@metamask/eth-keyring-controller - npm Package Compare versions

Comparing version 14.0.1 to 15.0.0

CHANGELOG.md

@@ -9,2 +9,9 @@ # Changelog
 
+## [15.0.0]
+### Changed
+- **BREAKING** Removed `encryptor` class variable ([#293](https://github.com/MetaMask/KeyringController/pull/293))
+- **BREAKING** Removed `cacheEncryptionKey` class variable ([#293](https://github.com/MetaMask/KeyringController/pull/293))
+- **BREAKING** Changed `encryptor` constructor option property type to `GenericEncryptor | ExportableKeyEncryptor | undefined` ([#293](https://github.com/MetaMask/KeyringController/pull/293))
+  - When the controller is instantiated with `cacheEncryptionKey = true`, the `encryptor` type is restricted to `ExportableKeyEncryptor | undefined`
+
 ## [14.0.1]
@@ -173,3 +180,4 @@ ### Fixed
 
-[Unreleased]: https://github.com/MetaMask/KeyringController/compare/v14.0.1...HEAD
+[Unreleased]: https://github.com/MetaMask/KeyringController/compare/v15.0.0...HEAD
+[15.0.0]: https://github.com/MetaMask/KeyringController/compare/v14.0.1...v15.0.0
 [14.0.1]: https://github.com/MetaMask/KeyringController/compare/v14.0.0...v14.0.1
@@ -176,0 +184,0 @@ [14.0.0]: https://github.com/MetaMask/KeyringController/compare/v13.0.1...v14.0.0

dist/constants.d.ts

@@ -11,2 +11,4 @@ export declare enum KeyringType {
     VaultError = "KeyringController - Cannot unlock without a previous vault.",
+    VaultDataError = "KeyringController - The decrypted vault has an unexpected shape.",
+    UnsupportedEncryptionKeyExport = "KeyringController - The encryptor does not support encryption key export.",
     UnsupportedGenerateRandomMnemonic = "KeyringController - The current keyring does not support the method generateRandomMnemonic.",
@@ -13,0 +15,0 @@ UnsupportedExportAccount = "`KeyringController - The keyring for the current address does not support the method exportAccount",

dist/constants.js

@@ -16,2 +16,4 @@ "use strict";
     KeyringControllerError["VaultError"] = "KeyringController - Cannot unlock without a previous vault.";
+    KeyringControllerError["VaultDataError"] = "KeyringController - The decrypted vault has an unexpected shape.";
+    KeyringControllerError["UnsupportedEncryptionKeyExport"] = "KeyringController - The encryptor does not support encryption key export.";
     KeyringControllerError["UnsupportedGenerateRandomMnemonic"] = "KeyringController - The current keyring does not support the method generateRandomMnemonic.";
@@ -18,0 +20,0 @@ KeyringControllerError["UnsupportedExportAccount"] = "`KeyringController - The keyring for the current address does not support the method exportAccount";

dist/KeyringController.d.ts

@@ -15,5 +15,3 @@ /// <reference types="node" />
     memStore: ObservableStore<KeyringControllerState>;
-    encryptor: any;
     keyrings: Keyring<Json>[];
-    cacheEncryptionKey: boolean;
     unsupportedKeyrings: SerializedKeyring[];
@@ -20,0 +18,0 @@ password?: string;

