Skip to content

Keyring Controller: Add method to export vault key #5984

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

Keyring Controller: Add method to export vault key #5984

wants to merge 6 commits into from
+102 −9

Conversation

matthiasgeihs
Copy link
Contributor

@matthiasgeihs matthiasgeihs commented Jun 14, 2025
edited
Loading

Explanation

Keyring Controller:

  • Add method controller.exportEncryptionKey to export vault key.
  • Change method controller.submitEncryptionKey to have an optional salt.
    • If the salt is provided, the controller will check that it is consistent with the locally stored salt.
    • If the salt is not provided, this check is omitted.
    • Before, the salt was mandatory, but it might not be required in the case of unlocking the vault during vault recovery.

This feature is relevant for resolving an audit finding with the seedless onboarding controller.

References

Previously, seedless onboarding was backing up the keyring password to allow for vault recovery after a password change. Now we backup the keyring encryption key.

See the ADR for more details.
This is part of the implementation of option 6.

Changelog

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed, highlighting breaking changes as necessary
  • I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

@matthiasgeihs matthiasgeihs force-pushed the mg/keyring/export-key branch from ab31883 to 721ff95 Compare June 17, 2025 15:23
@matthiasgeihs matthiasgeihs changed the title Keyring Controller: Add method to export encrypted vault key Keyring Controller: Add method to export vault key Jun 17, 2025
@matthiasgeihs matthiasgeihs force-pushed the mg/keyring/export-key branch from 408fe42 to 97f3959 Compare June 17, 2025 15:38
@matthiasgeihs
add test cases
ac29ffb 
checking for edge case where encryption key is not set after calling
`changePassword` with same password
@matthiasgeihs
fix export key
26baba9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
team-web3auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matthiasgeihs @chaitanyapotti