# Class BSV::Wallet::ProtoWallet::KeyDeriver <a id="class-BSV-Wallet-ProtoWallet-KeyDeriver"></a>

**Inherits:** `Object`
**Includes:** `BSV::Wallet::ProtoWallet::Validators`

BRC-42/43 key derivation.

Derives child keys from a root private key using BKDS (BSV Key Derivation
Scheme). Supports protocol IDs, key IDs, counterparties, and security levels
as defined in BRC-43.

## Constants
### `ANYONE_BN` <a id="constant-ANYONE_BN"></a> <a id="ANYONE_BN-constant"></a>
Not documented.

## Attributes
### `root_key` [R] <a id="attribute-i-root_key"></a> <a id="root_key-instance_method"></a>
Returns the value of attribute root_key.

## Public Instance Methods
### `derive_private_key(protocol_id, key_id, counterparty)` <a id="method-i-derive_private_key"></a> <a id="derive_private_key-instance_method"></a>
Derives a private key using BRC-42 key derivation.
- **@param** `protocol_id` [Array] [security_level, protocol_name]
- **@param** `key_id` [String] key identifier
- **@param** `counterparty` [String] public key hex, 'self', or 'anyone'
- **@return** [BSV::Primitives::PrivateKey]

### `derive_public_key(protocol_id, key_id, counterparty, for_self: = false)` <a id="method-i-derive_public_key"></a> <a id="derive_public_key-instance_method"></a>
Derives a public key using BRC-42 key derivation.
- **@param** `protocol_id` [Array] [security_level, protocol_name]
- **@param** `key_id` [String] key identifier
- **@param** `counterparty` [String] public key hex, 'self', or 'anyone'
- **@param** `for_self` [Boolean] derive from own identity rather than counterparty's
- **@return** [BSV::Primitives::PublicKey]

### `derive_symmetric_key(protocol_id, key_id, counterparty)` <a id="method-i-derive_symmetric_key"></a> <a id="derive_symmetric_key-instance_method"></a>
Derives a symmetric key for encryption/HMAC operations.

Uses ECDH between the derived private and public child keys to produce a
shared secret, then uses the X-coordinate as the key.
- **@param** `protocol_id` [Array] [security_level, protocol_name]
- **@param** `key_id` [String] key identifier
- **@param** `counterparty` [String] public key hex, 'self', or 'anyone'
- **@return** [BSV::Primitives::SymmetricKey]

### `identity_key()` <a id="method-i-identity_key"></a> <a id="identity_key-instance_method"></a>
Returns the identity public key as a hex string.
- **@return** [String] 66-character compressed public key hex

### `identity_key_bytes()` <a id="method-i-identity_key_bytes"></a> <a id="identity_key_bytes-instance_method"></a>
Returns the identity public key as a 33-byte compressed binary string.

Pubkeys are hex-canonical in this SDK (see ADR-001 — the documented exception
to binary-internal), so {#identity_key} (hex) is the default. This binary
accessor exists for the rare sites that need raw bytes (e.g. feeding
+BSV::Primitives::Hash#hash160+) without round-tripping hex → binary at each
call.
- **@return** [String] 33-byte compressed public key binary

### `initialize(root_key)` <a id="method-i-initialize"></a> <a id="initialize-instance_method"></a>
- **@param** `root_key` [BSV::Primitives::PrivateKey, String] a private key or 'anyone'
- **@return** [KeyDeriver] a new instance of KeyDeriver

### `reveal_counterparty_secret(counterparty)` <a id="method-i-reveal_counterparty_secret"></a> <a id="reveal_counterparty_secret-instance_method"></a>
Reveals the ECDH shared secret between this wallet and a counterparty. Used
for BRC-69 Method 1 (counterparty key linkage).
- **@param** `counterparty` [String] public key hex (not 'self')
- **@raise** [InvalidParameterError]
- **@return** [String] compressed shared secret bytes

### `reveal_specific_secret(counterparty, protocol_id, key_id)` <a id="method-i-reveal_specific_secret"></a> <a id="reveal_specific_secret-instance_method"></a>
Reveals the specific key offset for a particular derived key. Used for BRC-69
Method 2 (specific key linkage).
- **@param** `counterparty` [String] public key hex
- **@param** `protocol_id` [Array] [security_level, protocol_name]
- **@param** `key_id` [String] key identifier
- **@return** [String] HMAC-SHA256 bytes (the key offset)
