Skip to main content

miden_client/keystore/
mod.rs

1use alloc::boxed::Box;
2use alloc::collections::BTreeSet;
3use alloc::string::String;
4use alloc::vec::Vec;
5
6use miden_protocol::account::AccountId;
7use miden_protocol::account::auth::{AuthSecretKey, PublicKeyCommitment};
8use miden_tx::auth::TransactionAuthenticator;
9use thiserror::Error;
10
11#[derive(Debug, Error)]
12pub enum KeyStoreError {
13    #[error("storage error: {0}")]
14    StorageError(String),
15    #[error("decoding error: {0}")]
16    DecodingError(String),
17}
18
19/// A trait for managing cryptographic keys and their association with accounts.
20///
21/// This trait extends [`TransactionAuthenticator`] to provide a unified interface
22/// for key storage, retrieval, and account-key mapping.
23#[cfg_attr(not(target_arch = "wasm32"), async_trait::async_trait)]
24#[cfg_attr(target_arch = "wasm32", async_trait::async_trait(?Send))]
25pub trait Keystore: TransactionAuthenticator {
26    /// Adds a secret key to the keystore and associates it with the given account.
27    ///
28    /// A key can be associated with multiple accounts by calling this method multiple times.
29    async fn add_key(
30        &self,
31        key: &AuthSecretKey,
32        account_id: AccountId,
33    ) -> Result<(), KeyStoreError>;
34
35    /// Removes a key from the keystore by its public key commitment.
36    ///
37    /// This also removes all account associations for this key.
38    async fn remove_key(&self, pub_key: PublicKeyCommitment) -> Result<(), KeyStoreError>;
39
40    /// Retrieves a secret key by its public key commitment.
41    ///
42    /// Returns `Ok(None)` if the key is not found.
43    async fn get_key(
44        &self,
45        pub_key: PublicKeyCommitment,
46    ) -> Result<Option<AuthSecretKey>, KeyStoreError>;
47
48    /// Returns all public key commitments associated with the given account ID.
49    ///
50    /// Returns an error if the account is not found.
51    async fn get_account_key_commitments(
52        &self,
53        account_id: &AccountId,
54    ) -> Result<BTreeSet<PublicKeyCommitment>, KeyStoreError>;
55
56    /// Returns the account ID associated with a given public key commitment.
57    ///
58    /// Returns `Ok(None)` if no account is found for the commitment.
59    async fn get_account_id_by_key_commitment(
60        &self,
61        pub_key_commitment: PublicKeyCommitment,
62    ) -> Result<Option<AccountId>, KeyStoreError>;
63
64    /// Returns all secret keys associated with the given account ID.
65    ///
66    /// This is a convenience method that calls `get_account_key_commitments`
67    /// followed by `get_key` for each commitment.
68    ///
69    /// Returns an empty vector if the account has no associated keys.
70    /// Returns an error if any key lookup fails.
71    async fn get_keys_for_account(
72        &self,
73        account_id: &AccountId,
74    ) -> Result<Vec<AuthSecretKey>, KeyStoreError> {
75        let commitments = self.get_account_key_commitments(account_id).await?;
76        let mut keys = Vec::with_capacity(commitments.len());
77        for commitment in commitments {
78            if let Some(key) = self.get_key(commitment).await? {
79                keys.push(key);
80            }
81        }
82        Ok(keys)
83    }
84}
85
86#[cfg(feature = "std")]
87mod fs_keystore;
88#[cfg(feature = "std")]
89pub use fs_keystore::FilesystemKeyStore;