dist/KeyringController.js

@@ -25,2 +25,8 @@ "use strict";
 };
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
 var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
@@ -34,3 +40,3 @@ if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
 };
-var _KeyringController_instances, _KeyringController_createFirstKeyTree, _KeyringController_restoreKeyring, _KeyringController_clearKeyrings, _KeyringController_destroyKeyring, _KeyringController_setUnlocked, _KeyringController_newKeyring;
+var _KeyringController_instances, _KeyringController_encryptor, _KeyringController_cacheEncryptionKey, _KeyringController_createFirstKeyTree, _KeyringController_restoreKeyring, _KeyringController_clearKeyrings, _KeyringController_destroyKeyring, _KeyringController_setUnlocked, _KeyringController_newKeyring;
 Object.defineProperty(exports, "__esModule", { value: true });
@@ -56,2 +62,4 @@ exports.keyringBuilderFactory = exports.KeyringController = void 0;
         _KeyringController_instances.add(this);
+        _KeyringController_encryptor.set(this, void 0);
+        _KeyringController_cacheEncryptionKey.set(this, void 0);
         this.keyringBuilders = keyringBuilders
@@ -66,3 +74,3 @@ ? defaultKeyringBuilders.concat(keyringBuilders)
         });
-        this.encryptor = encryptor;
+        __classPrivateFieldSet(this, _KeyringController_encryptor, encryptor, "f");
         this.keyrings = [];
@@ -72,3 +80,6 @@ this.unsupportedKeyrings = [];
         // for use in decrypting and encrypting data without password
-        this.cacheEncryptionKey = Boolean(cacheEncryptionKey);
+        __classPrivateFieldSet(this, _KeyringController_cacheEncryptionKey, Boolean(cacheEncryptionKey), "f");
+        if (__classPrivateFieldGet(this, _KeyringController_cacheEncryptionKey, "f")) {
+            assertIsExportableKeyEncryptor(encryptor);
+        }
     }
@@ -210,3 +221,3 @@ /**
         }
-        await this.encryptor.decrypt(password, encryptedVault);
+        await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decrypt(password, encryptedVault);
     }
@@ -649,5 +660,6 @@ /**
         let newEncryptionKey;
-        if (this.cacheEncryptionKey) {
+        if (__classPrivateFieldGet(this, _KeyringController_cacheEncryptionKey, "f")) {
+            assertIsExportableKeyEncryptor(__classPrivateFieldGet(this, _KeyringController_encryptor, "f"));
             if (this.password) {
-                const { vault: newVault, exportedKeyString } = await this.encryptor.encryptWithDetail(this.password, serializedKeyrings);
+                const { vault: newVault, exportedKeyString } = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").encryptWithDetail(this.password, serializedKeyrings);
                 vault = newVault;
@@ -657,4 +669,4 @@ newEncryptionKey = exportedKeyString;
             else if (encryptionKey) {
-                const key = await this.encryptor.importKey(encryptionKey);
-                const vaultJSON = await this.encryptor.encryptWithKey(key, serializedKeyrings);
+                const key = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").importKey(encryptionKey);
+                const vaultJSON = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").encryptWithKey(key, serializedKeyrings);
                 vaultJSON.salt = encryptionSalt;
@@ -668,3 +680,3 @@ vault = JSON.stringify(vaultJSON);
             }
-            vault = await this.encryptor.encrypt(this.password, serializedKeyrings);
+            vault = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").encrypt(this.password, serializedKeyrings);
         }
@@ -706,5 +718,6 @@ if (!vault) {
         let vault;
-        if (this.cacheEncryptionKey) {
+        if (__classPrivateFieldGet(this, _KeyringController_cacheEncryptionKey, "f")) {
+            assertIsExportableKeyEncryptor(__classPrivateFieldGet(this, _KeyringController_encryptor, "f"));
             if (password) {
-                const result = await this.encryptor.decryptWithDetail(password, encryptedVault);
+                const result = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decryptWithDetail(password, encryptedVault);
                 vault = result.vault;
@@ -725,4 +738,4 @@ this.password = password;
                 }
-                const key = await this.encryptor.importKey(encryptionKey);
-                vault = await this.encryptor.decryptWithKey(key, parsedEncryptedVault);
+                const key = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").importKey(encryptionKey);
+                vault = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decryptWithKey(key, parsedEncryptedVault);
                 // This call is required on the first call because encryptionKey
@@ -743,7 +756,17 @@ // is not yet inside the memStore
             }
-            vault = await this.encryptor.decrypt(password, encryptedVault);
+            vault = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decrypt(password, encryptedVault);
             this.password = password;
         }
+        if (!isSerializedKeyringsArray(vault)) {
+            throw new Error(constants_1.KeyringControllerError.VaultDataError);
+        }
         await Promise.all(vault.map(__classPrivateFieldGet(this, _KeyringController_instances, "m", _KeyringController_restoreKeyring).bind(this)));
         await this.updateMemStoreKeyrings();
+        if (this.password &&
+            __classPrivateFieldGet(this, _KeyringController_encryptor, "f").updateVault &&
+            (await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").updateVault(encryptedVault, this.password)) !==
+                encryptedVault) {
+            // Re-encrypt the vault with safer method if one is available
+            await this.persistAllKeyrings();
+        }
         return this.keyrings;
@@ -753,3 +776,3 @@ }
 exports.KeyringController = KeyringController;
-_KeyringController_instances = new WeakSet(), _KeyringController_createFirstKeyTree = 
+_KeyringController_encryptor = new WeakMap(), _KeyringController_cacheEncryptionKey = new WeakMap(), _KeyringController_instances = new WeakSet(), _KeyringController_createFirstKeyTree = 
 // =======================
@@ -900,2 +923,30 @@ // === Private Methods ===
 }
+/**
+ * Assert that the provided encryptor supports
+ * encryption and encryption key export.
+ *
+ * @param encryptor - The encryptor to check.
+ * @throws If the encryptor does not support key encryption.
+ */
+function assertIsExportableKeyEncryptor(encryptor) {
+    if (!('importKey' in encryptor &&
+        typeof encryptor.importKey === 'function' &&
+        'decryptWithKey' in encryptor &&
+        typeof encryptor.decryptWithKey === 'function' &&
+        'encryptWithKey' in encryptor &&
+        typeof encryptor.encryptWithKey === 'function')) {
+        throw new Error(constants_1.KeyringControllerError.UnsupportedEncryptionKeyExport);
+    }
+}
+/**
+ * Checks if the provided value is a serialized keyrings array.
+ *
+ * @param array - The value to check.
+ * @returns True if the value is a serialized keyrings array.
+ */
+function isSerializedKeyringsArray(array) {
+    return (typeof array === 'object' &&
+        Array.isArray(array) &&
+        array.every((value) => value.type && (0, utils_1.isValidJson)(value.data)));
+}
 //# sourceMappingURL=KeyringController.js.map

