refactor(wrapped-keys-lit-actions): LIT-3920 - Extract usage of getDecryptedKey() to entrypoint logic and pass privateKey into child flows for signing messages and transactions

- Rename `generateXXXX` methods that encrypt the generated keys in preparation of separating key generation from key encryption

Author: MaximusHaximus

packages/wrapped-keys-lit-actions/src/lib/ethereum/generateEncryptedEthereumPrivateKey.js

@@ -9,13 +9,15 @@
  *
  * @returns { Promise<string> } - Returns a stringified JSON object with ciphertext & dataToEncryptHash which are the result of the encryption. Also returns the publicKey of the newly generated Ethers Wrapped Key.
  */
-import { generateEthereumPrivateKey } from './internal/generateEncryptedPrivateKey';
+import { generateEncryptedEthereumPrivateKey } from './internal/generateEncryptedPrivateKey';
 
 (async () => {
   const generatedKeyResultStr = await Lit.Actions.runOnce(
     { waitForResponse: true, name: 'generateEthereumPrivateKey' },
     async () =>
-      JSON.stringify(generateEthereumPrivateKey({ accessControlConditions }))
+      JSON.stringify(
+        generateEncryptedEthereumPrivateKey({ accessControlConditions })
+      )
   );
 
   Lit.Actions.setResponse({

packages/wrapped-keys-lit-actions/src/lib/ethereum/internal/generateEncryptedPrivateKey.js

@@ -9,7 +9,9 @@
  */
 import { LIT_PREFIX } from '../../constants';
 
-export async function generateEthereumPrivateKey({ accessControlConditions }) {
+export async function generateEncryptedEthereumPrivateKey({
+  accessControlConditions,
+}) {
   const wallet = ethers.Wallet.createRandom();
   const privateKey = LIT_PREFIX + wallet.privateKey.toString();
 

packages/wrapped-keys-lit-actions/src/lib/ethereum/internal/signMessageWithEncryptedKey.js

@@ -1,8 +1,5 @@
 /* global ethers */
 
-import { getDecryptedKey } from '../../common/internal/getDecryptedKey';
-import { removeSaltFromDecryptedKey } from '../../utils';
-
 async function signMessage({ privateKey, messageToSign }) {
   try {
     const wallet = new ethers.Wallet(privateKey);
@@ -22,25 +19,10 @@ function verifyMessageSignature(messageToSign, signature) {
   }
 }
 
-export async function signMessageWithEncryptedKey({
-  accessControlConditions,
-  ciphertext,
-  dataToEncryptHash,
+export async function signMessageWithEncryptedEthereumKey({
+  privateKey,
   messageToSign,
 }) {
-  const decryptedPrivateKey = await getDecryptedKey({
-    accessControlConditions,
-    ciphertext,
-    dataToEncryptHash,
-  });
-
-  if (!decryptedPrivateKey) {
-    // Silently exit on nodes which didn't run the `decryptToSingleNode` code
-    return;
-  }
-
-  const privateKey = removeSaltFromDecryptedKey(decryptedPrivateKey);
-
   const { signature, walletAddress } = await signMessage({
     privateKey,
     messageToSign,

packages/wrapped-keys-lit-actions/src/lib/ethereum/internal/signTransactionWithEncryptedKey.js

@@ -100,26 +100,12 @@ async function broadcastTransaction({ provider, signedTx }) {
 }
 
 export async function signTransactionWithEncryptedKey({
-  accessControlConditions,
-  ciphertext,
-  dataToEncryptHash,
-  unsignedTransaction,
   broadcast,
+  privateKey,
+  unsignedTransaction,
 }) {
   const tx = getValidatedUnsignedTx(unsignedTransaction);
 
