refactor!: drop uncached encryption support #5963
Closed
+1,230
−1,275
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mikesposito
force-pushed
the
mikesposito/refactor/remove-uncached-encryption
branch
from
ba3626f to
cdddc1c
Compare
mikesposito
force-pushed
the
mikesposito/refactor/remove-uncached-encryption
branch
from
cdddc1c to
a11b2a3
Compare
mikesposito
commented
Jun 11, 2025
Contributor
matthiasgeihs
left a comment
matthiasgeihs
left a comment
There was a problem hiding this comment.
i don't understand: how can this be used to inject an external encryption key? (which is the main thing we need for seedless onboarding option 3)
Member
Author
|
@matthiasgeihs this PR doesn't allow encryption key injection, but rather removes |
mikesposito
force-pushed
the
mikesposito/refactor/remove-uncached-encryption
branch
from
a11b2a3 to
cf465ce
Compare
Member
Author
|
@metamaskbot publish-previews |
Contributor
|
Preview builds have been published. See these instructions for more information about preview builds. Expand for full list of packages and versions. |
mikesposito
force-pushed
the
mikesposito/refactor/remove-uncached-encryption
branch
from
e73e808 to
27657e3
Compare
mikesposito
force-pushed
the
mikesposito/refactor/remove-uncached-encryption
branch
from
6112020 to
86b6397
Compare
Member
Author
|
@metamaskbot publish-previews |
mikesposito
commented
Jun 12, 2025
Comment on lines
319
to
328
| type CachedEncryptionKey = { | ||
| /** | ||
| * The exported encryption key string. | ||
| */ | ||
| exported: string; | ||
| /** | ||
| * The salt used to derive the encryption key. | ||
| */ | ||
| salt?: string; | ||
| }; |
Member
Author
There was a problem hiding this comment.
We can easily add encryptedEncryptionKey in #5940 as a property of this type, so we can ensure that they are kept in sync with each other and with the values in the state and vault by placing them in the same data structure.
4 tasks
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Member
Author
|
@metamaskbot publish-preview |
Contributor
|
Preview builds have been published. See these instructions for more information about preview builds. Expand for full list of packages and versions. |
mikesposito
force-pushed
the
mikesposito/refactor/remove-uncached-encryption
branch
from
b289ac1 to
21f1c91
Compare
This comment was marked as outdated.
This comment was marked as outdated.
mikesposito
commented
Nov 6, 2025
Comment on lines
+352
to
+355
| export type EncryptionResultConstraint<SupportedKeyMetadata> = { | ||
| salt?: string; | ||
| keyMetadata?: SupportedKeyMetadata; | ||
| }; |
Member
Author
There was a problem hiding this comment.
This allows Mobile to inject its own Encryptor, which uses cipher instead of data as ciphertext property. The defult type used in the Encryptor definition is still coming from @metamask/browser-passworder.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Member
Author
|
@metamaskbot publish-preview |
Contributor
|
Preview builds have been published. See these instructions for more information about preview builds. Expand for full list of packages and versions. |
7 tasks
This was referenced Nov 12, 2025
mikesposito
added a commit
that referenced
this pull request
Nov 12, 2025
…7127) ## Explanation <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> This PR includes part of the changes originally proposed in [this PR](#5963) that were inflating its size: - Remove the `cacheEncryptionKey` flag from `KeyringController` constructor options and instance variables - All code paths that used this flag have been removed (effectively, the controller behaves as if the flag was always `true`) - `GenericEncryptor` and `ExportableKeyEncryptor` have been merged into a single `Encryptor` type. - The `Encryptor` type has also been fixed to be compatible with `@metamask/browser-passworder` and `Encryptor` from mobile - As `Encryptor` now accepts type parameters to specify encryption key and derivation params types, the `KeyringController` has been updated to accept these type parameters and pass them to the `Encryptor` instance. ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> * Related to #6010 ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/contributing.md#updating-changelogs), highlighting breaking changes as necessary - [ ] I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Unifies the encryptor interface with a new generic `Encryptor`, removes `cacheEncryptionKey` and requires an `encryptor` for `KeyringController`, adds a derivation-options type param to `SeedlessOnboardingController`, and updates tests/types accordingly. > > - **Keyring Controller**: > - Replace `GenericEncryptor`/`ExportableKeyEncryptor` with a single generic `Encryptor` (supports key import/export, detailed encrypt/decrypt, custom result types). > - Add generic type params `EncryptionKey`, `SupportedKeyDerivationOptions`, and `EncryptionResult` to `KeyringController` and `KeyringControllerOptions`. > - BREAKING: `encryptor` is now required; remove `cacheEncryptionKey` and related paths/state handling. > - Fix `decryptWithKey` typing to accept encryption result object. > - **Seedless Onboarding Controller**: > - Add optional `SupportedKeyDerivationOptions` type parameter; update `VaultEncryptor` to use unified `Encryptor`. > - **Tests/Mocks**: > - Refactor tests to new encryptor API; remove branches for `cacheEncryptionKey`; add `createVault` helper and adjust mocks to new types. > - **Changelogs/Config**: > - Update package changelogs to document breaking changes and new generics. > - Slightly lower Jest coverage thresholds for `keyring-controller`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 16f68c7. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
Member
Author
|
Closed in favor of #7128 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Explanation
Previously,
KeyringControlleraccepted acacheEncryptionKeyoption that allowed the encryption key to be stored in memory and used during encryption/decryption directly as opposed to using a password. ThecacheEncryptionKeyoption is being removed, and the encryption key is now always derived and cached when the password is provided.This change allows to simplify
#unlockKeyringsand#updateVaultmethods, and remove all the logic and tests related tocacheEncryptionKey. This also allows to removethis.#password, that has been replaced bythis.#encryptionKey.The
this.#encryptionKeyassignment logic has been moved to two new internal methods with these specific responsibilities:#deriveEncryptionKey(string): Derives the encryption key from the password, to be used during password login and password change.#useEncryptionKey(string, string): Uses an existing encryption key to be used directly, to be used bysubmitEncryptionKeymainly.With the upcoming changes in #5940, this allows to change the encryption key to use (i.e. by calling the aformentioned new internal methods) without having to deal with logic related to vault unlock/update, and code branches related to password-based encryption and key caching.
This PR can be tested on extension with the following: MetaMask/metamask-extension#33613
References
Changelog
Checklist
Note
Reworks encryption to always use a provided encryptor and key-based flow, removes
cacheEncryptionKey, unifies encryptor types, adds generics, and aligns seedless onboarding types; updates tests and deps.encryptorin constructor; mergeGenericEncryptor/ExportableKeyEncryptorinto unifiedEncryptor; add generics (EncryptionKey,SupportedKeyDerivationOptions,EncryptionResult).cacheEncryptionKey; always derive/store encryption key; new internals#deriveEncryptionKeyand#setEncryptionKey; rework unlock/update vault to useencryptWithKey/decryptWithKey.WrongEncryptionKeyType; use in-memory serialized key + salt; drop password caching paths.@metamask/browser-passworder@^6(dev), remove as runtime dep.SupportedKeyDerivationOptionsand alignVaultEncryptorwith newEncryptorAPI.^6.Written by Cursor Bugbot for commit 106e341. This will update automatically on new commits. Configure here.