dist/test/encryptor.mock.d.ts

@@ -1,37 +0,36 @@
-/// <reference types="sinon" />
 /// <reference types="node" />
 import type { Json } from '@metamask/utils';
-declare const PASSWORD = "password123";
-declare const MOCK_ENCRYPTION_KEY: string;
-declare const MOCK_HARDCODED_KEY = "key";
-declare const MOCK_HEX = "0xabcdef0123456789";
-declare const MOCK_SALT = "SALT";
-declare const mockEncryptor: {
-    encrypt: import("sinon").SinonStub<any[], any>;
-    encryptWithDetail: import("sinon").SinonStub<any[], any>;
+import type { ExportableKeyEncryptor } from '../types';
+export declare const PASSWORD = "password123";
+export declare const MOCK_ENCRYPTION_KEY: string;
+export declare const MOCK_ENCRYPTION_SALT = "HQ5sfhsb8XAQRJtD+UqcImT7Ve4n3YMagrh05YTOsjk=";
+export declare const MOCK_HARDCODED_KEY = "key";
+export declare const MOCK_HEX = "0xabcdef0123456789";
+export declare class MockEncryptor implements ExportableKeyEncryptor {
+    encrypt(password: string, dataObj: any): Promise<string>;
     decrypt(_password: string, _text: string): Promise<string | number | boolean | Json[] | {
         [prop: string]: Json;
     }>;
-    decryptWithEncryptedKeyString(_keyStr: string): Promise<string | number | true | Json[] | {
-        [prop: string]: Json;
-    } | undefined>;
-    decryptWithDetail(_password: string, _text: string): Promise<{
-        vault: string | number | true | Json[] | {
+    encryptWithKey(_key: unknown, dataObj: any): Promise<{
+        data: string;
+        iv: string;
+    }>;
+    encryptWithDetail(key: string, dataObj: any): Promise<{
+        vault: string;
+        exportedKeyString: string;
+    }>;
+    decryptWithDetail(key: string, text: string): Promise<{
+        vault: string | number | boolean | Json[] | {
             [prop: string]: Json;
         };
+        salt: string;
         exportedKeyString: string;
-        salt: string;
-    } | {
-        vault?: never;
-        exportedKeyString?: never;
-        salt?: never;
     }>;
-    importKey(keyString: string): null;
-    encryptWithKey(): any;
-    decryptWithKey(key: string, text: string): Promise<string | number | boolean | Json[] | {
+    decryptWithKey(key: unknown, text: string): Promise<string | number | boolean | Json[] | {
         [prop: string]: Json;
     }>;
     keyFromPassword(_password: string): Promise<Buffer>;
+    importKey(key: string): Promise<null>;
+    updateVault(_vault: string, _password: string): Promise<string>;
     generateSalt(): string;
-};
-export { mockEncryptor, PASSWORD, MOCK_HARDCODED_KEY, MOCK_HEX, MOCK_ENCRYPTION_KEY, MOCK_SALT, };
+}

