fix: use Connect encryption key to encrypt app identities#275
Merged
Conversation
pcarranzav
force-pushed
the
pcv/change-app-identity-encryption
branch
3 times, most recently
from
4e5b447 to
7aa132c
Compare
pcarranzav
force-pushed
the
pcv/change-app-identity-encryption
branch
3 times, most recently
from
e608b19 to
a2510cf
Compare
pcarranzav
force-pushed
the
pcv/change-app-identity-encryption
branch
from
a2510cf to
e67272d
Compare
pcarranzav
force-pushed
the
pcv/fix-connect-keys
branch
from
59de1c4 to
c090340
Compare
pcarranzav
force-pushed
the
pcv/change-app-identity-encryption
branch
from
e67272d to
bd75bae
Compare
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR simplifies the Connect flow by removing the unnecessary wallet signature-based encryption for app identities and instead uses the Connect encryption key directly. This change eliminates the nonce field from app identity structures and updates the encryption/decryption methods to use a more straightforward approach.
- Removes
noncefield from all app identity schemas and database models - Replaces wallet signature-based encryption with direct Connect encryption key usage
- Simplifies encryption/decryption functions by removing signer dependency
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/hypergraph/src/messages/types.ts | Removes nonce field from RequestConnectCreateAppIdentity schema |
| packages/hypergraph/src/connect/types.ts | Removes nonce field from AppIdentityResponse schema |
| packages/hypergraph/src/connect/identity-encryption.ts | Refactors encryption/decryption to use Connect keys instead of wallet signatures |
| apps/server/src/index.ts | Updates API endpoint to remove nonce handling |
| apps/server/src/handlers/create-app-identity.ts | Removes nonce parameter from handler function |
| apps/server/prisma/schema.prisma | Removes nonce field and unique constraint from AppIdentity model |
| apps/server/prisma/migrations/* | Database migration to drop nonce column |
| apps/connect/src/routes/authenticate.tsx | Updates client code to use new encryption method without signer |
Comment on lines
+169
to
173
| const keysMsg = cryptoBoxSealOpen({ | ||
| ciphertext: ciphertextBytes, | ||
| privateKey: hexToBytes(keys.encryptionPrivateKey), | ||
| publicKey: hexToBytes(keys.encryptionPublicKey), | ||
| }); |
There was a problem hiding this comment.
The function should handle potential decryption failures and provide a meaningful error message. The cryptoBoxSealOpen function can throw if decryption fails, but there's no error handling or context about what went wrong.
Suggested change
| const keysMsg = cryptoBoxSealOpen({ | |
| ciphertext: ciphertextBytes, | |
| privateKey: hexToBytes(keys.encryptionPrivateKey), | |
| publicKey: hexToBytes(keys.encryptionPublicKey), | |
| }); | |
| let keysMsg: Uint8Array; | |
| try { | |
| keysMsg = cryptoBoxSealOpen({ | |
| ciphertext: ciphertextBytes, | |
| privateKey: hexToBytes(keys.encryptionPrivateKey), | |
| publicKey: hexToBytes(keys.encryptionPublicKey), | |
| }); | |
| } catch (error) { | |
| throw new Error('Decryption failed. Ensure the ciphertext and keys are correct.'); | |
| } |
Comment on lines
+169
to
173
| const keysMsg = cryptoBoxSealOpen({ | ||
| ciphertext: ciphertextBytes, | ||
| privateKey: hexToBytes(keys.encryptionPrivateKey), | ||
| publicKey: hexToBytes(keys.encryptionPublicKey), | ||
| }); |
There was a problem hiding this comment.
Should wrap cryptoBoxSealOpen in a try-catch block to provide better error handling. If decryption fails, the error should indicate that the app identity could not be decrypted rather than exposing low-level crypto errors.
Suggested change
| const keysMsg = cryptoBoxSealOpen({ | |
| ciphertext: ciphertextBytes, | |
| privateKey: hexToBytes(keys.encryptionPrivateKey), | |
| publicKey: hexToBytes(keys.encryptionPublicKey), | |
| }); | |
| let keysMsg; | |
| try { | |
| keysMsg = cryptoBoxSealOpen({ | |
| ciphertext: ciphertextBytes, | |
| privateKey: hexToBytes(keys.encryptionPrivateKey), | |
| publicKey: hexToBytes(keys.encryptionPublicKey), | |
| }); | |
| } catch (error) { | |
| throw new Error("Failed to decrypt app identity. Please check the provided keys and ciphertext."); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Depends on #276 - please merge that one first and change the base branch.
This simplifies the Connect flow removing an unnecessary wallet signature previously used to encrypt/decrypt the app identity.