core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon MetaMask

vault envelope encryption

Open matthiasgeihs opened this issue 8 months ago • 7 comments

Explanation

The idea is to add support for envelope encryption to the keyring controller. That is, we allow to inject an external encryption key that is used for vault encryption. We then encrypt the vault encryption key under the password and store it in the state.

This solves a problem we had with making the vault recoverable from the SRP backup key. See https://github.com/MetaMask/decisions/pull/85 for context. Envelope encryption also has other benefits like more efficient rekeying. (Can change the password without having to re-encrypt the whole vault.)

Things to pay extra attention to:

  • backwards compatibility
  • migration
  • correct rollback upon failed state change

References

Changelog

Checklist

  • [x] I've updated the test suite for new or updated code as appropriate
  • [x] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • [x] I've communicated my changes to consumers by updating changelogs for packages I've changed, highlighting breaking changes as necessary
  • [x] I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

matthiasgeihs avatar Jun 09 '25 08:06 matthiasgeihs

We should probably throw an error in the constructor if encryptedEncryptionKey is in the injected state but the encryptor doesn't support key export

mikesposito avatar Jun 10 '25 18:06 mikesposito

rebase

matthiasgeihs avatar Jun 11 '25 04:06 matthiasgeihs

@metamaskbot publish-preview

himanshuchawla009 avatar Jun 12 '25 06:06 himanshuchawla009

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions. 
{
  "@metamask-previews/account-tree-controller": "0.1.0-preview-a272c5e1",
  "@metamask-previews/accounts-controller": "30.0.0-preview-a272c5e1",
  "@metamask-previews/address-book-controller": "6.1.0-preview-a272c5e1",
  "@metamask-previews/announcement-controller": "7.0.3-preview-a272c5e1",
  "@metamask-previews/app-metadata-controller": "1.0.0-preview-a272c5e1",
  "@metamask-previews/approval-controller": "7.1.3-preview-a272c5e1",
  "@metamask-previews/assets-controllers": "68.1.0-preview-a272c5e1",
  "@metamask-previews/base-controller": "8.0.1-preview-a272c5e1",
  "@metamask-previews/bridge-controller": "32.1.1-preview-a272c5e1",
  "@metamask-previews/bridge-status-controller": "29.1.0-preview-a272c5e1",
  "@metamask-previews/build-utils": "3.0.3-preview-a272c5e1",
  "@metamask-previews/chain-agnostic-permission": "0.7.0-preview-a272c5e1",
  "@metamask-previews/composable-controller": "11.0.0-preview-a272c5e1",
  "@metamask-previews/controller-utils": "11.10.0-preview-a272c5e1",
  "@metamask-previews/delegation-controller": "0.4.0-preview-a272c5e1",
  "@metamask-previews/earn-controller": "1.1.0-preview-a272c5e1",
  "@metamask-previews/eip1193-permission-middleware": "0.1.0-preview-a272c5e1",
  "@metamask-previews/ens-controller": "16.0.0-preview-a272c5e1",
  "@metamask-previews/error-reporting-service": "1.0.0-preview-a272c5e1",
  "@metamask-previews/eth-json-rpc-provider": "4.1.8-preview-a272c5e1",
  "@metamask-previews/foundryup": "1.0.0-preview-a272c5e1",
  "@metamask-previews/gas-fee-controller": "23.0.0-preview-a272c5e1",
  "@metamask-previews/json-rpc-engine": "10.0.3-preview-a272c5e1",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.7-preview-a272c5e1",
  "@metamask-previews/keyring-controller": "22.0.2-preview-a272c5e1",
  "@metamask-previews/logging-controller": "6.0.4-preview-a272c5e1",
  "@metamask-previews/message-manager": "12.0.1-preview-a272c5e1",
  "@metamask-previews/multichain": "4.1.0-preview-a272c5e1",
  "@metamask-previews/multichain-api-middleware": "0.4.0-preview-a272c5e1",
  "@metamask-previews/multichain-network-controller": "0.8.0-preview-a272c5e1",
  "@metamask-previews/multichain-transactions-controller": "2.0.0-preview-a272c5e1",
  "@metamask-previews/name-controller": "8.0.3-preview-a272c5e1",
  "@metamask-previews/network-controller": "23.6.0-preview-a272c5e1",
  "@metamask-previews/notification-services-controller": "10.0.0-preview-a272c5e1",
  "@metamask-previews/permission-controller": "11.0.6-preview-a272c5e1",
  "@metamask-previews/permission-log-controller": "3.0.3-preview-a272c5e1",
  "@metamask-previews/phishing-controller": "12.5.0-preview-a272c5e1",
  "@metamask-previews/polling-controller": "13.0.0-preview-a272c5e1",
  "@metamask-previews/preferences-controller": "18.1.0-preview-a272c5e1",
  "@metamask-previews/profile-sync-controller": "17.0.0-preview-a272c5e1",
  "@metamask-previews/queued-request-controller": "10.0.0-preview-a272c5e1",
  "@metamask-previews/rate-limit-controller": "6.0.3-preview-a272c5e1",
  "@metamask-previews/remote-feature-flag-controller": "1.6.0-preview-a272c5e1",
  "@metamask-previews/sample-controllers": "0.1.0-preview-a272c5e1",
  "@metamask-previews/seedless-onboarding-controller": "1.0.0-preview-a272c5e1",
  "@metamask-previews/selected-network-controller": "22.1.0-preview-a272c5e1",
  "@metamask-previews/signature-controller": "30.0.0-preview-a272c5e1",
  "@metamask-previews/token-search-discovery-controller": "3.3.0-preview-a272c5e1",
  "@metamask-previews/transaction-controller": "57.2.0-preview-a272c5e1",
  "@metamask-previews/user-operation-controller": "36.0.0-preview-a272c5e1"
}