dist/test/encryptor.mock.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MOCK_SALT = exports.MOCK_ENCRYPTION_KEY = exports.MOCK_HEX = exports.MOCK_HARDCODED_KEY = exports.PASSWORD = exports.mockEncryptor = void 0;
-const sinon_1 = require("sinon");
-const PASSWORD = 'password123';
-exports.PASSWORD = PASSWORD;
-const MOCK_ENCRYPTION_KEY = JSON.stringify({
+exports.MockEncryptor = exports.MOCK_HEX = exports.MOCK_HARDCODED_KEY = exports.MOCK_ENCRYPTION_SALT = exports.MOCK_ENCRYPTION_KEY = exports.PASSWORD = void 0;
+exports.PASSWORD = 'password123';
+exports.MOCK_ENCRYPTION_KEY = JSON.stringify({
     alg: 'A256GCM',
@@ -15,73 +13,59 @@ ext: true,
 });
-exports.MOCK_ENCRYPTION_KEY = MOCK_ENCRYPTION_KEY;
-const MOCK_ENCRYPTION_SALT = 'HQ5sfhsb8XAQRJtD+UqcImT7Ve4n3YMagrh05YTOsjk=';
-const MOCK_ENCRYPTION_DATA = `{"data":"2fOOPRKClNrisB+tmqIcETyZvDuL2iIR1Hr1nO7XZHyMqVY1cDBetw2gY5C+cIo1qkpyv3bPp+4buUjp38VBsjbijM0F/FLOqWbcuKM9h9X0uwxsgsZ96uwcIf5I46NiMgoFlhppTTMZT0Nkocz+SnvHM0IgLsFan7JqBU++vSJvx2M1PDljZSunOsqyyL+DKmbYmM4umbouKV42dipUwrCvrQJmpiUZrSkpMJrPJk9ufDQO4CyIVo0qry3aNRdYFJ6rgSyq/k6rXMwGExCMHn8UlhNnAMuMKWPWR/ymK1bzNcNs4VU14iVjEXOZGPvD9cvqVe/VtcnIba6axNEEB4HWDOCdrDh5YNWwMlQVL7vSB2yOhPZByGhnEOloYsj2E5KEb9jFGskt7EKDEYNofr6t83G0c+B72VGYZeCvgtzXzgPwzIbhTtKkP+gdBmt2JNSYrTjLypT0q+v4C9BN1xWTxPmX6TTt0NzkI9pJxgN1VQAfSU9CyWTVpd4CBkgom2cSBsxZ2MNbdKF+qSWz3fQcmJ55hxM0EGJSt9+8eQOTuoJlBapRk4wdZKHR2jdKzPjSF2MAmyVD2kU51IKa/cVsckRFEes+m7dKyHRvlNwgT78W9tBDdZb5PSlfbZXnv8z5q1KtAj2lM2ogJ7brHBdevl4FISdTkObpwcUMcvACOOO0dj6CSYjSKr0ZJ2RLChVruZyPDxEhKGb/8Kv8trLOR3mck/et6d050/NugezycNk4nnzu5iP90gPbSzaqdZI=","iv":"qTGO1afGv3waHN9KoW34Eg==","salt":"${MOCK_ENCRYPTION_SALT}"}`;
-const INVALID_PASSWORD_ERROR = 'Incorrect password.';
-const MOCK_HARDCODED_KEY = 'key';
-exports.MOCK_HARDCODED_KEY = MOCK_HARDCODED_KEY;
-const MOCK_HEX = '0xabcdef0123456789';
-exports.MOCK_HEX = MOCK_HEX;
-const MOCK_SALT = 'SALT';
-exports.MOCK_SALT = MOCK_SALT;
+exports.MOCK_ENCRYPTION_SALT = 'HQ5sfhsb8XAQRJtD+UqcImT7Ve4n3YMagrh05YTOsjk=';
+exports.MOCK_HARDCODED_KEY = 'key';
+exports.MOCK_HEX = '0xabcdef0123456789';
 // eslint-disable-next-line no-restricted-globals
 const MOCK_KEY = Buffer.alloc(32);
+const INVALID_PASSWORD_ERROR = 'Incorrect password.';
 let cacheVal;
-const mockEncryptor = {
-    encrypt: (0, sinon_1.stub)().callsFake(async (_password, dataObj) => {
-        cacheVal = dataObj;
-        return Promise.resolve(MOCK_HEX);
-    }),
-    encryptWithDetail: (0, sinon_1.stub)().callsFake(async (_password, dataObj) => {
-        cacheVal = dataObj;
-        return Promise.resolve({
-            vault: JSON.stringify({ salt: MOCK_HEX }),
-            exportedKeyString: MOCK_HARDCODED_KEY,
-        });
-    }),
+class MockEncryptor {
+    async encrypt(password, dataObj) {
