Creates a new Crypto instance from seed bytes.
Seed bytes
Optionaloptions: CryptoConstructionOptionsConstruction options
Options for constructing the Crypto class (see crypto.ts).
Optionalnetwork?: HdKeyNetworkOnly supports mainnet and testnet. Defaults to mainnet.
Derives the identifier for a participant in an invitation. The identifier is an extended public key (xpub/tpub).
How the identifier is derived?
The template and root commit identifiers are concatenated and hashed (sha256). The first four bytes
of the hash are read as a little-endian uint32 and masked to 31 bits to fit within the valid BIP32 child
index range (0 to 2,147,483,647). That value is then used as a hardened child index, deriveHdPathRelative
from libauth applies the hardened index offset (0x80000000) when it encounters the ' suffix in the path,
placing the index in the hardened range. The resulting xpub at that node is the identifier.
All derivations are dependent on first-party data, the template identifier stays the same for a given template and the root commit identifier is generated by the participant themselves. No external party can influence which key gets derived.
When the identifier is different?
m/2415' vs m/42415'), producing unrelated key material.Parameters for deriving the entity identifier
Commit identifier of the first commit this entity made to the invitation
Template identifier
Invitation entity identifier (extended public key)
SECURITY WARNING: This method returns private key material that leaves the crypto package boundary. This is not safe and should be changed as more code from the engine is migrated to this package. This is done due to complexity of derivation of locking bytecode data. There are some methods that will be migrated from engine package to this package and eventually this method will turn into a utility function.
Prepares a private key record for the libauth compiler. Maps all provided variable names to the same derived private key for libauth compiler.
Options for the compiler key record
Variable names the libauth compiler expects
Template identifier
Index to derive the key from
Private key record for the compiler
Destroys the crypto instance by zeroing the purpose HD node private key. After calling this method, all operations will throw PurposeHDNodeDestroyedError.
Checks if the purpose HD node has been destroyed.
True if the purpose HD node has been destroyed, false otherwise
Signs an invitation commit with a Schnorr signature and returns a new commit with signature
and entityIdentifier populated.
How the signature is derived: For each commit, a separate non-hardened child signing key is derived from the commit identifier, The commit identifier is hashed (sha256), the first four bytes are read as a little-endian uint32 and masked to 31 bits to fit within the valid BIP32 child index range (0 to 2,147,483,647), the the result is used directly as a non-hardened child index under the invitation entity identity node (derived using deriveInvitationEntityIdentifier).
Path: {purposePath}/0'/0'/{invitationIndex}'/{commitIndex}
All derivations are dependent on first party data, the commit identifier is chosen by the participant. No external party can influence which child key is selected.
With xPUB as the entity identifier, each commit's public key can be derived by other participants to verify the signature without any private key material.
See generateSchnorrSignedInvitationCommit for the full signing implementation.
Options for signing the invitation commit
Action identifier
Invitation commit without signature and entityIdentifier
Invitation identifier (included in signing payload)
Commit identifier of the first commit this entity made to the invitation
Template identifier
Signed invitation commit with signature and entityIdentifier
Manages cryptographic operations for XO including HD key derivation, invitation entity and commit signing, and template key derivation.