Init working example

Author: spacesailor24

wrapped-keys/eip-712/nodejs/.env.example

@@ -1 +1,3 @@
 ETHEREUM_PRIVATE_KEY=
+CAPACITY_CREDIT_TOKEN_ID=
+LIT_NETWORK=

wrapped-keys/eip-712/nodejs/README.md

@@ -1,8 +1,75 @@
-## Running the Example
+# EIP-712 Signatures using Wrapped Keys
 
-1. `yarn`
-2. `cp .env.example .env`
-   - Fill in `ETHEREUM_PRIVATE_KEY` env with an account that has Lit test tokens on Yellowstone
-3. `yarn test`
+This code example demonstrates how to sign an EIP-712 message using a Wrapped Key.
 
-[test/index.spec.ts](./test/index.spec.ts) creates a EIP-712 message, serializes it, and then signs it using the Wrapped Keys SDK. However, when attempting to recover the address from the signed message, the address is not being recovered correctly because the `signTypedData` function is not being used within the Wrapped Key signing Lit Action. Instead `signMessage` is used which adds the following prefix to the message before signing: `0x19Ethereum Signed Message:\n${message.length}${message}`.
+## Prerequisites
+
+- An Ethereum private key
+  - This private key will be used to:
+    - Mint a Lit Capacity Credit if none was specific in the project's `.env` file
+      - In order to pay for this, the corresponding Ethereum account must have Lit Test Tokens. If you do not have any, you can get some from [the faucet](https://chronicle-yellowstone-faucet.getlit.dev/)
+    - Create a Lit Capacity Credit delegation Auth Sig
+- This code example uses Node.js and Yarn please have these installed before running the example
+
+## Installation and Setup
+
+1. Clone the repository
+2. `cd` into the code example directory: `cd wrapped-keys/eip-712/nodejs`
+3. Install the dependencies: `yarn`
+4. Create and fill in the `.env` file: `cp .env.example .env`
+   - `ETHEREUM_PRIVATE_KEY`: **Required** This is the Ethereum private key that will be used to mint a Lit Capacity Credit and create Lit Session Signatures
+   - `CAPACITY_CREDIT_TOKEN_ID`: **Optional** This is the ID of the Lit Capacity Credit to use for the PKP delegation Auth Sig
+   - `LIT_NETWORK`: **Optional** This is the Lit Network to use for the Lit Contracts and Lit Node Clients
+
+## Executing the Example
+
+1. Run `yarn test` to execute the examples-authentication.png)
+
+### Expected Output
+
+```
+  Signing an EIP-712 message using a Wrapped Key
+🔄 Generating EIP-712 message...
+✅ Generated and serialized EIP-712 message: {"domain":{"name":"Ether Mail","version":"1","chainId":1,"verifyingContract":"0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC"},"types":{"Person":[{"name":"name","type":"string"},{"name":"wallet","type":"address"}],"Mail":[{"name":"from","type":"Person"},{"name":"to","type":"Person"},{"name":"contents","type":"string"}]},"primaryType":"Mail","message":{"from":{"name":"Alice","wallet":"0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826"},"to":{"name":"Bob","wallet":"0xbBbBBBBbbBBBbbbBbbBbbbbBBbBbbbbBbBbbBBbB"},"contents":"Hello, Bob!"}}
+🔄 Connecting LitNodeClient to Lit network...
+✅ Connected LitNodeClient to Lit network
+🔄 Connecting LitContracts client to network...
+✅ Connected LitContracts client to network
+🔄 Minting Capacity Credits NFT...
+✅ Minted new Capacity Credit with ID: 25144
+🔄 Minting new PKP...
+✅ Minted new PKP with public key: 04cf95d05f3e237fef866f7daf169be4b773ced0cbcc2ce260b03b63026fc858ea182dabad3bdb37c49554527b92dbe53b260d3934dfde18e0fac8a03ccb10fe09 and ETH address: 0xC3bb43D840801959890A565bB58A0290fF0FE8Be
+🔄 Creating capacityDelegationAuthSig...
+✅ Created the capacityDelegationAuthSig
+🔄 Getting PKP Session Sigs...
+Storage key "lit-session-key" is missing. Not a problem. Contiune...
+Storage key "lit-wallet-sig" is missing. Not a problem. Continue...
+Unable to store walletSig in local storage. Not a problem. Continue...
+✅ Got PKP Session Sigs
+🔄 Generating wrapped key...
+✅ Generated wrapped key with id: 1133b4d5-2ffb-46c3-951d-0f0d7f4ccde2 and public key: 0x0402e173bf643ae623771b24cdda0ca01bec0409ca01d67f02090961c1394e81e1dd78c80fa3e116b0be032616d907f2775a4e9e1dc4cc08d19cbec0e51b1f83af
+🔄 Getting wrapped key metadata...
+✅ Got wrapped key metadata: {
+  "ciphertext": "okHLOUDld4UJD+LaDz++3QVDngfm/mz9HNPDuOlnJHH/iiCPiDT2Adnn6odOuw2igW8g3cclh0PDwoZO97zdsEmCfQrs2UuUEzR844n/S01HmO7exNHAVRglrK9azstkShE+0/KcIWjG3I2x6BCX9OfvJcTDb/LX2okN5HxLDNZMNuNtdBK11GAkfqPoV28AoBpj/oYdnw4C",
+  "dataToEncryptHash": "76f7ff2ae254f0771089216fe8413a768f189242fa1b406c3805edaf7c64dc13",
+  "id": "1133b4d5-2ffb-46c3-951d-0f0d7f4ccde2",
+  "keyType": "K256",
+  "pkpAddress": "0xC3bb43D840801959890A565bB58A0290fF0FE8Be",
+  "publicKey": "0x0402e173bf643ae623771b24cdda0ca01bec0409ca01d67f02090961c1394e81e1dd78c80fa3e116b0be032616d907f2775a4e9e1dc4cc08d19cbec0e51b1f83af",
+  "litNetwork": "datil-test"
+}
+🔄 Signing EIP-712 message with Wrapped Key...
+✅ Signed EIP-712 message
+```
+
+## Specific Files to Reference
+
+- [index.ts](./src/index.ts): Contains the code for:
+  - Minting a PKP
+  - Generating PKP Session Signatures
+  - Generating a Wrapped Key
+  - Getting the Wrapped Key metadata
+  - Making the request to execute the Lit Action that signs an EIP-712 message using the Wrapped Key
+- [utils.ts](./src/utils.ts): Contains utility functions for the example
+- [wrappedKeyLitAction.ts](./src/wrappedKeyLitAction.ts): Contains the Lit Action code that signs an EIP-712 message
+- [index.spec.ts](./test/index.spec.ts): Contains the example EIP-712 message and test the example

