feat: setup hw crypto

[sosweetham]

Description of change

Issue Number

Type of change

• Breaking (any change that would cause existing functionality to not work as expected)
• New (a change which implements a new feature)
• Update (a change which updates existing functionality)
• Fix (a change which fixes an issue)
• Docs (changes to the documentation)
• Chore (refactoring, build scripts or anything else that isn't user-facing)

How the change has been tested

Change checklist

• I have ensured that the CI Checks pass locally
• I have removed any unnecessary logic
• My code is well documented
• I have signed my commits
• My code follows the pattern of the application
• I have self reviewed my code

Summary by CodeRabbit

• New Features

  • Integrated hardware-backed cryptographic signing for vote submissions, replacing simulated signatures with real ones.
  • Automatic creation of a default key pair during onboarding when none exists.
  • Public key is now included in provisioning and verification flows to enable end-to-end validation.

• Improvements

  • Enhanced pre-sign checks ensure a valid key pair is available before proceeding.
  • More robust onboarding and verification flows with clearer error handling and status reporting.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Integrates hardware crypto APIs into eid-wallet pages. On onboarding/verify, checks for default keypair, generates if missing, and includes publicKey in provisioning requests. On sign, verifies key existence, builds a signed payload, generates a real signature via signPayload, and posts it to the redirect URI. Minor import/order adjustments.

Changes

Cohort / File(s)	Summary of Changes
Crypto HW key management in auth flows infrastructure/eid-wallet/src/routes/(auth)/onboarding/+page.svelte, infrastructure/eid-wallet/src/routes/(auth)/verify/+page.svelte	Added exists/generate/getPublicKey usage; async onMount; helper functions to generate/fetch default keypair; provisioning payload extended with publicKey; basic error handling/logging.
Real signing flow in app infrastructure/eid-wallet/src/routes/(app)/sign/+page.svelte	Introduced exists/signPayload; validated default key presence; structured decodedData; constructed signedPayload with sessionId/publicKey/message; generated real signature; posted signed payload to redirect_uri; adjusted imports.

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant OnboardingPage
  participant CryptoHW
  participant Provisioner

  User->>OnboardingPage: Open page (onMount)
  OnboardingPage->>CryptoHW: exists("default")?
  alt Missing key
    OnboardingPage->>CryptoHW: generate("default")
  end
  OnboardingPage->>CryptoHW: getPublicKey("default")
  OnboardingPage->>Provisioner: POST { ..., publicKey }
  Provisioner-->>OnboardingPage: 200/response

Loading

sequenceDiagram
  participant User
  participant SignPage
  participant CryptoHW
  participant Backend

  User->>SignPage: Initiate sign
  SignPage->>CryptoHW: exists("default")?
  alt No key
    SignPage-->>User: Error "Default key pair does not exist"
  else Has key
    SignPage->>SignPage: Build signedPayload {sessionId, publicKey, message}
    SignPage->>CryptoHW: signPayload("default", JSON.stringify(signedPayload))
    CryptoHW-->>SignPage: signature
    SignPage->>Backend: POST signedPayload(+signature) to redirect_uri
    Backend-->>SignPage: Response
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Feat/w3ds evoting #290: Modifies the same onboarding/verify/sign pages to switch from simulated to hardware-backed key management and signatures, directly overlapping this PR’s control flow and API usage.

Poem

A rabbit taps a silver key,
Hops through routes with cryptography.
Onboard, verify—public keys align,
Then sign with hardware, crisp and fine.
Packets sprint to URIs bright—
Carrots sealed with perfect byte. 🥕🔐

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1362ede and 435f7c2.

📒 Files selected for processing (3)

• infrastructure/eid-wallet/src/routes/(app)/sign/+page.svelte (3 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/onboarding/+page.svelte (3 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/verify/+page.svelte (3 hunks)

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/setup-hardware-crypto-pubkey

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.