feat!: sdk encryption to support binary

Author: dnechay

packages/sdk/typescript/human-protocol-sdk/example/encrypt.ts

@@ -0,0 +1,59 @@
+import { Encryption } from '../src/encryption';
+
+const ExampleKeys = {
+  private: `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+xVgEZyOGRhYJKwYBBAHaRw8BAQdA6soD3CBjRnPfsYIxOGObykL8X8y+dZlf
+IzAI7mk40E4AAQCPRLKy/1n/QxTRk/Ql+Dt2VYADqDmczBxhWELCbz9Wvw/J
+zRxleGFtcGxlIDxzaW1wbGVAZXhhbXBsZS5jb20+wowEEBYKAD4FgmcjhkYE
+CwkHCAmQZ4KBmVeekE0DFQgKBBYAAgECGQECmwMCHgEWIQQkzuPtNIUkzz4M
+CFhngoGZV56QTQAA89oBAKm5Tai1Ynx4BCU6PSLp0QMEE2ImV/LzwHkLMz52
+mzeJAP9NyyNyIMNH1SpSezy309UhEdJVapGoXQwO1eQR4B+LCMddBGcjhkYS
+CisGAQQBl1UBBQEBB0BykPL7zxjKQpZMYuEnIDBz7vshngm4zJMNOsE6pDSH
+NgMBCAcAAP9b+n3/5QKVd0UP/ow3uyH0X44gc2U4fKV8IhZBJLiSEA9ZwngE
+GBYKACoFgmcjhkYJkGeCgZlXnpBNApsMFiEEJM7j7TSFJM8+DAhYZ4KBmVee
+kE0AAE0WAP9FE0I9dHToxLAkMKiM9tTzL43GVl6K8Lvn9nrLJcfLgQEAtFXL
+39GhAUKNbHMpdeEmxukrdF+rXzUfvOsYGPLIgwI=
+=GfVY
+-----END PGP PRIVATE KEY BLOCK-----`,
+  public: `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xjMEZyOGRhYJKwYBBAHaRw8BAQdA6soD3CBjRnPfsYIxOGObykL8X8y+dZlf
+IzAI7mk40E7NHGV4YW1wbGUgPHNpbXBsZUBleGFtcGxlLmNvbT7CjAQQFgoA
+PgWCZyOGRgQLCQcICZBngoGZV56QTQMVCAoEFgACAQIZAQKbAwIeARYhBCTO
+4+00hSTPPgwIWGeCgZlXnpBNAADz2gEAqblNqLVifHgEJTo9IunRAwQTYiZX
+8vPAeQszPnabN4kA/03LI3Igw0fVKlJ7PLfT1SER0lVqkahdDA7V5BHgH4sI
+zjgEZyOGRhIKKwYBBAGXVQEFAQEHQHKQ8vvPGMpClkxi4ScgMHPu+yGeCbjM
+kw06wTqkNIc2AwEIB8J4BBgWCgAqBYJnI4ZGCZBngoGZV56QTQKbDBYhBCTO
+4+00hSTPPgwIWGeCgZlXnpBNAABNFgD/RRNCPXR06MSwJDCojPbU8y+NxlZe
+ivC75/Z6yyXHy4EBALRVy9/RoQFCjWxzKXXhJsbpK3Rfq181H7zrGBjyyIMC
+=wH1v
+-----END PGP PUBLIC KEY BLOCK-----`,
+};
+
+const exampleRound = async () => {
+  const encryption = await Encryption.build(ExampleKeys.private);
+
+  const message = Buffer.from(
+    JSON.stringify(
+      {
+        date: new Date().toISOString(),
+        random: Math.random(),
+        text: 'Hello from example!',
+      },
+      null,
+      2
+    )
+  );
+
+  const encrypted = await encryption.signAndEncrypt(message, [
+    ExampleKeys.public,
+  ]);
+
+  const decrypted = await encryption.decrypt(encrypted, ExampleKeys.public);
+  console.log('Decrypted', JSON.parse(Buffer.from(decrypted).toString()));
+};
+
+(async () => {
+  await exampleRound();
+})();

packages/sdk/typescript/human-protocol-sdk/src/encryption.ts

@@ -1,6 +1,16 @@
 import * as openpgp from 'openpgp';
 import { IKeyPair } from './interfaces';
 
+type MessageDataType = string | Uint8Array;
+
+function makeMessageDataBinary(message: MessageDataType): Uint8Array {
+  if (typeof message === 'string') {
+    return Buffer.from(message);
+  }
+
+  return message;
+}
+
 /**
  * ## Introduction
  *
@@ -126,20 +136,21 @@ export class Encryption {
    * ```
    */
   public async signAndEncrypt(
-    message: string,
+    message: MessageDataType,
     publicKeys: string[]
   ): Promise<string> {
-    const plaintext = message;
-
     const pgpPublicKeys = await Promise.all(
       publicKeys.map((armoredKey) => openpgp.readKey({ armoredKey }))
     );
 
