Skip to content

feat: introduce signer abstraction for secret key operations #196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gfukushima merged 12 commits into from
Jan 18, 2026
Merged

feat: introduce signer abstraction for secret key operations #196

gfukushima merged 12 commits into from
Jan 18, 2026

Conversation

@Gabriel-Trintinalia
Copy link
Contributor

@Gabriel-Trintinalia Gabriel-Trintinalia commented Jan 14, 2026
edited by cursor bot
Loading

PR Description

This pull request is a non-functional refactor that introduces an abstraction for private-key cryptographic operations as part of Besu’s Discovery v5 implementation. No protocol logic or runtime behaviour is changed.

Motivation

The goal is to allow consumers of the discovery library to handle private key operations without exposing the node’s private key to discovery components. Instead of passing a SecretKey throughout the codebase, discovery now depends on a narrow interface that performs only the required cryptographic actions.

Summary of Changes

  • Introduced the Signer interface to abstract signing, ECDH key agreement, and public key derivation.
  • Added DefaultSigner, an in-memory Signer implementation backed by a SECP256K1 SecretKey, providing identical behaviour to the previous direct usage.
  • Replaced all direct SecretKey usage with Signer across discovery initialisation, session management, handshake logic, and node record handling.
  • Updated builders and identity schemas to route all cryptographic operations through the new abstraction.
  • All cryptographic behaviour and Discovery v5 semantics remain unchanged.

Note

Introduces a private-key operation abstraction without altering Discovery v5 behavior.

  • Add crypto.Signer interface and in-memory DefaultSigner backing SECP256K1
  • Replace SecretKey with Signer in DiscoverySystemBuilder, DiscoveryManagerImpl, NodeSession/NodeSessionManager, and pipeline handlers (WhoAreYou*, Handshake*)
  • Route ENR signing/updates via Signer: updates to IdentitySchemaInterpreter/V4, NodeRecord, NodeRecordBuilder, LocalNodeRecordStore
  • Extend Functions.hkdfExpand to accept Signer for ECDH; update handshake key derivation and ID-signing (HandshakeMessagePacket)
  • Update tests and helpers to use DefaultSigner

Written by Cursor Bugbot for commit 05eb79e. This will update automatically on new commits. Configure here.

@github-actions
Copy link

github-actions bot commented Jan 14, 2026
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@Gabriel-Trintinalia Gabriel-Trintinalia changed the title Expose crypto functions feat: introduce signer abstraction for secret key operations Jan 14, 2026
@Gabriel-Trintinalia
Copy link
Contributor Author

Gabriel-Trintinalia commented Jan 14, 2026

I have read the CLA Document and I hereby sign the CLA

github-actions bot added a commit that referenced this pull request Jan 14, 2026
@github-actions
@Gabriel-Trintinalia has signed the CLA in #196
ac2ab63
@Gabriel-Trintinalia
Copy link
Contributor Author

Gabriel-Trintinalia commented Jan 14, 2026

recheck

@Gabriel-Trintinalia Gabriel-Trintinalia mentioned this pull request Jan 14, 2026
Open
gfukushima
gfukushima approved these changes Jan 14, 2026
View reviewed changes
Copy link

@gfukushima gfukushima left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, @StefanBratanov might to want to have a look at this as well

@gfukushima gfukushima merged commit f2064f0 into Consensys:master Jan 18, 2026
4 of 5 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Jan 18, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@gfukushima gfukushima gfukushima approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Gabriel-Trintinalia @gfukushima