pub trait SparkSignerEcies {
// Required methods
fn encrypt_secret_key_with_ecies(
&self,
receiver_public_key: &PublicKey,
pubkey_for_sk_to_encrypt: &PublicKey,
) -> Result<Vec<u8>, SparkSdkError>;
fn decrypt_secret_key_with_ecies<T>(
&self,
ciphertext: T,
network: Network,
) -> Result<SecretKey, SparkSdkError>
where T: AsRef<[u8]>;
}Expand description
Trait for ECIES encryption operations in the Spark wallet.
This trait provides methods for encrypting and decrypting secret keys using the ECIES (Elliptic Curve Integrated Encryption Scheme) algorithm. ECIES enables secure key exchange between users in operations like transfers, where the sender needs to securely transmit leaf private keys to the receiver.
The implementation follows standard ECIES practices:
- Generates an ephemeral key pair
- Derives a shared secret using ECDH
- Uses the shared secret to encrypt/decrypt the data
- Provides authenticated encryption to prevent tampering
Required Methods§
Sourcefn encrypt_secret_key_with_ecies(
&self,
receiver_public_key: &PublicKey,
pubkey_for_sk_to_encrypt: &PublicKey,
) -> Result<Vec<u8>, SparkSdkError>
fn encrypt_secret_key_with_ecies( &self, receiver_public_key: &PublicKey, pubkey_for_sk_to_encrypt: &PublicKey, ) -> Result<Vec<u8>, SparkSdkError>
Encrypts a secret key using the ECIES algorithm.
This method encrypts a secret key so that only the owner of the corresponding
private key for receiver_public_key can decrypt it. This is typically used
during transfers to securely send leaf private keys to another user.
§Arguments
receiver_public_key- The public key of the recipient who will be able to decrypt the secret key. This is typically the identity public key of the recipient’s wallet.pubkey_for_sk_to_encrypt- The public key corresponding to the secret key that will be encrypted. The method will find the secret key in the wallet based on this public key.
§Returns
Ok(Vec<u8>)- The encrypted secret key as a vector of bytesErr(SparkSdkError)- If encryption fails, typically because the secret key corresponding topubkey_for_sk_to_encryptcannot be found
§Security Considerations
The encrypted data contains all necessary information for decryption by the intended recipient, including the ephemeral public key. No pre-shared secrets are required beyond the recipient’s public key.
§Example
// Encrypt a leaf secret key for transfer to another user
let encrypted_key = signer.encrypt_secret_key_with_ecies(
&recipient_pubkey, // The recipient's identity public key
&leaf_pubkey // The public key for the leaf secret key to encrypt
)?;
// The encrypted_key can now be safely transmitted to the recipientSourcefn decrypt_secret_key_with_ecies<T>(
&self,
ciphertext: T,
network: Network,
) -> Result<SecretKey, SparkSdkError>
fn decrypt_secret_key_with_ecies<T>( &self, ciphertext: T, network: Network, ) -> Result<SecretKey, SparkSdkError>
Decrypts a secret key using the ECIES algorithm.
This method decrypts a secret key that was encrypted with the wallet’s identity public key. This is typically used during transfer receipt to obtain leaf private keys sent by another user.
§Arguments
ciphertext- The encrypted secret key data. Can be any type that implementsAsRef<[u8]>, such asVec<u8>or&[u8].network- The Bitcoin network to use, which affects the derivation path for the identity key used in decryption.
§Returns
Ok(SecretKey)- The decrypted secret keyErr(SparkSdkError)- If decryption fails, typically due to invalid ciphertext or if the wallet doesn’t have the correct identity private key
§Security Considerations
This method uses the wallet’s identity private key for decryption. The implementation must ensure that this key is securely managed and that decrypted secret keys are properly protected after decryption.
§Example
// Decrypt a secret key received from another user
let decrypted_secret_key = signer.decrypt_secret_key_with_ecies(
encrypted_key,
Network::Bitcoin
)?;
// The decrypted_secret_key can now be used (typically inserted into the wallet)Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.