-    const pgpMessage = await openpgp.createMessage({ text: plaintext });
+    const pgpMessage = await openpgp.createMessage({
+      binary: makeMessageDataBinary(message),
+    });
     const encrypted = await openpgp.encrypt({
       message: pgpMessage,
       encryptionKeys: pgpPublicKeys,
       signingKeys: this.privateKey,
+      format: 'armored',
     });
 
     return encrypted as string;
@@ -176,23 +187,43 @@ export class Encryption {
    * const resultMessage = await encription.decrypt('message');
    * ```
    */
-  public async decrypt(message: string, publicKey?: string): Promise<string> {
-    const pgpMessage = await openpgp.readMessage({ armoredMessage: message });
+  public async decrypt(
+    message: string,
+    publicKey?: string
+  ): Promise<Uint8Array> {
+    const pgpMessage = await openpgp.readMessage({
+      armoredMessage: message,
+    });
 
     const decryptionOptions: openpgp.DecryptOptions = {
       message: pgpMessage,
       decryptionKeys: this.privateKey,
-      expectSigned: !!publicKey,
+      format: 'binary',
     };
 
-    if (publicKey) {
+    const shouldVerifySignature = !!publicKey;
+    if (shouldVerifySignature) {
       const pgpPublicKey = await openpgp.readKey({ armoredKey: publicKey });
       decryptionOptions.verificationKeys = pgpPublicKey;
     }
 
-    const { data: decrypted } = await openpgp.decrypt(decryptionOptions);
+    const { data: decrypted, signatures } =
+      await openpgp.decrypt(decryptionOptions);
+
+    /**
+     * There is an option to automatically verify signatures - `expectSigned`,
+     * but atm it has a bug - https://github.com/openpgpjs/openpgpjs/issues/1803,
+     * so we have to verify it manually till it's fixed.
+     */
+    try {
+      if (shouldVerifySignature) {
+        await signatures[0].verified;
+      }
+    } catch {
+      throw new Error('Signature could not be verified');
+    }
 
-    return decrypted as string;
+    return decrypted as Uint8Array;
   }
 
   /**
@@ -419,19 +450,20 @@ export class EncryptionUtils {
    * ```
    */
   public static async encrypt(
-    message: string,
+    message: MessageDataType,
     publicKeys: string[]
   ): Promise<string> {
-    const plaintext = message;
-
     const pgpPublicKeys = await Promise.all(
       publicKeys.map((armoredKey) => openpgp.readKey({ armoredKey }))
     );
 
-    const pgpMessage = await openpgp.createMessage({ text: plaintext });
+    const pgpMessage = await openpgp.createMessage({
+      binary: makeMessageDataBinary(message),
+    });
     const encrypted = await openpgp.encrypt({
       message: pgpMessage,
       encryptionKeys: pgpPublicKeys,
+      format: 'armored',
     });
 
     return encrypted as string;

packages/sdk/typescript/human-protocol-sdk/test/encryption.test.ts

@@ -2,11 +2,13 @@
 import { describe, test, expect, beforeAll } from 'vitest';
 import { Encryption, EncryptionUtils } from '../src/encryption';
 import {
+  BINARY_MESSAGE_CONTENT,
   ENCRYPTEDMESSAGE,
   KEYPAIR1,
   KEYPAIR2,
   KEYPAIR3,
   MESSAGE,
+  SIGNEDENCRYPTEDBINARYMESSAGE,
   SIGNEDENCRYPTEDLOCKEDMESSAGE,
   SIGNEDENCRYPTEDMESSAGE,
   SIGNEDMESSAGE,
@@ -249,6 +251,20 @@ describe('Encryption', async () => {
       expect(encryptedMessage.includes(expectedMessageFooter)).toBeTruthy();
     });
 
+    test('should sign and ecnrypt a binary message', async () => {
+      const encryption = await Encryption.build(KEYPAIR1.privateKey);
+      const encryptedMessage = await encryption.signAndEncrypt(
+        Buffer.from(JSON.stringify(BINARY_MESSAGE_CONTENT)),
+        [KEYPAIR2.publicKey, KEYPAIR3.publicKey]
+      );
+      console.log('en', encryptedMessage);
+      const expectedMessageHeader = '-----BEGIN PGP MESSAGE-----\n';
+      const expectedMessageFooter = '-----END PGP MESSAGE-----\n';
+
+      expect(encryptedMessage.includes(expectedMessageHeader)).toBeTruthy();
+      expect(encryptedMessage.includes(expectedMessageFooter)).toBeTruthy();
+    });
+
     test('should throw an error when an invalid public key is provided', async () => {
       const encryption = await Encryption.build(
         KEYPAIR1.privateKey,
@@ -285,8 +301,7 @@ describe('Encryption', async () => {
         SIGNEDENCRYPTEDMESSAGE,
         KEYPAIR1.publicKey
       );
-
-      expect(decryptedMessage).toBe(MESSAGE);
+      expect(Buffer.from(decryptedMessage).toString()).toBe(MESSAGE);
 
