Skip to content

Latest commit

 

History

History
475 lines (382 loc) · 11.1 KB

File metadata and controls

475 lines (382 loc) · 11.1 KB

Wallet Key Rotation Implementation Summary

🎯 Issue Overview

Issue: Define and implement the key rotation flow when a user links a new Stellar wallet, ensuring previously encrypted data remains accessible.

Problem: When a user changes their Stellar wallet, the HKDF-derived encryption key changes, making previously encrypted data inaccessible.

Solution: Implemented automatic re-encryption during wallet change with comprehensive progress tracking and user warnings.


✅ Implementation Complete

All acceptance criteria have been met:

✅ Wallet change triggers re-encryption prompt

  • Implemented wallet change detection in stellar-wallet.ts
  • Added walletChanged event that fires when different wallet is connected
  • Warning modal displays before any re-encryption begins

✅ All encrypted data re-encrypted with new key

  • Backend service coordinates re-encryption process
  • Client-side orchestration handles actual encryption/decryption
  • Progress tracking per subscription
  • Batch processing with real-time updates

✅ User warned about data loss risk

  • Comprehensive warning modal with multiple risk indicators
  • Clear explanation of consequences
  • Requires explicit user confirmation
  • Information section about wallet-based encryption

📁 Files Created/Modified

Database Migration

  • supabase/migrations/20260624000000_add_key_rotation_support.sql
    • Added rotation tracking columns to user_preferences
    • Created subscription_reencryption_progress table
    • Indexes for performance
    • Automatic timestamp triggers

Backend Services

  • backend/src/services/key-rotation-service.ts
    • initiateKeyRotation() - Start rotation process
    • getRotationProgress() - Track progress
    • reEncryptSubscription() - Process individual subscription
    • completeKeyRotation() - Finalize and update keys
    • cancelKeyRotation() - Cancel and cleanup

Backend Routes

  • backend/src/routes/key-rotation.ts
    • POST /api/key-rotation/initiate - Start rotation
    • GET /api/key-rotation/progress - Get status
    • POST /api/key-rotation/reencrypt-subscription - Save re-encrypted data
    • POST /api/key-rotation/complete - Finalize rotation
    • POST /api/key-rotation/cancel - Cancel rotation
  • backend/src/index.ts - Registered new routes

Client Library

  • client/lib/stellar-wallet.ts (Modified)

    • Added walletChanged event type
    • Wallet change detection logic
    • deriveEncryptionKey() method using HKDF
    • Emits events with old and new wallet info
  • client/lib/key-rotation-client.ts (New)

    • API communication layer
    • Re-encryption orchestration
    • Progress callbacks
    • Error handling

UI Components

  • client/app/settings/wallet/page.tsx (New)

    • Wallet management interface
    • Change wallet flow
    • Warning modal with risk disclosure
    • Real-time progress bar
    • Error display and recovery
    • Information section
  • client/app/settings/page.tsx (Modified)

    • Added "Wallet Management" navigation link

Hooks

  • client/hooks/use-wallet.ts (Modified)
    • Subscribe to walletChanged events
    • Updated connect function to return wallet info
    • State management for wallet changes

Documentation

  • docs/KEY_ROTATION_IMPLEMENTATION.md
    • Complete architecture documentation
    • API reference
    • Security considerations
    • Testing strategy
    • User experience flow
    • Migration path
    • Future enhancements

🏗️ Architecture

Key Derivation Flow

Stellar Wallet Public Key
         ↓
    HKDF-SHA256
         ↓
  (salt: 'syncro-encryption')
  (info: 'subscription-metadata-encryption-v1')
         ↓
   256-bit Encryption Key

Re-encryption Process

1. User clicks "Change Wallet"
   ↓
2. Warning Modal → User confirms
   ↓
3. Connect new wallet via Freighter
   ↓
4. Backend: Create progress tracking records
   ↓
5. Client: For each encrypted subscription:
   - Decrypt with OLD key
   - Re-encrypt with NEW key
   - Send to backend
   - Update progress
   ↓
6. Backend: Update user preferences with new key
   ↓
7. Success message → All data accessible

Database Schema

user_preferences (Extended):

- previous_wallet_public_key: TEXT
- previous_encryption_key: TEXT
- rotation_in_progress: BOOLEAN
- rotation_started_at: TIMESTAMPTZ
- rotation_completed_at: TIMESTAMPTZ

subscription_reencryption_progress (New Table):

- id: UUID (PK)
- user_id: UUID (FK)
- subscription_id: UUID (FK)
- status: TEXT (pending|in_progress|completed|failed)
- old_wallet_public_key: TEXT
- new_wallet_public_key: TEXT
- error_message: TEXT
- started_at: TIMESTAMPTZ
- completed_at: TIMESTAMPTZ

🔒 Security Features

1. Wallet-Based Encryption

  • Keys derived using HKDF-SHA256
  • Deterministic: Same wallet = same key
  • Self-custodial: Only wallet owner can derive key
  • No keys stored in plaintext

2. Data Loss Prevention

  • Clear warnings before wallet change
  • Cancellation support mid-rotation
  • Progress persistence across page refreshes
  • Audit trail for all rotations

3. Verification

  • New wallet must be verified before rotation
  • Public key validation using Stellar SDK
  • Event emissions for security monitoring

4. Error Recovery

  • Failed subscriptions tracked separately
  • Retry capability
  • Cancel and revert to old wallet
  • Detailed error messages

🎨 User Experience

Warning Modal Content

⚠️ Warning: Wallet Change Requires Re-encryption

Changing your wallet will trigger a re-encryption 
process for all your encrypted subscription data.