+        return JSON.stringify(Object.assign(Object.assign({}, (await this.encryptWithKey(password, dataObj))), { salt: this.generateSalt() }));
+    }
     async decrypt(_password, _text) {
-        if (_password && _password !== PASSWORD) {
+        if (_password && _password !== exports.PASSWORD) {
             throw new Error(INVALID_PASSWORD_ERROR);
         }
-        return Promise.resolve(cacheVal !== null && cacheVal !== void 0 ? cacheVal : {});
-    },
-    async decryptWithEncryptedKeyString(_keyStr) {
-        const { vault } = await this.decryptWithDetail(_keyStr, 'mock vault');
-        return vault;
-    },
-    async decryptWithDetail(_password, _text) {
-        if (_password && _password !== PASSWORD) {
-            throw new Error(INVALID_PASSWORD_ERROR);
-        }
-        const result = cacheVal
-            ? {
-                vault: cacheVal,
-                exportedKeyString: MOCK_ENCRYPTION_KEY,
-                salt: MOCK_SALT,
-            }
-            : {};
-        return Promise.resolve(result);
-    },
-    importKey(keyString) {
-        if (keyString === '{}') {
+        return cacheVal !== null && cacheVal !== void 0 ? cacheVal : {};
+    }
+    async encryptWithKey(_key, dataObj) {
+        cacheVal = dataObj;
+        return {
+            data: exports.MOCK_HEX,
+            iv: 'anIv',
+        };
+    }
+    async encryptWithDetail(key, dataObj) {
+        return {
+            vault: await this.encrypt(key, dataObj),
+            exportedKeyString: exports.MOCK_HARDCODED_KEY,
+        };
+    }
+    async decryptWithDetail(key, text) {
+        return {
+            vault: await this.decrypt(key, text),
+            salt: exports.MOCK_ENCRYPTION_SALT,
+            exportedKeyString: exports.MOCK_ENCRYPTION_KEY,
+        };
+    }
+    async decryptWithKey(key, text) {
+        return this.decrypt(key, text);
+    }
+    async keyFromPassword(_password) {
+        return MOCK_KEY;
+    }
+    async importKey(key) {
+        if (key === '{}') {
             throw new TypeError(`Failed to execute 'importKey' on 'SubtleCrypto': The provided value is not of type '(ArrayBuffer or ArrayBufferView or JsonWebKey)'.`);
         }
         return null;
-    },
-    encryptWithKey() {
-        const data = JSON.parse(MOCK_ENCRYPTION_DATA);
-        // Salt is not provided from this method
-        delete data.salt;
-        return data;
-    },
-    async decryptWithKey(key, text) {
-        return this.decrypt(key, text);
-    },
-    async keyFromPassword(_password) {
-        return Promise.resolve(MOCK_KEY);
-    },
+    }
+    async updateVault(_vault, _password) {
+        return _vault;
+    }
     generateSalt() {
-        return 'WHADDASALT!';
-    },
-};
-exports.mockEncryptor = mockEncryptor;
+        return exports.MOCK_ENCRYPTION_SALT;
+    }
+}
+exports.MockEncryptor = MockEncryptor;
 //# sourceMappingURL=encryptor.mock.js.map