github-actions[bot] avatar Jun 12 '25 06:06 github-actions[bot]

rebase

matthiasgeihs avatar Jun 13 '25 07:06 matthiasgeihs

@metamaskbot publish-preview

matthiasgeihs avatar Jun 13 '25 13:06 matthiasgeihs

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions. 
{
  "@metamask-previews/account-tree-controller": "0.1.1-preview-0013a1bd",
  "@metamask-previews/accounts-controller": "30.0.0-preview-0013a1bd",
  "@metamask-previews/address-book-controller": "6.1.0-preview-0013a1bd",
  "@metamask-previews/announcement-controller": "7.0.3-preview-0013a1bd",
  "@metamask-previews/app-metadata-controller": "1.0.0-preview-0013a1bd",
  "@metamask-previews/approval-controller": "7.1.3-preview-0013a1bd",
  "@metamask-previews/assets-controllers": "68.1.0-preview-0013a1bd",
  "@metamask-previews/base-controller": "8.0.1-preview-0013a1bd",
  "@metamask-previews/bridge-controller": "32.1.2-preview-0013a1bd",
  "@metamask-previews/bridge-status-controller": "29.1.1-preview-0013a1bd",
  "@metamask-previews/build-utils": "3.0.3-preview-0013a1bd",
  "@metamask-previews/chain-agnostic-permission": "0.7.0-preview-0013a1bd",
  "@metamask-previews/composable-controller": "11.0.0-preview-0013a1bd",
  "@metamask-previews/controller-utils": "11.10.0-preview-0013a1bd",
  "@metamask-previews/delegation-controller": "0.4.0-preview-0013a1bd",
  "@metamask-previews/earn-controller": "1.1.0-preview-0013a1bd",
  "@metamask-previews/eip1193-permission-middleware": "0.1.0-preview-0013a1bd",
  "@metamask-previews/ens-controller": "16.0.0-preview-0013a1bd",
  "@metamask-previews/error-reporting-service": "1.0.0-preview-0013a1bd",
  "@metamask-previews/eth-json-rpc-provider": "4.1.8-preview-0013a1bd",
  "@metamask-previews/foundryup": "1.0.0-preview-0013a1bd",
  "@metamask-previews/gas-fee-controller": "23.0.0-preview-0013a1bd",
  "@metamask-previews/json-rpc-engine": "10.0.3-preview-0013a1bd",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.7-preview-0013a1bd",
  "@metamask-previews/keyring-controller": "22.0.2-preview-0013a1bd",
  "@metamask-previews/logging-controller": "6.0.4-preview-0013a1bd",
  "@metamask-previews/message-manager": "12.0.1-preview-0013a1bd",
  "@metamask-previews/multichain-api-middleware": "0.4.0-preview-0013a1bd",
  "@metamask-previews/multichain-network-controller": "0.8.0-preview-0013a1bd",
  "@metamask-previews/multichain-transactions-controller": "2.0.0-preview-0013a1bd",
  "@metamask-previews/name-controller": "8.0.3-preview-0013a1bd",
  "@metamask-previews/network-controller": "23.6.0-preview-0013a1bd",
  "@metamask-previews/notification-services-controller": "10.0.0-preview-0013a1bd",
  "@metamask-previews/permission-controller": "11.0.6-preview-0013a1bd",
  "@metamask-previews/permission-log-controller": "3.0.3-preview-0013a1bd",
  "@metamask-previews/phishing-controller": "12.6.0-preview-0013a1bd",
  "@metamask-previews/polling-controller": "13.0.0-preview-0013a1bd",
  "@metamask-previews/preferences-controller": "18.1.0-preview-0013a1bd",
  "@metamask-previews/profile-sync-controller": "17.1.0-preview-0013a1bd",
  "@metamask-previews/queued-request-controller": "10.0.0-preview-0013a1bd",
  "@metamask-previews/rate-limit-controller": "6.0.3-preview-0013a1bd",
  "@metamask-previews/remote-feature-flag-controller": "1.6.0-preview-0013a1bd",
  "@metamask-previews/sample-controllers": "0.1.0-preview-0013a1bd",
  "@metamask-previews/seedless-onboarding-controller": "1.0.0-preview-0013a1bd",
  "@metamask-previews/selected-network-controller": "22.1.0-preview-0013a1bd",
  "@metamask-previews/signature-controller": "30.0.0-preview-0013a1bd",
  "@metamask-previews/token-search-discovery-controller": "3.3.0-preview-0013a1bd",
  "@metamask-previews/transaction-controller": "57.3.0-preview-0013a1bd",
  "@metamask-previews/user-operation-controller": "36.0.0-preview-0013a1bd"
}

github-actions[bot] avatar Jun 13 '25 13:06 github-actions[bot]