June 2022
MetaMask is deprecating two methods available in its API: eth_decrypt and eth_getEncryptionPublicKey. The methods will still exist in the API, and continue to function as they do currently: however, MetaMask no longer recommends they be used.
These methods are being deprecated because they are not as secure as they could be. There are no known vulnerabilities or exploits based on these methods; however, MetaMask is not comfortable promoting their use.
We are open to re-implementing a version that generates its keys in a more provably safe way, but decided to publish this deprecation warning first, since we could not be perfectly confident in its safety.
Since we are aware that there are third parties who currently rely on these methods for their products to work, we do not currently have plans to remove them. This will allow time for these parties to make their own adjustments based on our recommendation.
The eth_decrypt and eth_getEncryptionPublicKey methods were built in accordance with EIP-1098, which has since been abandoned.
MetaMask remains committed to, and has an interest in, providing encryption tools. As such, if an alternate encryption EIP were to be brought forward, this might be an effort that MetaMask would support and adopt.
For more information regarding these methods, see our technical documentation here, updated to reflect this deprecation, as well as this explainer video.
Keep reading our latest stories
Developers, security news, and more
