feat(issuer-sdk): use ephemeral encryption private key

idos-network · Dec 10, 2024 · 86d950c · 86d950c
1 parent bbff067
commit 86d950c
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 12 deletions.
diff --git a/packages/issuer-sdk-js/src/create-issuer-config.test.ts b/packages/issuer-sdk-js/src/create-issuer-config.test.ts
@@ -39,12 +39,10 @@ describe("createIssuerConfig", () => {
 
   it("should correctly initialize and return config", async () => {
     const signingKeyPair = nacl.sign.keyPair();
-    const encryptionKeyPair = nacl.box.keyPair();
 
     const params = {
       nodeUrl: "http://mock-node-url",
       signingKeyPair,
-      encryptionKeyPair,
     };
 
     const result = await createIssuerConfig(params);
@@ -69,7 +67,6 @@ describe("createIssuerConfig", () => {
       dbid: "mock-dbid",
       kwilClient: expect.any(Object),
       kwilSigner: expect.any(KwilSigner),
-      encryptionKeyPair: expect.any(Object),
       signingKeyPair: expect.any(Object),
     });
   });

diff --git a/packages/issuer-sdk-js/src/create-issuer-config.ts b/packages/issuer-sdk-js/src/create-issuer-config.ts
@@ -49,15 +49,13 @@ export interface IssuerConfig {
   kwilClient: NodeKwil;
   kwilSigner: KwilSigner;
   signingKeyPair: nacl.SignKeyPair;
-  encryptionKeyPair: nacl.SignKeyPair;
 }
 
 type CreateIssuerConfigParams = {
   chainId?: string;
   dbId?: string;
   nodeUrl: string;
   signingKeyPair: nacl.SignKeyPair;
-  encryptionKeyPair: nacl.BoxKeyPair;
 };
 
 export async function createIssuerConfig(params: CreateIssuerConfigParams): Promise<IssuerConfig> {
@@ -83,6 +81,5 @@ export async function createIssuerConfig(params: CreateIssuerConfigParams): Prom
     }),
     kwilSigner: createKwilSigner(params.signingKeyPair),
     signingKeyPair: params.signingKeyPair,
-    encryptionKeyPair: params.encryptionKeyPair,
   };
 }
diff --git a/packages/issuer-sdk-js/src/credentials.ts b/packages/issuer-sdk-js/src/credentials.ts
@@ -44,12 +44,9 @@ const buildInsertableIDOSCredential = (
     receiverEncryptionPublicKey: Uint8Array;
   },
 ): InsertableIDOSCredential => {
+  const ephemeralKeyPair = nacl.box.keyPair();
   const content = Base64Codec.decode(
-    encryptContent(
-      plaintextContent,
-      receiverEncryptionPublicKey,
-      issuerConfig.encryptionKeyPair.secretKey,
-    ),
+    encryptContent(plaintextContent, receiverEncryptionPublicKey, ephemeralKeyPair.secretKey),
   );
 
   const { public_notes, public_notes_signature } = buildUpdateablePublicNotes(issuerConfig, {
@@ -71,7 +68,7 @@ const buildInsertableIDOSCredential = (
     ),
 
     issuer_auth_public_key: HexCodec.encode(issuerConfig.signingKeyPair.publicKey, true),
-    encryption_public_key: Base64Codec.encode(issuerConfig.encryptionKeyPair.publicKey),
+    encryption_public_key: Base64Codec.encode(ephemeralKeyPair.publicKey),
   };
 };