wrapped-keys/eip-712/nodejs/package.json

@@ -9,12 +9,12 @@
   },
   "dependencies": {
     "@dotenvx/dotenvx": "^0.44.1",
-    "@lit-protocol/constants": "^6.8.1",
-    "@lit-protocol/contracts-sdk": "^6.8.1",
-    "@lit-protocol/lit-auth-client": "^6.8.1",
-    "@lit-protocol/lit-node-client": "^6.8.1",
-    "@lit-protocol/types": "^6.8.1",
-    "@lit-protocol/wrapped-keys": "^6.8.1",
+    "@lit-protocol/constants": "^6.9.0",
+    "@lit-protocol/contracts-sdk": "^6.9.0",
+    "@lit-protocol/lit-auth-client": "^6.9.0",
+    "@lit-protocol/lit-node-client": "^6.9.0",
+    "@lit-protocol/types": "^6.9.0",
+    "@lit-protocol/wrapped-keys": "^6.9.0",
     "ethers": "v5"
   },
   "devDependencies": {

wrapped-keys/eip-712/nodejs/src/index.ts

@@ -1,10 +1,9 @@
 import { LIT_RPC, LitNetwork } from "@lit-protocol/constants";
 import { LitNodeClient } from "@lit-protocol/lit-node-client";
 import { LitAbility } from "@lit-protocol/types";
-import { api } from "@lit-protocol/wrapped-keys";
 import { ethers } from "ethers";
-
-const { signMessageWithEncryptedKey } = api;
+import { api } from "@lit-protocol/wrapped-keys";
+import { LitActionResource } from "@lit-protocol/auth-helpers";
 
 import {
   generateWrappedKey,
@@ -13,10 +12,13 @@ import {
   getEnv,
   getLitContracts,
   getLitNodeClient,
+  getPkpAccessControlCondition,
   getSessionSigsViaPkp,
   mintPkp,
 } from "./utils";
-import { LitActionResource } from "@lit-protocol/auth-helpers";
+import { litActionCode } from "./wrappedKeyLitAction";
+
+const { getEncryptedKey } = api;
 
 const ETHEREUM_PRIVATE_KEY = getEnv("ETHEREUM_PRIVATE_KEY");
 const CAPACITY_CREDIT_TOKEN_ID =
@@ -76,19 +78,41 @@ export const runExample = async (serializedEip712Message: string) => {
       "This is a test memo"
     );
 
