smartcontractkit · cedric-cordenier · Aug 21, 2025 · Aug 7, 2025 · Aug 7, 2025 · Aug 7, 2025
@@ -35,6 +35,15 @@ func (k Client) Sign(ctx context.Context, account string, data []byte) ([]byte,
 	return resp.SignedData, nil
 }
 
+func (k Client) Decrypt(ctx context.Context, account string, data []byte) ([]byte, error) {
+	resp, err := k.grpc.Decrypt(ctx, &pb.DecryptRequest{Account: account, Data: data})
+	if err != nil {
+		return nil, fmt.Errorf("failed to decrypt data for account: %s: %w", account, err)
+	}
+
+	return resp.DecryptedData, nil
+}
+
 func NewClient(cc grpc.ClientConnInterface) *Client {
 	return &Client{pb.NewKeystoreClient(cc)}
 }
@@ -66,3 +75,12 @@ func (s Server) Sign(ctx context.Context, req *pb.SignRequest) (*pb.SignReply, e
 
 	return &pb.SignReply{SignedData: signedData}, nil
 }
+
+func (s Server) Decrypt(ctx context.Context, req *pb.DecryptRequest) (*pb.DecryptReply, error) {
+	decryptedData, err := s.impl.Decrypt(ctx, req.Account, req.Data)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decrypt data for account: %s: %w", req.Account, err)
+	}
+
+	return &pb.DecryptReply{DecryptedData: decryptedData}, nil
+}
@@ -13,19 +13,21 @@ import (
 
 var Keystore = staticKeystore{
 	staticKeystoreConfig: staticKeystoreConfig{
-		Account: libocr.Account("testaccount"),
-		encoded: []byte{5: 11},
-		signed:  []byte{13: 37},
+		Account:   libocr.Account("testaccount"),
+		encoded:   []byte{5: 11},
+		signed:    []byte{13: 37},
+		decrypted: []byte{17: 41},
 	},
 }
 
 var _ core.Keystore = (*staticKeystore)(nil)
 var _ testtypes.Evaluator[core.Keystore] = (*staticKeystore)(nil)
 
 type staticKeystoreConfig struct {
-	Account libocr.Account
-	encoded []byte
-	signed  []byte
+	Account   libocr.Account
+	encoded   []byte
+	signed    []byte
+	decrypted []byte
 }
 
 type staticKeystore struct {
@@ -46,6 +48,16 @@ func (s staticKeystore) Sign(ctx context.Context, id string, data []byte) ([]byt
 	return s.signed, nil
 }
 
+func (s staticKeystore) Decrypt(ctx context.Context, id string, encrypted []byte) ([]byte, error) {
+	if string(s.Account) != id {
+		return nil, fmt.Errorf("expected id %q but got %q", s.Account, id)
+	}
+	if !bytes.Equal(s.encoded, encrypted) {
+		return nil, fmt.Errorf("expected encoded data %x but got %x", s.encoded, encrypted)
+	}
+	return s.decrypted, nil
+}
+
 func (s staticKeystore) Evaluate(ctx context.Context, other core.Keystore) error {
 	accounts, err := s.Accounts(ctx)
 	if err != nil {
@@ -65,5 +77,14 @@ func (s staticKeystore) Evaluate(ctx context.Context, other core.Keystore) error
 	if !bytes.Equal(s.signed, signed) {
 		return fmt.Errorf("expected signed data %x but got %x", s.signed, signed)
 	}
+
+	decrypted, err := other.Decrypt(ctx, string(s.Account), s.encoded)
+	if err != nil {
+		return fmt.Errorf("failed to decrypt: %w", err)
+	}
+	if !bytes.Equal(s.decrypted, decrypted) {
+		return fmt.Errorf("expected decrypted data %x but got %x", s.decrypted, decrypted)
+	}
+
 	return nil
 }
@@ -4,6 +4,7 @@
 //go:generate protoc --proto_path=../../../ --go_out=../../../ --go_opt=paths=source_relative --go-grpc_out=../../../ --go-grpc_opt=paths=source_relative loop/internal/pb/contract_reader.proto
 //go:generate go run ./generate_with_values contract_writer.proto capabilities_registry.proto
 //go:generate protoc --proto_path=../../../ --go_out=../../../ --go_opt=paths=source_relative --go-grpc_out=../../../ --go-grpc_opt=paths=source_relative loop/internal/pb/median_datasource.proto
+//go:generate protoc --proto_path=../../../ --go_out=../../../ --go_opt=paths=source_relative --go-grpc_out=../../../ --go-grpc_opt=paths=source_relative loop/internal/pb/keystore.proto
 //go:generate protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative reporting_plugin_service.proto
 //go:generate protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative telemetry.proto
 //go:generate protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative pipeline_runner.proto