Feat/discover public encryption key (#336)

apps/idos-enclave/src/lib/enclave.js

@@ -305,6 +305,17 @@ export class Enclave {
       .filter(({ content }) => negate(() => matchCriteria(content, privateFieldFilters.omit)));
   }
 
+  async discoverUserEncryptionKey() {
+    const { password } = await this.#openDialog("discoverPublicKey");
+    const humanId = crypto.randomUUID();
+    const secretKey = await idOSKeyDerivation({ password, salt: humanId });
+
+    const keyPair = nacl.box.keyPair.fromSecretKey(secretKey);
+
+    const encryptionPublicKey = Base64Codec.encode(keyPair.publicKey);
+    return { encryptionPublicKey, humanId };
+  }
+
   async backupPasswordOrSecret() {
     this.backupButton.style.display = "block";
     this.backupButton.disabled = false;
@@ -366,6 +377,7 @@ export class Enclave {
           filterCredentialsByCountries: () => [credentials, countries],
           filterCredentials: () => [credentials, privateFieldFilters],
           backupPasswordOrSecret: () => [],
+          discoverUserEncryptionKey: () => [],
         }[requestName];
 
         if (!paramBuilder) throw new Error(`Unexpected request from parent: ${requestName}`);

apps/idos-enclave/src/pages/App.tsx

@@ -25,7 +25,13 @@ export interface Configuration {
   theme?: "light" | "dark";
 }
 
-type AllowedIntent = "passkey" | "password" | "confirm" | "auth" | "backupPasswordOrSecret";
+type AllowedIntent =
+  | "passkey"
+  | "password"
+  | "confirm"
+  | "auth"
+  | "backupPasswordOrSecret"
+  | "discoverPublicKey";
 
 export interface EventData {
   intent: AllowedIntent;
@@ -40,6 +46,7 @@ const allowedIntents: AllowedIntent[] = [
   "confirm",
   "auth",
   "backupPasswordOrSecret",
+  "discoverPublicKey",
 ];
 
 function Layout({ onHeaderClick, children }: PropsWithChildren<{ onHeaderClick?: () => void }>) {
@@ -55,7 +62,7 @@ function Layout({ onHeaderClick, children }: PropsWithChildren<{ onHeaderClick?:
 
 export function App({ store, enclave }: AppProps) {
   const [method, setMethod] = useState<Method | null>(null);
-  const [mode, setMode] = useState<Mode>("existing");
+  const [mode, setMode] = useState<Mode>(store.get("human-id") ? "existing" : "new");
   const [theme, setTheme] = useState<Theme | null>(localStorage.getItem("theme") as Theme | null);
   const [confirm, setConfirm] = useState<boolean>(false);
   const responsePort = useRef<MessagePort | null>(null);
@@ -232,7 +239,7 @@ export function App({ store, enclave }: AppProps) {
     <Layout onHeaderClick={resetMethod}>
       <div class="flex flex-col gap-4">
         <ChooseMethod setMethod={setMethod} mode={mode} />
-        {method !== "new" ? (
+        {mode !== "new" ? (
           <button
             type="button"
             onClick={() => {

packages/idos-sdk-js/src/lib/enclave-providers/iframe-enclave.ts

@@ -1,6 +1,11 @@
 import type { idOSCredential } from "@idos-network/idos-sdk-types";
 import type { BackupPasswordInfo } from "../types";
-import type { EnclaveOptions, EnclaveProvider, StoredData } from "./types";
+import type {
+  DiscoverEncryptionKeyResponse,
+  EnclaveOptions,
+  EnclaveProvider,
+  StoredData,
+} from "./types";
 
 export class IframeEnclave implements EnclaveProvider {
   options: Omit<EnclaveOptions, "container" | "url">;
@@ -213,4 +218,12 @@ export class IframeEnclave implements EnclaveProvider {
       console.error(error);
     }
   }
+
+  async discoverUserEncryptionKey(): Promise<DiscoverEncryptionKeyResponse> {
+    const response = await this.#requestToEnclave({
+      discoverUserEncryptionKey: {}, // we can pass humanId here
+    });
+    this.#hideEnclave();
+    return response as DiscoverEncryptionKeyResponse;
+  }
 }

packages/idos-sdk-js/src/lib/enclave-providers/metamask-snap-enclave.ts

@@ -1,5 +1,5 @@
 import type { idOSCredential } from "@idos-network/idos-sdk-types";
-import type { EnclaveProvider, StoredData } from "./types";
+import type { DiscoverEncryptionKeyResponse, EnclaveProvider, StoredData } from "./types";
 
 export class MetaMaskSnapEnclave implements EnclaveProvider {
   // biome-ignore lint/suspicious/noExplicitAny: Types will be added later
@@ -19,6 +19,10 @@ export class MetaMaskSnapEnclave implements EnclaveProvider {
     throw new Error("Method not implemented.");
   }
 
+  async discoverUserEncryptionKey(): Promise<DiscoverEncryptionKeyResponse> {
+    throw new Error("Method not implemented.");
+  }
+
   filterCredentialsByCountries(
     credentials: Record<string, string>[],
     countries: string[],

packages/idos-sdk-js/src/lib/enclave-providers/types.ts

@@ -8,6 +8,11 @@ export interface StoredData {
   signerPublicKey?: string;
 }
 
+export interface DiscoverEncryptionKeyResponse {
+  humanId: string;
+  encryptionPublicKey: string;
+}
+
 export interface EnclaveOptions {
   container: string;
   theme?: "light" | "dark";
@@ -31,7 +36,7 @@ export interface EnclaveProvider {
   updateStore(key: string, value: unknown): Promise<void>;
   encrypt(message: Uint8Array, receiverPublicKey?: Uint8Array): Promise<Uint8Array>;
   decrypt(message: Uint8Array, senderPublicKey?: Uint8Array): Promise<Uint8Array>;
-
+  discoverUserEncryptionKey(): Promise<DiscoverEncryptionKeyResponse>;
   filterCredentialsByCountries(
     credentials: Record<string, string>[],
     countries: string[],

packages/idos-sdk-js/src/lib/enclave.ts

@@ -95,4 +95,8 @@ export class Enclave {
 
     return this.provider.backupPasswordOrSecret(callbackFn);
   }
+
+  async discoverUserEncryptionKey() {
+    return this.provider.discoverUserEncryptionKey();
+  }
 }

packages/idos-sdk-js/src/lib/idos.ts

@@ -240,4 +240,8 @@ export class idOS {
       await this.updateAttributesIfNeeded(filteredUserAttributes, litSavableAttributes);
     });
   }
+
+  async discoverEncryptionKey() {
+    return this.enclave.discoverUserEncryptionKey();
+  }
 }