-    console.log("🔄 Signing EIP-712 message with Wrapped Key...");
-    const signedMessage = await signMessageWithEncryptedKey({
-      litNodeClient,
+    console.log("🔄 Getting wrapped key metadata...");
+    const wrappedKeyMetadata = await getEncryptedKey({
       pkpSessionSigs,
-      network: "evm",
+      litNodeClient,
       id: wrappedKeyInfo.id,
-      messageToSign: serializedEip712Message,
+    });
+    console.log(
+      `✅ Got wrapped key metadata: ${JSON.stringify(
+        wrappedKeyMetadata,
+        null,
+        2
+      )}`
+    );
+
+    console.log("🔄 Signing EIP-712 message with Wrapped Key...");
+    const response = await litNodeClient.executeJs({
+      sessionSigs: pkpSessionSigs,
+      code: litActionCode,
+      jsParams: {
+        accessControlConditions: [
+          getPkpAccessControlCondition(wrappedKeyInfo.pkpAddress),
+        ],
+        ciphertext: wrappedKeyMetadata.ciphertext,
+        dataToEncryptHash: wrappedKeyMetadata.dataToEncryptHash,
+        messageToSign: serializedEip712Message,
+        useEip712Signing: true,
+      },
     });
     console.log("✅ Signed EIP-712 message");
 
     return {
-      signedMessage,
-      wrappedKeyEthAddress: wrappedKeyInfo.pkpAddress,
+      signedMessage: response.response as string,
+      wrappedKeyEthAddress: ethers.utils.computeAddress(
+        wrappedKeyMetadata.publicKey
+      ),
     };
   } catch (error) {
     console.error(error);

wrapped-keys/eip-712/nodejs/src/utils.ts

@@ -10,7 +10,7 @@ import {
 } from "@lit-protocol/auth-helpers";
 import { EthWalletProvider } from "@lit-protocol/lit-auth-client";
 import { api } from "@lit-protocol/wrapped-keys";
-import { SessionSigsMap } from "@lit-protocol/types";
+import { AccsDefaultParams, SessionSigsMap } from "@lit-protocol/types";
 
 const { generatePrivateKey } = api;
 
@@ -143,3 +143,25 @@ export const generateWrappedKey = async (
 
   return wrappedKeyInfo;
 };
+
+export function getPkpAccessControlCondition(
+  pkpAddress: string
+): AccsDefaultParams {
+  if (!ethers.utils.isAddress(pkpAddress)) {
+    throw new Error(
+      `pkpAddress is not a valid Ethereum Address: ${pkpAddress}`
+    );
+  }
+
+  return {
+    contractAddress: "",
+    standardContractType: "",
+    chain: "ethereum",
+    method: "",
+    parameters: [":userAddress"],
+    returnValueTest: {
+      comparator: "=",
+      value: pkpAddress,
+    },
+  };
+}