dist/test/index.d.ts

@@ -1,3 +0,3 @@
-import { mockEncryptor, PASSWORD, MOCK_HARDCODED_KEY, MOCK_HEX, MOCK_ENCRYPTION_KEY, MOCK_SALT } from './encryptor.mock';
+import { MockEncryptor, PASSWORD, MOCK_HARDCODED_KEY, MOCK_HEX, MOCK_ENCRYPTION_KEY, MOCK_ENCRYPTION_SALT } from './encryptor.mock';
 import KeyringMockWithInit from './keyring.mock';
-export { mockEncryptor, KeyringMockWithInit, PASSWORD, MOCK_HARDCODED_KEY, MOCK_HEX, MOCK_ENCRYPTION_KEY, MOCK_SALT, };
+export { MockEncryptor, KeyringMockWithInit, PASSWORD, MOCK_HARDCODED_KEY, MOCK_HEX, MOCK_ENCRYPTION_KEY, MOCK_ENCRYPTION_SALT, };

dist/test/index.js

@@ -6,5 +6,5 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MOCK_SALT = exports.MOCK_ENCRYPTION_KEY = exports.MOCK_HEX = exports.MOCK_HARDCODED_KEY = exports.PASSWORD = exports.KeyringMockWithInit = exports.mockEncryptor = void 0;
+exports.MOCK_ENCRYPTION_SALT = exports.MOCK_ENCRYPTION_KEY = exports.MOCK_HEX = exports.MOCK_HARDCODED_KEY = exports.PASSWORD = exports.KeyringMockWithInit = exports.MockEncryptor = void 0;
 const encryptor_mock_1 = require("./encryptor.mock");
-Object.defineProperty(exports, "mockEncryptor", { enumerable: true, get: function () { return encryptor_mock_1.mockEncryptor; } });
+Object.defineProperty(exports, "MockEncryptor", { enumerable: true, get: function () { return encryptor_mock_1.MockEncryptor; } });
 Object.defineProperty(exports, "PASSWORD", { enumerable: true, get: function () { return encryptor_mock_1.PASSWORD; } });
@@ -14,5 +14,5 @@ Object.defineProperty(exports, "MOCK_HARDCODED_KEY", { enumerable: true, get: function () { return encryptor_mock_1.MOCK_HARDCODED_KEY; } });
 Object.defineProperty(exports, "MOCK_ENCRYPTION_KEY", { enumerable: true, get: function () { return encryptor_mock_1.MOCK_ENCRYPTION_KEY; } });
-Object.defineProperty(exports, "MOCK_SALT", { enumerable: true, get: function () { return encryptor_mock_1.MOCK_SALT; } });
+Object.defineProperty(exports, "MOCK_ENCRYPTION_SALT", { enumerable: true, get: function () { return encryptor_mock_1.MOCK_ENCRYPTION_SALT; } });
 const keyring_mock_1 = __importDefault(require("./keyring.mock"));
 exports.KeyringMockWithInit = keyring_mock_1.default;
 //# sourceMappingURL=index.js.map