       const encryption3 = await Encryption.build(
         KEYPAIR3.privateKey,
@@ -296,7 +311,18 @@ describe('Encryption', async () => {
         SIGNEDENCRYPTEDMESSAGE,
         KEYPAIR1.publicKey
       );
-      expect(decryptedMessage2).toBe(MESSAGE);
+      expect(Buffer.from(decryptedMessage2).toString()).toBe(MESSAGE);
+    });
+
+    test('should decrypt and verify binary message', async () => {
+      const encryption2 = await Encryption.build(KEYPAIR2.privateKey);
+      const decryptedMessage = await encryption2.decrypt(
+        SIGNEDENCRYPTEDBINARYMESSAGE,
+        KEYPAIR1.publicKey
+      );
+      expect(JSON.parse(Buffer.from(decryptedMessage).toString())).toEqual(
+        BINARY_MESSAGE_CONTENT
+      );
     });
 
     test('should decrypt and verify a message encrypted with a locked private key', async () => {
@@ -306,7 +332,7 @@ describe('Encryption', async () => {
         KEYPAIR3.publicKey
       );
 
-      expect(decryptedMessage).toBe(MESSAGE);
+      expect(Buffer.from(decryptedMessage).toString()).toBe(MESSAGE);
     });
 
     test('should throw an error when no encrypted message is provided', async () => {
@@ -332,7 +358,7 @@ describe('Encryption', async () => {
       );
       const decryptedMessage = await encryption2.decrypt(ENCRYPTEDMESSAGE);
 
-      expect(decryptedMessage).toBe(MESSAGE);
+      expect(Buffer.from(decryptedMessage).toString()).toBe(MESSAGE);
     });
 
     test('should fail when decrypting and verifying an unsigned message', async () => {
@@ -343,7 +369,7 @@ describe('Encryption', async () => {
 
       await expect(
         encryption2.decrypt(ENCRYPTEDMESSAGE, KEYPAIR1.publicKey)
-      ).rejects.toThrowError('Error decrypting message: Message is not signed');
+      ).rejects.toThrowError('Signature could not be verified');
     });
   });
 

packages/sdk/typescript/human-protocol-sdk/test/utils/constants.ts

@@ -140,6 +140,12 @@ WXs/I9nhKcx2pAAA5VwA/R6fW20uAR7ItubxVhQa+PLEVSiUKgYOU9jp75av
 };
 
 export const MESSAGE = 'Human Protocol';
+export const BINARY_MESSAGE_CONTENT = {
+  number: 1,
+  boolean: true,
+  null: null,
+  string: MESSAGE,
+} as const;
 
 export const SIGNEDMESSAGE = `-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
@@ -167,6 +173,21 @@ cii1NVsBkAg4xxsZHrjXKqXzHnnhseNGEW5eNYUZWZJZTZLSMGWV031Kwjm1
 =pawu
 -----END PGP MESSAGE-----`;
 
+export const SIGNEDENCRYPTEDBINARYMESSAGE = `-----BEGIN PGP MESSAGE-----
+
+wV4D62ta7QqCH7ASAQdA1Fu+j1ROzZfOhWFonXU5nqN8SS7lZ9PcOH5R0EsJ
+WwMwVqgc90AQPe6QqHXADnmWRcmlMa60UqZXp6RM117IA61U3eMWZMvZpm8w
+WchAe+/YwV4DM57hZqoRiU8SAQdAjBxr7VwdHExxR16YJRfl6jmS/+jVf7Ed
+a1M134lkWFQwzGk4dbVx/PVlH3QbwzSuwh4EvdTku/5eA6TTAG8SsPnjeYwe
++bOn6blgHitbCyRg0sA4ARd/h3Cv3SPLv8TLLY1+oZKCxj8JixvRJ7pdQFtX
+uQj4/3ebFN3Wz4Bc22og61V0bRwbItkvAkdPytAAohMSdvtmB/afqN5KleH7
+Q+hftw7iUpLxGEhykh4lHy9dt/ylzPFYP1MVAm9aTdNMo0YEeCji8EPbbxl4
+hdPtck+uT1OpewbrhZNxg5Mtzc+t5tf/TfNYllAO6u/XTTWsOBKGcLhsituV
+j7PegOO0npgohXmOxKFMmjJZhJOEbDOwCxTb72lZHwOXP5f95xMuSWoUGFpO
+lk9n7jB3p5HYtUDSriV2YSI+G3NWmqGHG4/XTdodK2DQb8/Hp88=
+=qQI9
+-----END PGP MESSAGE-----`;
+
 export const SIGNEDENCRYPTEDLOCKEDMESSAGE = `-----BEGIN PGP MESSAGE-----
 
 wV4D62ta7QqCH7ASAQdAlbHVdZeqqWEy2toJlJWa/2N+L6zdYJKzyiItdWZz