-  const decryptedPrivateKey = await getDecryptedKey({
-    accessControlConditions,
-    ciphertext,
-    dataToEncryptHash,
-  });
-
-  if (!decryptedPrivateKey) {
-    // Silently exit on nodes which didn't run the `decryptToSingleNode` code
-    return;
-  }
-
-  const privateKey = removeSaltFromDecryptedKey(decryptedPrivateKey);
   const wallet = new ethers.Wallet(privateKey);
 
   tx.from = wallet.address;

packages/wrapped-keys-lit-actions/src/lib/ethereum/signMessageWithEncryptedEthereumKey.js

@@ -1,8 +1,10 @@
-/* global accessControlConditions, ciphertext, dataToEncryptHash, messageToSign, Lit */
-
 const {
-  signMessageWithEncryptedKey,
+  signMessageWithEncryptedEthereumKey,
 } = require('./internal/signMessageWithEncryptedKey');
+const { getDecryptedKey } = require('../common/internal/getDecryptedKey');
+const { removeSaltFromDecryptedKey } = require('../utils');
+
+/* global accessControlConditions, ciphertext, dataToEncryptHash, messageToSign, Lit */
 
 /**
  * Signs a message with the Ethers wallet which is also decrypted inside the Lit Action.
@@ -18,16 +20,25 @@ const {
 
 (async () => {
   try {
-    const signature = await signMessageWithEncryptedKey({
+    const decryptedPrivateKey = await getDecryptedKey({
       accessControlConditions,
       ciphertext,
       dataToEncryptHash,
-      messageToSign,
     });
 
-    if (signature) {
-      Lit.Actions.setResponse({ response: signature });
+    if (!decryptedPrivateKey) {
+      // Silently exit on nodes which didn't run the `decryptToSingleNode` code
+      return;
     }
+
+    const privateKey = removeSaltFromDecryptedKey(decryptedPrivateKey);
+
+    const signature = await signMessageWithEncryptedEthereumKey({
+      privateKey,
+      messageToSign,
+    });
+
+    Lit.Actions.setResponse({ response: signature });
   } catch (err) {
     Lit.Actions.setResponse({ response: `Error: ${err.message}` });
   }

packages/wrapped-keys-lit-actions/src/lib/ethereum/signTransactionWithEncryptedEthereumKey.js

@@ -1,6 +1,8 @@
 const {
   signTransactionWithEncryptedKey,
 } = require('./internal/signTransactionWithEncryptedKey');
+const { getDecryptedKey } = require('../common/internal/getDecryptedKey');
+const { removeSaltFromDecryptedKey } = require('../utils');
 
 /* global accessControlConditions, ciphertext, dataToEncryptHash, unsignedTransaction, broadcast, Lit */
 
@@ -19,17 +21,26 @@ const {
  */
 (async () => {
   try {
-    const txResult = await signTransactionWithEncryptedKey({
+    const decryptedPrivateKey = await getDecryptedKey({
       accessControlConditions,
       ciphertext,
       dataToEncryptHash,
-      unsignedTransaction,
-      broadcast,
     });
 
-    if (txResult) {
-      Lit.Actions.setResponse({ response: txResult });
+    if (!decryptedPrivateKey) {
+      // Silently exit on nodes which didn't run the `decryptToSingleNode` code
+      return;
     }
+
+    const privateKey = removeSaltFromDecryptedKey(decryptedPrivateKey);
+
+    const txResult = await signTransactionWithEncryptedKey({
+      broadcast,
+      privateKey,
+      unsignedTransaction,
+    });
+
+    Lit.Actions.setResponse({ response: txResult });
   } catch (err) {
     Lit.Actions.setResponse({
       response: `Error: ${err.message}`,

packages/wrapped-keys-lit-actions/src/lib/solana/generateEncryptedSolanaPrivateKey.js

@@ -1,5 +1,5 @@
 const {
-  generateSolanaPrivateKey,
+  generateEncryptedSolanaPrivateKey,
 } = require('./internal/generateEncryptedPrivateKey');
 
