Skip to content

feat: AES-256-GCM symmetric encryption (#152)#160

Merged
sgbett merged 5 commits intomasterfrom
feature/152-symmetric-key
Mar 7, 2026
Merged

feat: AES-256-GCM symmetric encryption (#152)#160
sgbett merged 5 commits intomasterfrom
feature/152-symmetric-key

Conversation

@sgbett
Copy link
Copy Markdown
Owner

@sgbett sgbett commented Mar 7, 2026

Summary

  • Add BSV::Primitives::SymmetricKey with AES-256-GCM encrypt/decrypt matching the TS/Go/Python reference SDK interface
  • Wire format: IV (32 bytes) | ciphertext | auth tag (16 bytes) — cross-SDK compatible
  • SymmetricKey.from_ecdh(private_key, public_key) derives key from ECDH shared secret
  • 34 specs including 5 Go SDK test vectors and bidirectional TS/Go compatibility vectors

Test plan

  • All 34 SymmetricKey specs pass
  • Cross-SDK decryption verified against Go SDK test vectors
  • Bidirectional TS/Go compatibility vectors (31-byte and 32-byte keys)
  • ECDH Alice/Bob round-trip verified
  • Error paths: wrong key, tampered ciphertext, tampered tag, truncated input
  • Full suite: 1542 examples, 0 failures

Closes #152, #157, #158, #159

🤖 Generated with Claude Code

sgbett and others added 3 commits March 7, 2026 14:52
@sgbett @claude
feat: add SymmetricKey class with AES-256-GCM encryption (#157)
57ed19e 
Add BSV::Primitives::SymmetricKey providing AES-256-GCM symmetric
encryption matching the TS/Go/Python reference SDK interface.

Wire format: IV (32 bytes) | ciphertext | auth tag (16 bytes)

Implements sub-task #157 of HLR #152.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sgbett @claude
test: add SymmetricKey specs with cross-SDK vectors (#158)
d32ff2a 
30 specs covering round-trip, error handling, short key padding, and
cross-SDK interoperability. Includes all 5 Go SDK test vectors plus
bidirectional TS/Go compatibility vectors for both 31-byte and
32-byte keys.

Implements sub-task #158 of HLR #152.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sgbett @claude
feat: add ECDH-derived symmetric keys (#159)
0bcd508 
Add SymmetricKey.from_ecdh(private_key, public_key) that derives a
shared AES-256-GCM key from an ECDH shared secret. Uses the
X-coordinate of the shared point as key material.

Implements sub-task #159 of HLR #152.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 7, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

sgbett and others added 2 commits March 7, 2026 17:32
@sgbett @claude
fix: handle empty plaintext on older OpenSSL and flatten spec nesting
8c775e3 
- Skip cipher.update for empty plaintext (raises ArgumentError on
  Ruby 2.7-3.1 OpenSSL versions)
- Flatten bidirectional test vectors to avoid RSpec/NestedGroups offence

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sgbett @claude
fix: handle empty ciphertext in decrypt on older OpenSSL
5f5d638 
Same cipher.update('') issue as encrypt — skip update when the
ciphertext portion is empty (empty plaintext round-trip).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sgbett sgbett merged commit 23c44af into master Mar 7, 2026
10 checks passed
@sgbett sgbett mentioned this pull request Mar 7, 2026
Merged
8 tasks
@sgbett sgbett deleted the feature/152-symmetric-key branch March 24, 2026 00:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[HLR] Symmetric encryption (AES-256-GCM)

1 participant

@sgbett