If you are here to see how auth context is consumed here, jump to Decrypt.

​
Prerequisites

  • authContext is required. This is the result from the authentication flow.

​
Installation

npm install @lit-protocol/access-control-conditions@beta

​
Example Walkthrough

πŸ” Encrypt & Decrypt Flow Alice can encrypt without authentication, Bob must authenticate to decrypt.
  • Alice: Encrypts β†’ No AuthContext needed
  • Bob: Decrypts β†’ Requires AuthContext

​
πŸ‘©πŸΌ Alice

Alice encrypts data without needing authentication

​
Create Alice’s Account

Generate Alice’s account using a random private key. Alice only needs an account for encryption - no authentication required. 
import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";

// Alice's account (sender)
const AliceAccount = privateKeyToAccount(generatePrivateKey());
console.log("πŸ™‹β€β™€οΈ AliceAccount:", AliceAccount.address);

​
πŸ§”πŸ»β€β™‚οΈ Bob

Bob needs authentication to decrypt data

​
Create Bob’s Account

Generate Bob’s account using a random private key. Bob will need this account for authentication to decrypt data. 
import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";

// Bob's account (recipient)
const BobsAccount = privateKeyToAccount(generatePrivateKey());
console.log("πŸ§”πŸ»β€β™‚οΈ BobsAccount:", BobsAccount.address);

​
πŸ‘©πŸΌ Alice Defines Access Rules

Alice decides who can decrypt her encrypted data
See SDK Reference for more details on the Access Control Conditions Builder. Access Control Conditions Builder Reference

​
Build Access Control Conditions

Alice defines who can decrypt the encrypted data using official access control conditions builder. These conditions reference Bob’s wallet address and will be checked during decryption. 
import { createAccBuilder } from "@lit-protocol/access-control-conditions";

// Build access control conditions
const builder = createAccBuilder();

const accs = builder
  .requireWalletOwnership(BobsAccount.address)
  .on("ethereum")
  .and()
  .requireEthBalance("0", "=")
  .on("yellowstone")
  .build();

​
πŸ§”πŸ»β€β™‚οΈ Bob

​
Prepares for Decryption

Bob creates authentication context to prove he meets access conditions 
// Bob needs AuthContext for decryption
const authContext = await authManager.createEoaAuthContext({
  config: {
    account: BobsAccount,
  },
  authConfig: {
    domain: "localhost",
    statement: "Decrypt test data",
    expiration: new Date(Date.now() + 1000 * 60 * 60 * 24).toISOString(),
    resources: [
      ["access-control-condition-decryption", "*"],
      ["lit-action-execution", "*"],
    ],
  },
  litClient,
});

​
πŸ‘©πŸΌ Alice

​
Prepares Data

Alice configures and encrypts the data with access control conditions 
// Alice encrypts data (no AuthContext needed)
const encryptedData = await litClient.encrypt({
  dataToEncrypt: "Hello, my love! ❀️",
  unifiedAccessControlConditions: accs,
  chain: "ethereum",
  // metadata: { dataType: 'string' }, // auto-inferred
});

​
πŸ§”πŸ»β€β™‚οΈ Bob

​
Decrypts Data

Bob uses his authentication context to decrypt Alice’s data 
// Bob decrypts data (requires AuthContext)
const decryptedResponse = await litClient.decrypt({
  data: encryptedData,
  unifiedAccessControlConditions: accs,
  authContext: bobAuthContext,
  chain: "ethereum",
});