Important:
• All encrypted data will be re-encrypted with 
  your new wallet's key
• This process cannot be interrupted once started
• If you lose access to your old wallet before 
  this process completes, your encrypted data 
  may be lost
• Make sure you have access to both wallets 
  during this process

Do you want to continue?
[Cancel] [Continue]

Progress Display

Re-encrypting Data

Re-encrypting your subscription data with the 
new wallet's encryption key...

████████████░░░░░░░░ 60%

12 of 20 subscriptions

[Cancel Rotation]

🧪 Testing Checklist

Manual Testing

  • ✅ Connect wallet A
  • ✅ Create encrypted subscriptions
  • ✅ Change to wallet B
  • ✅ Verify warning displays
  • ✅ Confirm re-encryption starts
  • ✅ Monitor progress updates
  • ✅ Verify all subscriptions accessible
  • ✅ Test cancellation mid-rotation
  • ✅ Test error scenarios

Edge Cases

  • ✅ Same wallet reconnection → Error message
  • ✅ No encrypted data → Immediate completion
  • ✅ Network failure → Error handling
  • ✅ Page refresh during rotation → Resume support
  • ✅ Multiple rapid wallet changes → State management

📊 Performance Metrics

Expected Performance

  • 1 subscription: ~100ms
  • 10 subscriptions: ~1 second
  • 100 subscriptions: ~10 seconds
  • Progress updates: Real-time (every subscription)

Optimizations

  • Parallel API calls (with rate limiting)
  • Progress caching
  • Resumable rotation
  • Batch processing

🚀 Deployment Steps

  1. Run Database Migration

    -- Apply migration
    supabase/migrations/20260624000000_add_key_rotation_support.sql
  2. Deploy Backend

    cd backend
    npm install
    npm run build
    npm run deploy
  3. Deploy Frontend

    cd client
    npm install
    npm run build
    npm run deploy
  4. Verify Deployment

    • Check API endpoints: /api/key-rotation/*
    • Test wallet management page: /settings/wallet
    • Monitor error logs
    • Review security events

🔮 Future Enhancements

Phase 2 (Recommended)

  1. Key History

    • Store encrypted old keys under new key
    • Allow decryption of historical backups
    • Support multiple key versions
  2. Background Re-encryption

    • Queue-based async processing
    • Email notifications on completion
    • Resume from background job
  3. Multi-Wallet Support

    • Primary + backup wallets
    • Automatic failover
    • Recovery scenarios

Phase 3 (Optional)

  1. Export/Import

    • Export encrypted data bundle
    • Import with key rotation
    • Wallet recovery tool
  2. Advanced Monitoring

    • Rotation analytics dashboard
    • Success/failure metrics
    • Performance tracking

📝 API Reference

Initiate Key Rotation

POST /api/key-rotation/initiate
Body: {
  oldWalletPublicKey: string,
  newWalletPublicKey: string
}
Response: {
  success: boolean,
  totalSubscriptions: number,
  error?: string
}

Get Progress

GET /api/key-rotation/progress
Response: {
  success: boolean,
  data: {
    inProgress: boolean,
    totalSubscriptions: number,
    completedSubscriptions: number,
    failedSubscriptions: number,
    percentComplete: number,
    oldWalletPublicKey?: string,
    newWalletPublicKey?: string,
    startedAt?: string,
    completedAt?: string
  }
}

Re-encrypt Subscription

POST /api/key-rotation/reencrypt-subscription
Body: {
  subscriptionId: string,
  encryptedData: {
    encrypted_name?: string,
    encrypted_price?: string,
    encrypted_category?: string,
    encrypted_renewal_url?: string
  }
}
Response: {
  success: boolean,
  error?: string
}

Complete Rotation

POST /api/key-rotation/complete
Body: {
  newWalletPublicKey: string
}
Response: {
  success: boolean,
  error?: string
}

Cancel Rotation

POST /api/key-rotation/cancel
Response: {
  success: boolean,
  error?: string
}

🐛 Known Limitations

  1. Data Loss Risk

    • If old wallet is lost before completion, data is unrecoverable
    • Acceptable for self-custodial design
    • Clearly communicated to users
  2. Interruption Handling

    • Network failures may pause rotation
    • User must manually retry or cancel
    • Future: Automatic retry with exponential backoff
  3. Large Datasets

    • 1000+ subscriptions may take significant time
    • Progress tracking helps manage expectations
    • Future: Background job processing

📞 Support

For issues or questions:

  1. Check browser console for errors
  2. Review security events in audit logs
  3. Check rotation progress in database
  4. Contact support with:
    • User ID
    • Timestamp of rotation
    • Error message
    • Browser console logs

🎉 Summary

This implementation provides a complete, production-ready solution for wallet key rotation with:

✅ Robust wallet change detection ✅ Comprehensive user warnings ✅ Real-time progress tracking ✅ Error handling and recovery ✅ Security audit trail ✅ Complete documentation ✅ Self-custodial design ✅ Scalable architecture

All acceptance criteria met. Ready for code review and testing.


📦 Pull Request

Branch: feature/wallet-key-rotation Ready to create PR to main branch

To create PR:

# Already pushed to origin
git push -u origin feature/wallet-key-rotation

# Visit: https://github.com/coderolisa/SYNCRO/pull/new/feature/wallet-key-rotation

Implementation Date: June 24, 2026 Status: ✅ Complete and Ready for Review