chore: Use fallback ed25519 implementation in order to serialize keys for BG worker (#922)

chore: Use fallback ed25519 implementation in order to serialize keys for background charm service workers.

Author: jsantell

background-charm-service/src/utils.ts

@@ -59,7 +59,12 @@ export async function getIdentity(identityPath?: string, operatorPass?: string):
     console.log(`Using identity at ${identityPath}`);
     try {
       const pkcs8Key = await Deno.readFile(identityPath);
-      return await Identity.fromPkcs8(pkcs8Key);
+      // Deno does not support serializing `CryptoKey`, safely
+      // passing keys to workers. Explicitly use the fallback implementation,
+      // which makes key material available to the JS context, in order
+      // to transfer key material to workers.
+      // https://github.com/denoland/deno/issues/12067#issuecomment-1975001079
+      return await Identity.fromPkcs8FallbackImplementation(pkcs8Key);
     } catch (e) {
       throw new Error(`Could not read key at ${identityPath}.`);
     }

deno.jsonc

@@ -60,8 +60,6 @@
     "@codemirror/lang-markdown": "npm:@codemirror/lang-markdown@^6.3.2",
     "@hono/hono": "npm:hono@^4.7.0",
     "@luca/esbuild-deno-loader": "jsr:@luca/esbuild-deno-loader",
-    "@noble/ed25519": "npm:@noble/ed25519@^2.2.3",
-    "@scure/bip39": "npm:@scure/bip39@^1.5.4",
     "@std/assert": "jsr:@std/assert@^1",
     "@std/async": "jsr:@std/async@^1",
     "@std/cli": "jsr:@std/cli@^1",

deno.lock

@@ -5,6 +5,7 @@
   },
   "exports": "./src/index.ts",
   "imports": {
+    "@noble/ed25519": "npm:@noble/ed25519@^2.2.3",
     "@scure/bip39": "npm:@scure/bip39@^1.5.4"
   }
 }

identity/deno.json

@@ -61,6 +61,14 @@ export class Ed25519Signer<ID extends DIDKey> implements Signer<ID> {
     );
   }
 
+  // Like `fromRaw` but forces the usage of `@noble/ed25519`
+  // implementation, making private key material available to the context.
+  static async fromRawFallbackImplementation<ID extends DIDKey>(
+    rawPrivateKey: Uint8Array,
+  ): Promise<Ed25519Signer<ID>> {
+    return new Ed25519Signer(await NobleEd25519Signer.fromRaw(rawPrivateKey));
+  }
+
   static async generate<ID extends DIDKey>(): Promise<Ed25519Signer<ID>> {
     return new Ed25519Signer(
       (await isNativeEd25519Supported())
@@ -87,6 +95,15 @@ export class Ed25519Signer<ID extends DIDKey> implements Signer<ID> {
     return await Ed25519Signer.fromRaw(raw);
   }
 
+  // Like `fromPkcs8` but forces the usage of `@noble/ed25519`
+  // implementation, making private key material available to the context.
+  static async fromPkcs8FallbackImplementation<ID extends DIDKey>(
+    pkcs8: Uint8Array,
+  ): Promise<Ed25519Signer<ID>> {
+    const raw = pkcs8ToEd25519Raw(fromPEM(pkcs8));
+    return await Ed25519Signer.fromRawFallbackImplementation(raw);
+  }
+
   static async fromMnemonic<ID extends DIDKey>(
     mnemonic: string,
   ): Promise<Ed25519Signer<ID>> {

identity/src/ed25519/index.ts

@@ -86,6 +86,17 @@ export class Identity<ID extends DIDKey = DIDKey> implements Signer<ID> {
     return new Identity(signer);
   }
 
+  // Like `fromPkcs8` but forces the usage of `@noble/ed25519`
+  // implementation, making private key material available to the context.
+  static async fromPkcs8FallbackImplementation<ID extends DIDKey>(
+    pkcs8: Uint8Array,
+  ): Promise<Identity<ID>> {
+    const signer = await Ed25519Signer.fromPkcs8FallbackImplementation<ID>(
+      pkcs8,
+    );
+    return new Identity(signer);
+  }
+
   static async fromMnemonic<ID extends DIDKey>(
     mnemonic: string,
   ): Promise<Identity<ID>> {