages for authentication.
---
## Signing Login Requests
Websites that support KeyClient login can redirect users to the KeyClient **Connect** page with their app ID pre-filled.
Example:
[Laravel Demo Login](https://keyclient.app/connect/login/d6c998c8-e5ba-4b1a-bd62-5150a556df79)
If you are already logged into KeyClient:
- Click **Sign & Request Magic Link**.
- If your keys are encrypted, you’ll be prompted for your password.
- The signed message is sent to the external site.
- Upon success, you’ll see an **Open Magic Link** button — click it to be logged in automatically.
---
## Demo Websites
You can see KeyClient in action on the following demos:
- 🔑 [**WordPress Demo**](https://wordpress.34a.xyz) — via the [Crypto Auth Plugin](https://34a.xyz/posts/wordpress-plugin)
- 🧩 [**Laravel Demo**](https://keyclient.app/connect/login/d6c998c8-e5ba-4b1a-bd62-5150a556df79) — this site built with [Published CMS](https://34a.xyz/posts/published-cms)
After logging in on the Laravel Demo, you’ll gain access to our [**Discussion Forums**](https://34a.xyz/forums) hosted at [34a.xyz](https://34a.xyz).
---
## Further Reading
- **KeyClient App:** [https://keyclient.app](https://keyclient.app)
- **KeyServer Info:** [https://34a.xyz/posts/keyserver](https://34a.xyz/posts/keyserver)
- **WordPress Plugin:** [https://34a.xyz/posts/wordpress-plugin](https://34a.xyz/posts/wordpress-plugin)
- **Published CMS Overview:** [https://34a.xyz/posts/published-cms](https://34a.xyz/posts/published-cms)
- **Discussion Forums:** [https://34a.xyz/forums](https://34a.xyz/forums)
[**KeyClient**](https://keyclient.app) is a lightweight web app for generating, storing, and using public-private keypairs directly in your browser.
On account creation, KeyClient automatically generates a keypair and uses your **private key** to sign a registration message with the [**KeyServer**](https://34a.xyz/posts/keyserver).
All keys are securely stored in your browser’s local database — they never leave your device.
Once your keypair is created, you can use it to sign and authorize actions.
Currently, only **login actions** are implemented, but more types of signed actions are coming soon.
---
## How a Signed Login Works
When you click **Login**, KeyClient signs a message similar to this:
```json
{
"action": "login",
"recipient_url": "https://example.com",
"nonce": 12838589489,
"clientIp": "101.10.10.101",
"publicKey": "03f1518a9bf2bdc909e940138dc85b34d2a5ec2ac5ea9a3f4178f947d529c67489"
}
```
The signed message is sent to the target website (e.g., `https://example.com`) for validation.
If validation succeeds, that website will generate a **Magic Link** for you.
Clicking the link automatically logs you in — no passwords required.
---
## Protecting Your Private Key
When you first create an account, your private key is stored **unencrypted** in your browser.
You should **set a password immediately** to encrypt it — otherwise, malicious JavaScript or browser extensions could access it.
Before encrypting your keys, we strongly recommend creating a **mnemonic backup** — a 12-word random seed used for account recovery.
This seed allows you to regenerate your keypair if your local storage is lost.
> ⚠️ **Important:** There is no password reset or recovery option.
> If your keys are encrypted and you forget your password, you will need to create a new account.
---
## How the Backup Works
The mnemonic seed generates a **secondary keypair**, which you use to sign a message with your **original private key**.
That signed message instructs the KeyServer to add your new public key to your **identity keychain**.
After generating your backup, use it to log in on at least one other device.
Each time you recover or add a device using the mnemonic keypair, a **new random keypair** is generated for that device.
You then use the seed-derived key (already on your keychain) to sign an **“add key”** action, linking the new keypair to your identity.
---
## Recommended Workflow
1. **Account Creation** → Generate keypair on KeyClient.
2. **Create Backup** → Store your 12-word mnemonic safely.
3. **Encrypt Keys** → Set a password to secure your private key.
4. **Add 2nd Device** → Test recovery and multi-device setup.
5. **Login to External Sites** → Sign messages for authentication.
---
## Signing Login Requests
Websites that support KeyClient login can redirect users to the KeyClient **Connect** page with their app ID pre-filled.
Example:
[Laravel Demo Login](https://keyclient.app/connect/login/d6c998c8-e5ba-4b1a-bd62-5150a556df79)
If you are already logged into KeyClient:
- Click **Sign & Request Magic Link**.
- If your keys are encrypted, you’ll be prompted for your password.
- The signed message is sent to the external site.
- Upon success, you’ll see an **Open Magic Link** button — click it to be logged in automatically.
---
## Demo Websites
You can see KeyClient in action on the following demos:
- 🔑 [**WordPress Demo**](https://wordpress.34a.xyz) — via the [Crypto Auth Plugin](https://34a.xyz/posts/wordpress-plugin)
- 🧩 [**Laravel Demo**](https://keyclient.app/connect/login/d6c998c8-e5ba-4b1a-bd62-5150a556df79) — this site built with [Published CMS](https://34a.xyz/posts/published-cms)
After logging in on the Laravel Demo, you’ll gain access to our [**Discussion Forums**](https://34a.xyz/forums) hosted at [34a.xyz](https://34a.xyz).
---
## Further Reading
- **KeyClient App:** [https://keyclient.app](https://keyclient.app)
- **KeyServer Info:** [https://34a.xyz/posts/keyserver](https://34a.xyz/posts/keyserver)
- **WordPress Plugin:** [https://34a.xyz/posts/wordpress-plugin](https://34a.xyz/posts/wordpress-plugin)
- **Published CMS Overview:** [https://34a.xyz/posts/published-cms](https://34a.xyz/posts/published-cms)
- **Discussion Forums:** [https://34a.xyz/forums](https://34a.xyz/forums)