feat(sdk-api): hkdf caching encryption for multi call operations#8508
Open
pranavjain97 wants to merge 2 commits intomasterfrom
Open
feat(sdk-api): hkdf caching encryption for multi call operations#8508pranavjain97 wants to merge 2 commits intomasterfrom
pranavjain97 wants to merge 2 commits intomasterfrom
Conversation
pranavjain97
force-pushed
the
pranavjain/wcn-31-phase-1-hkdf-caching-layer-for-multi-call-operations
branch
from
7794281 to
fe17e9c
Compare
pranavjain97
force-pushed
the
WCN-30-v2-encrypt-decrypt
branch
2 times, most recently
from
b816e65 to
a9be0b8
Compare
pranavjain97
force-pushed
the
pranavjain/wcn-31-phase-1-hkdf-caching-layer-for-multi-call-operations
branch
4 times, most recently
from
80f7404 to
125015d
Compare
pranavjain97
force-pushed
the
WCN-30-v2-encrypt-decrypt
branch
3 times, most recently
from
f05550c to
15275f9
Compare
pranavjain97
force-pushed
the
pranavjain/wcn-31-phase-1-hkdf-caching-layer-for-multi-call-operations
branch
4 times, most recently
from
063a97d to
fafc5ef
Compare
pranavjain97
force-pushed
the
WCN-30-v2-encrypt-decrypt
branch
from
15275f9 to
f4ae573
Compare
Introduces createEncryptionSession() that runs Argon2id once and derives per-call AES-256-GCM keys via HKDF (<1ms each), eliminating repeated expensive KDF calls in multi-encrypt/decrypt flows. - createEncryptionSession() in encrypt.ts: Argon2id -> HKDF CryptoKey - EncryptionSession interface: encrypt(), decrypt(), destroy() - V2Envelope extended with optional hkdfSalt for session-produced envelopes - decryptV2 handles both standalone and session envelopes - decryptAsync fix: v2 errors no longer fall through silently to v1 WCN-31 Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
pranavjain97
force-pushed
the
pranavjain/wcn-31-phase-1-hkdf-caching-layer-for-multi-call-operations
branch
from
fafc5ef to
933e2f8
Compare
- Throw on invalid JSON in decryptAsync instead of silently falling through - Use static import for @bitgo/argon2 instead of dynamic import - Remove @deprecated from decrypt() on BitGoBase interface - Add test for invalid JSON input in decryptAsync WCN-31 Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
pranavjain97
force-pushed
the
pranavjain/wcn-31-phase-1-hkdf-caching-layer-for-multi-call-operations
branch
from
dfd5c83 to
49267e8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds v2 encryption (Argon2id + AES-256-GCM) alongside existing v1 SJCL, with an HKDF session caching layer for multi-call operations.
vfield. Non-breaking migration path from syncdecrypt().Existing v1 encrypt/decrypt is untouched. Call site usages in the wallet flows will be done in a separate PR while being backwards compatible with sjcl.