# Key Generation
Wepin allows for the creation of wallets based on the Web2 signup and login experience through the authentication providers. After signing up through the authentication provider, a token for key management is exchanged with Amazon Web Services (AWS), and then a request for key generation is made to the Wepin server. At this point, the PIN number set is crucial information used for encrypting the private key managed in the wallet. (The PIN number is encrypted and then sent to the Wepin server, so it is not exposed.) When the Wepin server receives a request for wallet creation, it requests AWS KMS to generate a random value, and with this random value, the user's private key is generated. Since the generated private key is confidential information, it is encrypted based on the user's PIN and then securely stored in the cloud in an encrypted state.
The operations performed during the key generation process are executed within a Trusted Execution Environment (TEE), making them inaccessible to the Wepin server. The entire process of generating and deriving keys using a random value takes place within the TEE.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.wepin.io/en/wepin/architecture/keygen.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