wrapped-keys/eip-712/nodejs/src/wrappedKeyLitAction.ts

@@ -0,0 +1,85 @@
+/**
+ * Signs a message with the Ethers wallet which is also decrypted inside the Lit Action.
+ *
+ * @jsParam pkpAddress - The Eth address of the PKP which is associated with the Wrapped Key
+ * @jsParam ciphertext - For the encrypted Wrapped Key
+ * @jsParam dataToEncryptHash - For the encrypted Wrapped Key
+ * @jsParam messageToSign - The unsigned message to be signed by the Wrapped Key
+ * @jsParam accessControlConditions - The access control condition that allows only the pkpAddress to decrypt the Wrapped Key
+ * @jsParam useEip712Signing - Whether to use EIP-712 or EIP-191 for signing messageToSign
+ *
+ * @returns { Promise<string> } - Returns a message signed by the Ethers Wrapped key. Or returns errors if any.
+ */
+export const litActionCode = `
+const LIT_PREFIX = "lit_";
+
+async function getDecryptedKeyToSingleNode({
+  accessControlConditions,
+  ciphertext,
+  dataToEncryptHash,
+}) {
+  try {
+    // May be undefined, since we're using \`decryptToSingleNode\`
+    return await Lit.Actions.decryptToSingleNode({
+      accessControlConditions,
+      ciphertext,
+      dataToEncryptHash,
+      chain: "ethereum",
+      authSig: null,
+    });
+  } catch (err) {
+    throw new Error(\`When decrypting key to a single node - \${err.message}\`);
+  }
+}
+
+function removeSaltFromDecryptedKey(decryptedPrivateKey) {
+  if (!decryptedPrivateKey.startsWith(LIT_PREFIX)) {
+    throw new Error(
+      \`PKey was not encrypted with salt; all wrapped keys must be prefixed with '\${LIT_PREFIX}'\`
+    );
+  }
+
+  return decryptedPrivateKey.slice(LIT_PREFIX.length);
+}
+
+async function signMessageEthereumKey({ privateKey, messageToSign }) {
+  const wallet = new ethers.Wallet(privateKey);
+
+  let signature;
+  if (useEip712Signing ?? false) {
+    const { domain, types, message } = JSON.parse(messageToSign);
+
+    signature = await wallet._signTypedData(domain, types, message);
+  } else {
+    signature = await wallet.signMessage(messageToSign);
+  }
+
+  return signature;
+}
+
+(async () => {
+  try {
+    const decryptedPrivateKey = await getDecryptedKeyToSingleNode({
+      accessControlConditions,
+      ciphertext,
+      dataToEncryptHash,
+    });
+
+    if (!decryptedPrivateKey) {
+      // Silently exit on nodes which didn't run the \`decryptToSingleNode\` code
+      return;
+    }
+
+    const privateKey = removeSaltFromDecryptedKey(decryptedPrivateKey);
+
+    let signature = await signMessageEthereumKey({
+      privateKey,
+      messageToSign,
+    });
+
+    Lit.Actions.setResponse({ response: signature });
+  } catch (err) {
+    Lit.Actions.setResponse({ response: \`Error: \${err.message}\` });
+  }
+})();
+`;

wrapped-keys/eip-712/nodejs/test/index.spec.ts

@@ -8,15 +8,12 @@ use(chaiJsonSchema);
 describe("Signing an EIP-712 message using a Wrapped Key", () => {
   it("should return signed EIP-712 message", async () => {
     console.log("🔄 Generating EIP-712 message...");
-    // Define the domain
     const domain = {
       name: "Ether Mail",
       version: "1",
       chainId: 1,
       verifyingContract: "0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC",
     };
-
-    // Define the types
     const types = {
       Person: [
         { name: "name", type: "string" },
@@ -28,9 +25,7 @@ describe("Signing an EIP-712 message using a Wrapped Key", () => {
         { name: "contents", type: "string" },
       ],
     };
-
-    // Define the value
-    const value = {
+    const message = {
       from: {
         name: "Alice",
         wallet: "0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826",
@@ -42,24 +37,27 @@ describe("Signing an EIP-712 message using a Wrapped Key", () => {
       contents: "Hello, Bob!",
     };
 
-    const serializedEip712Message = JSON.stringify(
-      ethers.utils._TypedDataEncoder.getPayload(domain, types, value)
-    );
+    const typedData = {
+      domain,
+      types,
+      primaryType: "Mail",
+      message,
+    };
+    const serializedEip712Message = JSON.stringify(typedData);
     console.log(
       `✅ Generated and serialized EIP-712 message: ${serializedEip712Message}`
     );
 
     const { signedMessage, wrappedKeyEthAddress } = (await runExample(
       serializedEip712Message
     )) ?? { signedMessage: "", wrappedKeyEthAddress: "" };
-
     expect(signedMessage).to.not.equal("");
     expect(wrappedKeyEthAddress).to.not.equal("");
 
     const recoveredAddress = ethers.utils.verifyTypedData(
       domain,
       types,
-      value,
+      message,
       signedMessage
     );
     expect(recoveredAddress).to.equal(wrappedKeyEthAddress);