Skip to content

feat: make encrypt/decrypt async#9150

Open
bdesoky wants to merge 1 commit into
masterfrom
WCN-174-breaking
Open

feat: make encrypt/decrypt async#9150
bdesoky wants to merge 1 commit into
masterfrom
WCN-174-breaking

Conversation

@bdesoky

@bdesoky bdesoky commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

BREAKING CHANGE: synchronous encrypt/decrypt callsites removed

TICKET: WCN-174

In preparation for the Argon 2 migration notice, this pull request focuses on removing deprecated synchronous encryption and decryption methods in favor of their asynchronous (now renamed to drop the 'async' suffix) replacements across multiple modules. It also simplifies and modernizes key verification logic, updates related tests, and cleans up unused imports. The changes ensure consistency and future-proof the codebase by using only the preferred encryption/decryption interfaces.

Encryption/Decryption Method Updates

  • Replaced all usage of decryptAsync and encryptAsync with decrypt and encrypt throughout the codebase, including in abstract-eth, abstract-lightning, abstract-substrate, and abstract-utxo modules. This affects key decryption for wallets, tokens, and recovery flows. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18]

Key Verification Logic Refactor

  • Removed the deprecated verifyUserPublicKeyAsync function and its usages, updating all references to use the now-async verifyUserPublicKey function instead. Updated the AbstractUtxoCoin class and related files to reflect this change. [1] [2] [3] [4] [5] [6]

Test Suite Modernization

  • Updated test files to use the new encryption interface, including making key preparation asynchronous and ensuring all encrypted keys are generated before tests run. [1] [2] [3] [4]

Code Cleanup

  • Removed unused imports and deprecated code associated with the old async methods, making the codebase cleaner and easier to maintain. [1] [2] [3]

These changes collectively improve code consistency, remove deprecated interfaces, and prepare the codebase for future updates.

@linear-code

linear-code Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

WCN-174

@bdesoky bdesoky force-pushed the WCN-174-breaking branch 7 times, most recently from 4992a5e to f9fa896 Compare July 1, 2026 04:03
@bdesoky bdesoky changed the title feat!: make encrypt/decrypt async feat: make encrypt/decrypt async Jul 2, 2026
@bdesoky bdesoky force-pushed the WCN-174-breaking branch 3 times, most recently from 910a4ba to e934715 Compare July 2, 2026 15:12
@bdesoky bdesoky marked this pull request as ready for review July 2, 2026 15:41
@bdesoky bdesoky requested review from a team as code owners July 2, 2026 15:41
@bdesoky

bdesoky commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

NOTE: This is a breaking change and must be released as such

@pranavjain97

Copy link
Copy Markdown
Contributor

@claude review and outline the breaking changes for clients clearly i.e what method they'll need to update.

@pranavjain97

Copy link
Copy Markdown
Contributor

@claude

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Claude finished @pranavjain97's task —— View job


Breaking Changes Review ✅

This PR introduces significant breaking changes that will affect all BitGoJS SDK clients. Here's a comprehensive breakdown:

Todo List:

  • Examine SDK API interface changes
  • Review encryption/decryption method changes
  • Analyze key verification changes
  • Document breaking changes for clients
  • Provide migration guidance

🚨 Breaking Changes for Clients

1. Encryption/Decryption Method Names

REMOVED:

  • bitgo.encryptAsync()
  • bitgo.decryptAsync()

NEW:

  • bitgo.encrypt() (now async by default)
  • bitgo.decrypt() (now async by default)

Client Impact:

// ❌ Before (will break)
const encrypted = await bitgo.encryptAsync({
  password: 'password',
  input: 'data'
});

const decrypted = await bitgo.decryptAsync({
  password: 'password', 
  input: encrypted
});

// ✅ After (required changes)
const encrypted = await bitgo.encrypt({
  password: 'password',
  input: 'data'
});

const decrypted = await bitgo.decrypt({
  password: 'password',
  input: encrypted
});

2. Key Verification Methods

REMOVED:

  • verifyUserPublicKeyAsync() function

CHANGED:

  • verifyUserPublicKey() is now async and replaces the removed verifyUserPublicKeyAsync()

Client Impact:

// ❌ Before (will break)
const isValid = await verifyUserPublicKeyAsync(bitgo, params);

// ✅ After (required changes)  
const isValid = await verifyUserPublicKey(bitgo, params);

3. BaseCoin Interface Changes

REMOVED:

  • coin.assertIsValidKey() (synchronous version)
  • coin.assertIsValidKeyAsync() method

CHANGED:

  • coin.assertIsValidKey() is now async by default

Client Impact:

// ❌ Before (will break)
coin.assertIsValidKey(params); // sync
// OR
await coin.assertIsValidKeyAsync(params); 

// ✅ After (required changes)
await coin.assertIsValidKey(params); // now async

4. Low-Level Encrypt Module Changes

For clients using the low-level encrypt module directly:

REMOVED:

  • import { encryptAsync, decryptAsync } from '@bitgo/sdk-api'

NEW:

  • import { encrypt, decrypt } from '@bitgo/sdk-api' (both now async)

🔧 Migration Guide

Step 1: Update Method Names

Replace all instances of:

  • encryptAsyncencrypt
  • decryptAsyncdecrypt
  • verifyUserPublicKeyAsyncverifyUserPublicKey
  • assertIsValidKeyAsyncassertIsValidKey

Step 2: Add Async/Await

Ensure all encryption/decryption calls are properly awaited:

  • All encrypt() calls must be awaited
  • All decrypt() calls must be awaited
  • All verifyUserPublicKey() calls must be awaited
  • All assertIsValidKey() calls must be awaited

Step 3: Update Type Definitions

If using TypeScript, update method signatures to reflect async nature:

// Update function signatures that call these methods
async function myFunction() {
  const result = await bitgo.encrypt({...});
  // ...
}

Step 4: Test Thoroughly

  • Test all encryption/decryption workflows
  • Verify key validation still works
  • Ensure error handling accommodates async nature

⚠️ Additional Notes

  • Encryption Version: The new encrypt() method defaults to v2 (Argon2id + AES-256-GCM) but can still produce v1 envelopes with encryptionVersion: 1
  • Backwards Compatibility: The decrypt() method auto-detects v1 vs v2 envelopes, maintaining compatibility with existing encrypted data
  • Performance: Clients should be aware that these operations are now always async, which may impact synchronous workflows

Recommendation: Test this migration thoroughly in a development environment before upgrading production dependencies.

Job Run: View Details

@pranavjain97 pranavjain97 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! lets get @vmccarty to review as well, not sure how breaking change release notes are picked up (if they use commit message)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants