murk_cli/
recovery.rs

1use bech32::{Bech32, Hrp};
2
3/// Errors that can occur during recovery phrase operations.
4#[derive(Debug)]
5pub enum RecoveryError {
6    Bip39(String),
7    InvalidKey(String),
8}
9
10impl std::fmt::Display for RecoveryError {
11    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
12        match self {
13            RecoveryError::Bip39(msg) => write!(f, "BIP39 error: {msg}"),
14            RecoveryError::InvalidKey(msg) => write!(f, "invalid key: {msg}"),
15        }
16    }
17}
18
19/// The Bech32 human-readable prefix for age secret keys.
20/// age uses lowercase internally, then uppercases the full string for display.
21const AGE_SECRET_KEY_HRP: Hrp = Hrp::parse_unchecked("age-secret-key-");
22
23/// Generate a new age keypair and return the BIP39 24-word mnemonic,
24/// secret key string, and public key string.
25///
26/// 24 BIP39 words encode 256 bits (32 bytes) — exactly the size of an
27/// age x25519 secret key. The mnemonic is a direct encoding of the key
28/// bytes with no derivation step. Same words, same key, always.
29pub fn generate() -> Result<(String, String, String), RecoveryError> {
30    let entropy: [u8; 32] = rand::random();
31    let mnemonic =
32        bip39::Mnemonic::from_entropy(&entropy).map_err(|e| RecoveryError::Bip39(e.to_string()))?;
33
34    let secret_key = bytes_to_age_key(&entropy)?;
35
36    let identity = crate::crypto::parse_identity(&secret_key)
37        .map_err(|e| RecoveryError::InvalidKey(e.to_string()))?;
38    let pubkey = identity.to_public().to_string();
39
40    Ok((mnemonic.to_string(), secret_key, pubkey))
41}
42
43/// Re-derive the BIP39 24-word mnemonic from an existing MURK_KEY.
44/// Decodes the Bech32 key back to raw bytes, then encodes as a mnemonic.
45pub fn phrase_from_key(secret_key: &str) -> Result<String, RecoveryError> {
46    // age keys are uppercase; bech32 decoding requires lowercase.
47    let lowercase = secret_key.to_lowercase();
48    let (_, key_bytes) =
49        bech32::decode(&lowercase).map_err(|e| RecoveryError::InvalidKey(e.to_string()))?;
50    let mnemonic = bip39::Mnemonic::from_entropy(&key_bytes)
51        .map_err(|e| RecoveryError::Bip39(e.to_string()))?;
52    Ok(mnemonic.to_string())
53}
54
55/// Recover an age secret key from a BIP39 24-word mnemonic phrase.
56/// Returns the same MURK_KEY that was originally generated.
57pub fn recover(phrase: &str) -> Result<String, RecoveryError> {
58    let mnemonic = bip39::Mnemonic::parse_in_normalized(bip39::Language::English, phrase)
59        .map_err(|e| RecoveryError::Bip39(e.to_string()))?;
60
61    let entropy = mnemonic.to_entropy();
62    bytes_to_age_key(&entropy)
63}
64
65/// Bech32-encode raw key bytes as an AGE-SECRET-KEY-1... string.
66/// This matches exactly how the age crate encodes keys internally.
67fn bytes_to_age_key(key_bytes: &[u8]) -> Result<String, RecoveryError> {
68    let encoded = bech32::encode::<Bech32>(AGE_SECRET_KEY_HRP, key_bytes)
69        .map_err(|e| RecoveryError::InvalidKey(e.to_string()))?;
70
71    let key_str = encoded.to_uppercase();
72
73    // Validate by round-tripping through the age crate.
74    crate::crypto::parse_identity(&key_str)
75        .map_err(|e| RecoveryError::InvalidKey(e.to_string()))?;
76
77    Ok(key_str)
78}
79
80#[cfg(test)]
81mod tests {
82    use super::*;
83
84    #[test]
85    fn generate_produces_valid_mnemonic_and_key() {
86        let (phrase, secret_key, pubkey) = generate().unwrap();
87
88        assert_eq!(phrase.split_whitespace().count(), 24);
89        assert!(secret_key.starts_with("AGE-SECRET-KEY-1"));
90        assert!(pubkey.starts_with("age1"));
91    }
92
93    #[test]
94    fn recover_roundtrip() {
95        let (phrase, original_key, _) = generate().unwrap();
96        let recovered_key = recover(&phrase).unwrap();
97        assert_eq!(original_key, recovered_key);
98    }
99
100    #[test]
101    fn same_phrase_same_key() {
102        let (phrase, key1, _) = generate().unwrap();
103        let key2 = recover(&phrase).unwrap();
104        let key3 = recover(&phrase).unwrap();
105        assert_eq!(key1, key2);
106        assert_eq!(key2, key3);
107    }
108
109    #[test]
110    fn different_phrases_different_keys() {
111        let (_, key1, _) = generate().unwrap();
112        let (_, key2, _) = generate().unwrap();
113        assert_ne!(key1, key2);
114    }
115
116    #[test]
117    fn phrase_from_key_roundtrip() {
118        let (original_phrase, secret_key, _) = generate().unwrap();
119        let recovered_phrase = phrase_from_key(&secret_key).unwrap();
120        assert_eq!(original_phrase, recovered_phrase);
121    }
122
123    #[test]
124    fn invalid_phrase_fails() {
125        assert!(recover("amet sed ut sit dolor et magna vita ipsum quasi nemo enim ad ex in id est non vel rem sint cum").is_err());
126    }
127
128    // ── New edge-case tests ──
129
130    #[test]
131    fn recover_wrong_word_count() {
132        // 12 valid BIP39 words instead of 24 — should fail.
133        assert!(recover("abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about").is_err());
134    }
135
136    #[test]
137    fn recover_gibberish_words() {
138        // 24 nonsense words — should fail.
139        let words = "zzz yyy xxx www vvv uuu ttt sss rrr qqq ppp ooo nnn mmm lll kkk jjj iii hhh ggg fff eee ddd ccc";
140        assert!(recover(words).is_err());
141    }
142}
murk_cli/recovery.rs

murk_cli/
recovery.rs