 /* global accessControlConditions, Lit */
@@ -16,7 +16,10 @@ const {
 (async () => {
   const generatedKeyResultStr = await Lit.Actions.runOnce(
     { waitForResponse: true, name: 'generateSolanaPrivateKey' },
-    () => JSON.stringify(generateSolanaPrivateKey({ accessControlConditions }))
+    () =>
+      JSON.stringify(
+        generateEncryptedSolanaPrivateKey({ accessControlConditions })
+      )
   );
 
   Lit.Actions.setResponse({

packages/wrapped-keys-lit-actions/src/lib/solana/internal/generateEncryptedPrivateKey.js

@@ -11,7 +11,9 @@ import { LIT_PREFIX } from '../../constants';
  * @private
  * @returns { Promise<{ciphertext: string, dataToEncryptHash: string, publicKey: string}> } - The ciphertext & dataToEncryptHash which are the result of the encryption, and the publicKey of the newly generated Ethers Wrapped Key.
  */
-export async function generateSolanaPrivateKey({ accessControlConditions }) {
+export async function generateEncryptedSolanaPrivateKey({
+  accessControlConditions,
+}) {
   const solanaKeypair = Keypair.generate();
   const privateKey =
     LIT_PREFIX + Buffer.from(solanaKeypair.secretKey).toString('hex');

packages/wrapped-keys-lit-actions/src/lib/solana/internal/signMessageWithEncryptedKey.js

@@ -32,26 +32,11 @@ function verifyMessageSignature({ signature, solanaKeyPair, messageToSign }) {
   }
 }
 
-export async function signMessageWithEncryptedKey({
-  accessControlConditions,
-  ciphertext,
-  dataToEncryptHash,
+export async function signMessageWithEncryptedSolanaKey({
   messageToSign,
+  privateKey,
 }) {
-  const decryptedPrivateKey = await getDecryptedKey({
-    accessControlConditions,
-    ciphertext,
-    dataToEncryptHash,
-  });
-
-  if (!decryptedPrivateKey) {
-    // Silently exit on nodes which didn't run the `decryptToSingleNode` code
-    return;
-  }
-
-  const solanaKeyPair = Keypair.fromSecretKey(
-    Buffer.from(removeSaltFromDecryptedKey(decryptedPrivateKey), 'hex')
-  );
+  const solanaKeyPair = Keypair.fromSecretKey(Buffer.from(privateKey, 'hex'));
 
   const { signature } = await signMessage({
     messageToSign,

packages/wrapped-keys-lit-actions/src/lib/solana/internal/signTransactionWithEncryptedKey.js

@@ -47,28 +47,13 @@ async function sendTransaction({ chain, transaction }) {
 }
 
 export async function signTransactionWithEncryptedSolanaKey({
-  accessControlConditions,
-  ciphertext,
-  dataToEncryptHash,
-  unsignedTransaction,
   broadcast,
+  privateKey,
+  unsignedTransaction,
 }) {
   validateUnsignedTransaction(unsignedTransaction);
 
-  const decryptedPrivateKey = await getDecryptedKey({
-    accessControlConditions,
-    ciphertext,
-    dataToEncryptHash,
-  });
-
-  if (!decryptedPrivateKey) {
-    // Silently exit on nodes which didn't run the `decryptToSingleNode` code
-    return;
-  }
-
-  const solanaKeyPair = Keypair.fromSecretKey(
-    Buffer.from(removeSaltFromDecryptedKey(decryptedPrivateKey), 'hex')
-  );
+  const solanaKeyPair = Keypair.fromSecretKey(Buffer.from(privateKey, 'hex'));
 
   const transaction = Transaction.from(
     Buffer.from(unsignedTransaction.serializedTransaction, 'base64')
@@ -78,10 +63,10 @@ export async function signTransactionWithEncryptedSolanaKey({
 
   if (!broadcast) {
     return signature;
-  } else {
-    return await sendTransaction({
-      chain: unsignedTransaction.chain,
-      transaction,
-    });
   }
+
+  return await sendTransaction({
+    chain: unsignedTransaction.chain,
+    transaction,
+  });
 }