Feature/jss 35 naga js sdk wrapped keys implementation #972
+11,228
−4,510
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…-function-to-take Signed-off-by: Anson <[email protected]>
…-function-to-take
…o-take' of github.com:LIT-Protocol/js-sdk into feature/jss-36-naga-sdk-add-a-make-a-request-function-to-take
…-function-to-take
…auth signature and check expiration
…-function-to-take
…ure validation. This is similar to the existing `validateSessionSig` function.
…o-take' of github.com:LIT-Protocol/js-sdk into feature/jss-36-naga-sdk-add-a-make-a-request-function-to-take
…-function-to-take
…o-take' of github.com:LIT-Protocol/js-sdk into feature/jss-36-naga-sdk-add-a-make-a-request-function-to-take
…pt parameters directly
…s-35-naga-js-sdk-wrapped-keys-implementation
…s-35-naga-js-sdk-wrapped-keys-implementation
Ansonhkg
requested review from
DashKash54,
FedericoAmura,
MaximusHaximus,
awisniew207,
glitch003 and
spacesailor24
glitch003
reviewed
Nov 18, 2025
Collaborator
glitch003
left a comment
glitch003
left a comment
There was a problem hiding this comment.
just a question about SIWE parsing, otherwise looks good!
| @@ -0,0 +1,126 @@ | |||
| --- | |||
| title: "Server Sessions" | |||
Collaborator
There was a problem hiding this comment.
nice to see docs on this - i know we've informally explained it to a bunch of teams
| const siweMessage = delegationAuthSig.signedMessage; | ||
|
|
||
| // Extract domain | ||
| const domainMatch = siweMessage.match(/^([^\s]+) wants you to sign in/m); |
Collaborator
There was a problem hiding this comment.
if it's an SIWE message then you can parse using the SIWE lib, right? like i think this works const message = new SiweMessage(siweMessageString); and then you can do like message.domain etc
| ); | ||
| const expectedSignature = await signBytes(signingKey, messageBytes); | ||
|
|
||
| expect(Array.from(decodedSignatureBytes)).toEqual( |
Collaborator
There was a problem hiding this comment.
i was surprised this would work but i looked it up and ed25519 signatures are deterministic, so it does work. neat.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WHAT
✨ Wrapped keys for Naga (v8+) networks
Also...
Features
Internally
Build Lit Action
nx run wrapped-keys-lit-actions:generate-lit-actionsSync the lit actions to IPFS
pnpm sync:wkExternally
New
authpackage APIsvalidateDelegationAuthSig- sanity-checks a delegation signature before accepting session materials from another party.generatePkpDelegationAuthSig- asks the Lit network to delegate a PKP to a session keypair with scoped resources/expiration.generateEoaDelegationAuthSig- has an EOA wallet sign the delegation message directly for client-generated sessions.createPkpAuthContextFromPreGenerated- hydrates a PKP auth context from pre-generated session materials.createPkpSessionSigs- creates fresh session signatures from a pre-generated auth context.New
wrapped-keyspackage APIsgeneratePrivateKey- creates and stores a new wrapped key for EVM or Solana.importPrivateKey- encrypts an existing key (K256 or ed25519) and persists it as a wrapped key.exportPrivateKey- decrypts a wrapped key inside a Lit Action and returns the plaintext key plus metadata.listEncryptedKeyMetadata- lists wrapped key metadata linked to the PKP without fetching ciphertext.getEncryptedKey- retrieves ciphertext and metadata for a specific wrapped key.storeEncryptedKey- saves third-party ciphertext/metadata as a wrapped key entry.storeEncryptedKeyBatch- stores multiple ciphertext payloads in a single request.batchGeneratePrivateKeys- runs multiple generation/signing actions in one call.signMessageWithEncryptedKey- signs arbitrary data using the stored wrapped key.signTransactionWithEncryptedKey- signs (and optionally broadcasts) EVM or Solana transactions with the wrapped key.Meine Checklist