dist/types.d.ts

@@ -0,1 +1,2 @@
+import type { DetailedDecryptResult, DetailedEncryptionResult, EncryptionResult } from '@metamask/browser-passworder';
 import type { Json, Keyring } from '@metamask/utils';
@@ -7,6 +8,10 @@ export type KeyringControllerArgs = {
     }[];
-    cacheEncryptionKey: boolean;
     initState?: KeyringControllerPersistentState;
-    encryptor?: any;
-};
+} & ({
+    encryptor?: ExportableKeyEncryptor;
+    cacheEncryptionKey: true;
+} | {
+    encryptor?: GenericEncryptor | ExportableKeyEncryptor;
+    cacheEncryptionKey: false;
+});
 export type KeyringObject = {
@@ -22,5 +27,9 @@ type: string;
     isUnlocked: boolean;
-    encryptionKey?: string;
-    encryptionSalt?: string;
-};
+} & ({
+    encryptionKey: string;
+    encryptionSalt: string;
+} | {
+    encryptionKey?: never;
+    encryptionSalt?: never;
+});
 export type SerializedKeyring = {
@@ -30,1 +39,82 @@ type: string;
 };
+/**
+ * A generic encryptor interface that supports encrypting and decrypting
+ * serializable data with a password.
+ */
+export type GenericEncryptor = {
+    /**
+     * Encrypts the given object with the given password.
+     *
+     * @param password - The password to encrypt with.
+     * @param object - The object to encrypt.
+     * @returns The encrypted string.
+     */
+    encrypt: (password: string, object: Json) => Promise<string>;
+    /**
+     * Decrypts the given encrypted string with the given password.
+     *
+     * @param password - The password to decrypt with.
+     * @param encryptedString - The encrypted string to decrypt.
+     * @returns The decrypted object.
+     */
+    decrypt: (password: string, encryptedString: string) => Promise<unknown>;
+    /**
+     * Optional vault migration helper. Updates the provided vault, re-encrypting
+     * data with a safer algorithm if one is available.
+     *
+     * @param vault - The encrypted string to update.
+     * @param password - The password to decrypt the vault with.
+     * @returns The updated encrypted string.
+     */
+    updateVault?: (vault: string, password: string) => Promise<string>;
+};
+/**
+ * An encryptor interface that supports encrypting and decrypting
+ * serializable data with a password, and exporting and importing keys.
+ */
+export type ExportableKeyEncryptor = GenericEncryptor & {
+    /**
+     * Encrypts the given object with the given encryption key.
+     *
+     * @param key - The encryption key to encrypt with.
+     * @param object - The object to encrypt.
+     * @returns The encryption result.
+     */
+    encryptWithKey: (key: unknown, object: Json) => Promise<EncryptionResult>;
+    /**
+     * Encrypts the given object with the given password, and returns the
+     * encryption result and the exported key string.
+     *
+     * @param password - The password to encrypt with.
+     * @param object - The object to encrypt.
+     * @param salt - The optional salt to use for encryption.
+     * @returns The encrypted string and the exported key string.
+     */
+    encryptWithDetail: (password: string, object: Json, salt?: string) => Promise<DetailedEncryptionResult>;
+    /**
+     * Decrypts the given encrypted string with the given encryption key.
+     *
+     * @param key - The encryption key to decrypt with.
+     * @param encryptedString - The encrypted string to decrypt.
+     * @returns The decrypted object.
+     */
+    decryptWithKey: (key: unknown, encryptedString: string) => Promise<unknown>;
+    /**
+     * Decrypts the given encrypted string with the given password, and returns
+     * the decrypted object and the salt and exported key string used for
+     * encryption.
+     *
+     * @param password - The password to decrypt with.
+     * @param encryptedString - The encrypted string to decrypt.
+     * @returns The decrypted object and the salt and exported key string used for
+     * encryption.
+     */
+    decryptWithDetail: (password: string, encryptedString: string) => Promise<DetailedDecryptResult>;
+    /**
+     * Generates an encryption key from exported key string.
+     *
+     * @param key - The exported key string.
+     * @returns The encryption key.
+     */
+    importKey: (key: string) => Promise<unknown>;
+};

package.json

 {
   "name": "@metamask/eth-keyring-controller",
-  "version": "14.0.1",
+  "version": "15.0.0",
   "description": "A module for managing various keyrings of Ethereum accounts, encrypting them, and using them",
@@ -47,3 +47,3 @@ "keywords": [
     "@ethereumjs/tx": "^4.2.0",
-    "@metamask/browser-passworder": "^4.1.0",
+    "@metamask/browser-passworder": "^4.2.0",
     "@metamask/eth-hd-keyring": "^7.0.1",
@@ -53,3 +53,3 @@ "@metamask/eth-sig-util": "^7.0.0",
     "@metamask/obs-store": "^8.1.0",
-    "@metamask/utils": "^8.1.0"
+    "@metamask/utils": "^8.2.0"
   },
@@ -74,3 +74,3 @@ "devDependencies": {
     "clipanion": "^4.0.0-rc.2",
-    "depcheck": "^1.4.5",
+    "depcheck": "^1.4.7",
     "eslint": "^8.48.0",
@@ -77,0 +77,0 @@ "eslint-config-prettier": "^8.7.0",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

169009

increased by7.53%

Lines of code

1690

increased by7.92%

Dependency changes

• Updated@metamask/browser-passworder@^4.2.0

• Updated@metamask/utils@^8.2.0